Webinar
Beyond the Audit: NERC CIP-003-9 Compliance
Why It Matters, What It Requires and How to Prepare
The operating environment for power and utilities is becoming more complex. OT environments are increasingly connected and digitally enabled, vendor remote access and third-party connectivity are expanding the attack surface, and physical, cyber and supply chain risks are becoming more interconnected. At the same time, regulators and auditors are expecting stronger visibility, control and defensible evidence, including low impact assets that are receiving greater attention as part of broader grid resilience efforts.
NERC CIP provides the compliance framework for protecting critical cyber assets tied to Bulk Electric System reliability. Strong organizations do not treat CIP as a once-a-year audit exercise. They use it to build discipline around security, ownership and evidence that helps support safer, more reliable and more defensible operations.
This webinar will focus on NERC CIP-003-9 and what it means for organizations responsible for low impact BES cyber systems. The discussion will cover what the standard requires, why vendor electronic remote access is a growing area of risk and how organizations can prepare through stronger governance, standardized controls and improved operational readiness.
The session will also highlight practical steps organizations can take to assess their current state, identify gaps, strengthen low impact controls, improve vendor access management and enhance audit readiness.
In this webinar, you will learn:
- Why NERC CIP matters beyond passing an audit and how it supports reliability and resilience
- What CIP-003-9 requires for low impact BES cyber systems, including vendor electronic remote access controls
- How to identify gaps in asset scope, governance, policies and vendor access pathways
- Practical ways to standardize low impact controls and strengthen compliance defensibility
- Considerations for awareness, audit readiness and operational discipline across teams
Presenters
Kristy Huang, Global Cybersecurity Director
Kristy Huang is Global Cybersecurity Director at ABS Consulting, where she helps clients manage cybersecurity risk across operational technology and critical infrastructure environments. Her background spans federal and commercial industries, including support for agencies such as the U.S. Coast Guard, DOT, CISA and TSA as well as private sector operators. She focuses on turning complex cyber and compliance requirements into practical steps that support safer, more resilient operations.
Ron Fabela, Technical Director Cybersecurity
Ron Fabela has over 25 years of cybersecurity experience and a deep technical understanding of Industrial Control Systems (ICS) and Operations Technology (OT) security. His hands-on experience includes being onsite at power generation facilities, offshore oil rigs, refineries and other critical infrastructure sectors. He has successfully navigated the industry's unique cultural and technological challenges, honing his ability to communicate both technical and business concepts effectively to diverse audiences.
About ABS Consulting
ABSG Consulting Inc. (ABS Consulting) is part of ABS Group of Companies, Inc. (www.abs-group.com), a global leader in safety and risk management for critical infrastructure worldwide and a subsidiary of ABS (www.eagle.org), one of the world's leading marine and offshore classification societies. With over 50 years of risk management and safety experience, ABS Consulting provides engineering, data science and management consulting services globally to help our clients manage their safety, security and operational risks. Headquartered in Spring, Texas, ABS Consulting operates with more than 700 professionals across the globe serving the marine and offshore, oil, gas and chemical, government, power and energy, and industrial sectors.