Trending

AI & Digital Transformation

Cyber Defense

Energy Transition

Smarter Capital Planning

Zero-Emissions Transportation

What We Do

Acquisition & Divestment

Asset Planning & Management

Business Strategy & Transformation

Data, Analytics & AI

Enterprise Technology

Financial Analysis

Industrial Cybersecurity

Policy & Regulatory

Industries

Government & Military

Manufacturing & Industrial

Oil, Gas & Chemicals

Ports & Maritime

Power

Transportation

Water

Solutions

AssetLens

Managed Security Services

About Us
Careers
Our Partners
Blog
Contact Us

YOUR PATH TO NERC CIP-015 COMPLIANCE

Whether you have already deployed monitoring tools, purchased a platform or are just starting your evaluation, understanding your readiness is the first step. We understand the unique challenges facing public power utilities and electric cooperatives, and we're prepared to help you every step of the way.

Futuristic digital interface with concentric circular data rings and a glowing central point, suggesting advanced technology.

NERC CIP-015 introduces requirements for internal network security monitoring (INSM) within bulk electric system (BES) environments. Organizations must implement monitoring capabilities that detect anomalous activity inside the electronic security perimeter (ESP) to improve cybersecurity visibility and response. Implementation is required for control centers by October 2028 and for other applicable systems by October 2030.

What CIP-015 Compliance Requires

Organizations must be able to:

01_Icon_Monitor

Monitor internal network communications

02_Icon_Detect

Detect anomalous activity inside the ESP

03_Icon_Generate

Generate actionable alerts

04_Icon_Investigate

Investigate events through operational processes

Which readiness category are you in currently?

No Monitoring Solution Purchased

Monitoring Platform Purchased but Not Operational

Monitoring Platform Deployed but Gaps Remain

Monitoring Solution Deployed and Effective

No Monitoring Solution Purchased

You do not currently have an INSM solution deployed. CIP-015 compliance will require structured evaluation, architecture alignment and operational design before selecting technology.

How to get started

checkmark2
Conduct a formal threat analysis and risk review.
checkmark2
Perform an OT gap assessment focused on visibility and telemetry.
checkmark2
Define requirements prior to vendor comparison.
checkmark2
Build a plan for deployment and operational transition.

How 1898 & Co. Can Help You Start Your Journey

We align threat modeling, operational assessment and platform selection with your OT cyber resiliency road map, reducing rework and strengthening audit defensibility. Need help checking these off your list?

Schedule a Readiness Workshop  

Monitoring Platform Purchased but Not Operational

Your organization has invested in INSM technology, but regulatory pressure now requires activation and validation.

Here's how to move forward:

checkmark2
Review your threat analysis and risk review from the last 12 months
checkmark2

Confirm the platform addresses your compliance gaps

checkmark2

See that your staff is trained on the platform

checkmark2
Understand the support status of your current version

How 1898 & Co. Can Support Your Plan

We provide structured revalidation and activation planning — regardless of vendor — to move from shelfware to defensible monitoring capability.

Activate Your CIP-015 Plan  

Monitoring Platform Deployed but Gaps Remain

Your organization’s solution is deployed, but governance, tuning or staffing gaps introduce compliance and operational risk.

Here’s how to strengthen your program:

checkmark2
Update your threat surface assessment
checkmark2
Tune your solution to improve the signal-to-noise ratio
checkmark2
Validate your staffing model
checkmark2
Evaluate managed monitoring options

How 1898 & Co. Can Help You Refine Your Plan

We can retune, optimize or manage your INSM platform to reduce noise and strength detection fidelity while aligning with your compliance obligations.

Optimize Your Monitoring Strategy  

Monitoring Solution Deployed and Effective

Your organization has strong alignment with CIP-015 expectations in place. Your focus now shifts to audit defensibility, continuous improvement and resilience validation.

Here's how to maintain and advance your maturity:

checkmark2

Conduct adversarial simulation exercises

checkmark2

See that documentation is audit ready

checkmark2
Benchmark your detection maturity against peer utilities

How 1898 & Co. Can Help You Maintain Momentum

We apply practical, experience-based insights to help you develop a clear picture of where you stand.

Schedule a Maturity Validation Session  

Our Partners

To help you comply with CIP-015 and achieve your objectives, we have established partnerships with some of the most respected companies in their respective fields, bringing leading technologies to critical infrastructure industries.

Armis_logo

Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, internet of things (IoT) devices, medical devices (IoMT), OT, industrial control systems (ICS) and 5G. Armis provides passive cyber asset management, risk management and automated enforcement.

Visit Site  

Claroty_logo2

Partnering with Claroty allows us to offer market-leading solutions focused on industrial cybersecurity threat detection, management and security for OT, internet of things (IoT) and industrial internet of things (IIoT) assets. We are an authorized reseller and have certified practitioners and project experience. We are a preferred channel partner for critical infrastructure environments.

Visit Site  

Dragos_logo2

We rely on our partnership with Dragos to help monitor and detect cyberthreats to critical infrastructure assets. The Dragos software platform is an integral part of our managed security services, providing cyber protection for the industrial controls systems and OT markets. We are an authorized reseller, have certified practitioners and leverage Dragos within its own managed threat detection, managed threat protection and managed security services offerings. We are a preferred channel partner for critical infrastructure environments.

Visit Site  

Nozomi_network

Nozomi Networks provides OT, IoT and ICS security platforms that deliver real-time asset visibility, threat detection and compliance monitoring for critical infrastructure environments. We are an authorized partner, which helps our security and risk consulting practice deliver operational resiliency, OT risk identification, regulatory readiness and cyber risk mitigation for utility and industrial clients. 

Visit Site  

Because the future won't wait.

How Can We Help?

Join the Team