The False Choice of NERC CIP-003-9: Keep Remote Access and Stay Compliant
2026-04-14 @ 13:00 – 14:00
Register For Webinar
On 2024-04-01, NERC CIP-003-9 changed the rules of the game for operational technology. In the rush to comply, many organizations overcorrected. You looked at the strict new audit requirements and made a pragmatic, albeit painful, choice: It was a classic A or B decision. You could keep the workflow and fail the audit, or kill the workflow and pass.
In this webinar, we will show you how to satisfy the stringent requirements of the North American Electric Reliability Corporation without sunsetting the remote connectivity your operations team relies on. You do not have to choose between security and uptime.
Webinar Highlights
The Speaker
Don Bowman, CEO at Agilicus
Founder and CEO of Agilicus, Don Bowman is an expert in cloud, security, and networking with 30 years of experience in global Internet, technology, public policy.
When the new regulations took effect, compliance officers and operations teams found themselves at an impasse. The mandate demands granular visibility and strict control over who accesses what. Legacy tools simply cannot provide the necessary audit trails. A traditional VPN connects a user to a network, not a specific resource, meaning your audit log is essentially a wide-open door. Swiss cheese would be jealous of the gaps in traditional perimeter defence.
This technical friction led to a brutal operational shift. To eliminate the risk, many independent power producers simply severed the connection. Vendors who previously monitored PLCs remotely were suddenly locked out. Routine maintenance that used to take five minutes now requires a physical truck roll. This severely impacts your mean time to repair and introduces unnecessary physical friction into your digital processes. You mitigated the cyber risk, but you amplified the operational risk.
It does not have to be this way. Organizations like the National Institute of Standards and Technology outline clear supply chain risk management practices that do not require severing connectivity. By implementing a Zero Trust architecture you authenticate the user, verify their context, and grant access only to a single specific resource, all while generating an immutable, perfectly granular audit trail.
Attend this webinar if you:
- Manage remote access for third-party vendors and contractors.
- Have an operations team frustrated by the overcorrection to NERC CIP-003-9.
- Are responsible for maintaining regulatory compliance without destroying operational technology workflows.
What you will learn:
- How to reverse the sunsetting of remote tools and safely restore vendor access.
- The method for maintaining existing workflows while satisfying auditors.
- Why you can have remote access and compliance simultaneously, rather than picking just one.
We invite you to read our detailed white paper on why legacy remote access tools are not sufficient, and then join us to learn how to build a resilient, compliant access strategy. If you want to discuss your specific architecture beforehand, you can book a 15-minute consultation with our engineering team.
LEARN MORE ON THE TOPIC
On April 1, 2026, the North American Bulk Electrical System faces a critical regulatory shift with the enforcement of NERC CIP-003-9. The introduction of Section 6 – Vendor Electronic Remote Access Security Controls – introducing how Independent Power Producers manage, audit, and disable vendor remote access to low impact Bulk Electric Systems
Get In Touch
Ready To Learn More?
Agilicus AnyX Zero Trust enables any user, on any device, secure connectivity to any resource they need—without a client or VPN. Whether that resource is a web application, a programmable logic controller, or a building management system, Agilicus can secure it with multi-factor authentication while keeping the user experience simple with single sign-on.
info@agilicus.com, +1 519 953-4332
300-87 King St W, Kitchener, ON, Canada. N2G 1A7
info@partner.com, +1 555 555-5555
1 Main Street, Townsville, ON, Canada. POST-CODE