NERC

The North American Electric Reliability Corporation (NERC) has the responsibility to set information security standards for American utilities. The current NERC standards have been strongly criticized in a recent Mitre study which claims that "NERC reliability standards are both inadequate for protecting critical national infrastructure" and "inadequate for all electric energy systems..."

Risk Reporter provides a cost effective means for NERC regulated firms to upgrade to the more protective NIST standards.  NIST compliance exceeds the requirements of NERC, and allow utilities to comply with NIST 800-39, which is focused on organizations involved with the "critical infrastructure of the United States".