NERC CIP-003-9: Automating access control and authorisation for remote power sites

Executive Summary

As the energy grid becomes increasingly decentralised, managing access to remote power sites has evolved into a complex logistical challenge. With the impending enforcement of the NERC CIP-003-9 standard, utilities are mandated to enforce strict Vendor Electronic Remote Access controls across low-impact Bulk Electric System (BES) cyber assets. Relying on manual, legacy access methods is no longer a viable strategy for compliance or security. This whitepaper explores how automating access control and precise authorisation through a zero trust architecture fundamentally streamlines operations while satisfying regulatory requirements.

The Burden of Manual Access Management

Historically, provisioning access for third-party vendors and maintenance crews at remote sites involved manual, error-prone processes. IT administrators would create temporary virtual private network (VPN) accounts, configure complex firewall rules, and distribute shared credentials. When a vendor completed their work, deprovisioning that access was frequently delayed or forgotten entirely, leaving open backdoors into critical infrastructure.

The Independent Electricity System Operator (IESO) summary of the proposed CIP-003-9 standards highlights the expanded scope: utilities must now assert control over these distributed edge environments. Manual tracking cannot scale to meet the demands of hundreds of remote solar arrays, wind farms, and distribution substations.

Automating Precise Authorisation

The strategic shift requires moving away from broad network access toward automated, precise authorisation. A zero trust architecture, such as the Agilicus AnyX platform, enforces access at the application layer rather than the network perimeter.

By integrating with a unified corporate identity provider, the lifecycle of a user’s access is entirely automated. When a contractor is onboarded in the central directory, their access is provisioned. When their contract expires, their access is instantly and automatically revoked across all systems. Furthermore, using features like application requests, technicians can gain just-in-time, temporary access to a specific programmable logic controller (PLC) or human-machine interface without requiring a helpdesk ticket to configure a VPN.

Meeting the Technical Rationale and Audit Requirements

The regulatory expectations are explicitly detailed in NERC’s Technical Rationale for CIP-003. The focus is on ensuring that multi-factor authentication and strict access controls mitigate the risk of compromised vendor credentials. A manual VPN approach often struggles to provide the granular visibility required to prove compliance.

During an audit, organisations must provide evidence of their security controls, as outlined in the Reliability Standard Audit Worksheet (RSAW) for CIP-003-9. Agilicus AnyX automates this process by generating a central, immutable audit trail. Every connection attempt, multi-factor authentication challenge, and resource access is logged. This transforms a gruelling, forensic audit process into a simple, automated report generation.

Conclusion

To secure the modern, distributed energy grid and satisfy the impending NERC CIP-003-9 requirements, utilities must abandon manual, network-centric access models. By embracing a zero trust identity-aware proxy, organisations can automate precise authorisation, enforce multi-factor authentication, and generate comprehensive audit trails. This approach not only replaces the legacy VPN but fundamentally elevates the security posture of remote power sites without adding operational overhead.