NERC CIP Compliance

NERC_CIPfree

Data quality checks for critical infrastructure protection — asset inventory, timestamps, access controls, and safety reporting.

10 rules 2363 downloads4.2 avg (150)

nerc-cipenergyutilitiescyber-securitycritical-infrastructure

4.2(150 ratings)

Test this pack with your data

Download the template, fill in your data, and see quality results instantly.

Test This Pack

Download & Install

Choose your tool — get a ready-to-run file

Run this on your data? Upload your CSV — we'll auto-map the columns, validate, and report the bad rows.Test my data

Or use the CLI

$ npx dqhub install nerc-cip-energy --format soda --table YOUR_TABLE

About this pack

Rules for NERC CIP (Critical Infrastructure Protection) compliance in the energy sector. Covers: - BES Cyber Asset impact rating validation (High/Medium/Low) - UTC timestamp format for security event logs - OSHA NAICS code and EPA facility ID validation - Smart meter reading interval consistency - General completeness and uniqueness for asset inventory

Sources & References

NERC CIP — NERC CIP-002 (BES Cyber System Categorization)

Responsible entities must categorize BES Cyber Systems as High, Medium, or Low impact based on criteria in CIP-002 Attachment 1

NERC CIP — NERC CIP-007 (System Security Management)

Security event logs must include timestamps in a consistent format to support monitoring, alerting, and forensic analysis

OSHA — OSHA NAICS Classification

Employers must use valid 6-digit NAICS codes for establishment classification in OSHA recordkeeping and reporting

EPA — EPA GHGRP

Facilities reporting under 40 CFR Part 98 are assigned numeric facility identifiers in the GHGRP system

Industry Standard — ANSI C12.19 / IEEE 1377 (Utility Metering)

Smart meter reading intervals must align with standard AMI collection frequencies for interoperability and billing accuracy

What's included

6format rules

2completeness rules

1uniqueness rules

1freshness rules

Checks included (10)

NERC CIP BES Cyber Asset Impact Rating(impact_rating)

Validates that BES (Bulk Electric System) cyber asset impact ratings contain only the three allowed values defined by NERC CIP-002: High, Medium, or Low. These ratings determine the security controls required for each asset and are critical for compliance categorization.

NERC CIP Security Event Timestamp UTC Format(event_timestamp)

Validates that security event timestamps conform to ISO 8601 UTC format with a Z suffix (e.g., 2024-01-15T14:30:00Z). NERC CIP-007 requires consistent UTC timestamps for security event logs to enable accurate forensic analysis and incident correlation across BES cyber systems.

OSHA NAICS Code Format(naics_code)

Validates that NAICS (North American Industry Classification System) codes are exactly 6 digits. NAICS codes are used by OSHA and other federal agencies to classify business establishments for the purpose of collecting, analyzing, and publishing statistical data related to the U.S. economy.

EPA GHGRP Facility Identifier Format(facility_id)

Validates that EPA Greenhouse Gas Reporting Program (GHGRP) facility identifiers are numeric values between 5 and 7 digits long. These identifiers are assigned to facilities that report greenhouse gas emissions under 40 CFR Part 98.

Smart Meter Reading Interval(reading_interval)

Validates that smart meter reading intervals are one of the standard values: 5, 15, 30, or 60 minutes. These intervals represent the industry-standard data collection frequencies for Advanced Metering Infrastructure (AMI) and are critical for accurate load profiling, billing, and demand response programs.

Valid Date String Format(event_date)

Validates that date string values match the expected format. Supports configurable formats including YYYY-MM-DD (ISO 8601), MM/DD/YYYY, DD/MM/YYYY, YYYY/MM/DD, and DD-Mon-YYYY. Validates month (01-12), day (01-31), and reasonable year ranges.

Column Not Null

Asserts that a specified column contains no null values. This is the most fundamental completeness check — every row must have a value present in the target column.

Column Completeness Threshold

Asserts that a column meets a minimum completeness threshold, measured as the percentage of non-null values. Useful when some nulls are acceptable but the overall population rate must stay above a defined level (e.g., 95%).

Column Unique

Validates that all non-null values in a specified column are unique. Useful for natural keys, email addresses, identifiers, and any column where duplicates indicate a data quality issue.

Table Freshness

Asserts that a table has been updated within the specified number of hours. Uses the table's metadata (last modified timestamp) or a designated timestamp column to verify data is fresh and pipelines are running on schedule.