31. What is the US Critical Infrastructure Protection (CIP) initiative, why are information security policies and procedures so important, and do you offer comprehensive I.T. security policies?

The United States Critical Infrastructure Protection (CIP) is a concept that relates to the overall readiness, preparedness, and responsive mechanisms to serious incidents involving the nation’s critical infrastructure, from a regional to a national level. Or according to the United States Department of Homeland Security (DHS), CIP is the physical, cyber systems and assets that are extremely vital to the United States, such that their incapacity or destruction would have a debilitating and severe impact on the physical or economic security or public health or safety. Additionally, according to DHS, there are (as of 2013) sixteen (16) critical infrastructure sectors that have been identified, ranging from food and agriculture, to water – just to name a select few (visit http://www.dhs.gov/topic/critical-infrastructure-protection to view the entire list).

Both President’s Bill Clinton and George W. Bush played vital roles in recognizing the importance of the nation’s CIP concept, with Presidential Directive PDD-63 (http://www.fas.org/irp/offdocs/pdd/pdd-63.htm) (Under President Clinton), and Homeland Security Presidential Directive HSPD-7 for Critical Infrastructure Identification, Prioritization, and Protection (under President George W. Bush). Together, the concept of preparing, protecting, and responding to serious infrastructure issues became much more documented, formalized, and transparent.

Security Policies are an Important Component of the CIP Initiatives

In recent years, there’s been a large push from notable organizations (including the U.S. government) within many of these sixteen (16) critical infrastructure sectors to put in place compliance and security programs, assessments, maturity models, frameworks, and other best-practice initiatives for helping ensure their safety and security. From FERC, to NERC, along with the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) – and many others – a consistent theme and message is being driven, and that’s the need for comprehensive, in-depth, well-established, and documented information security policies and procedures.

Policy and procedural information for access rights, network security, incident response mechanisms, security awareness training, change management – the list goes on and on – but the message is clear – organizations having to comply with the ever-growing critical infrastructure security mandates must have comprehensive security documentation in place.

Order your Set of Security Policies Today | Hundreds Available

Trust FLANK and the FLANK21 set of policies, procedures – and more – for helping you put in place a well-established framework of enterprise-wide operational, business specific, and information security documents. With literally hundreds of templates to choose from, the FLANK21 set of documents is a great source for the growing regulatory compliance needs of organizations, especially when it comes to CIP compliance requirements. 

To learn more about CIP, visit http://www.dhs.gov/topic/critical-infrastructure-protection