NERC CIP-015-1 Is Approved—Here’s What Asset Owners Need to Do www.dragos.com/blog/nerc…

On June 26, 2025, the Federal Energy Regulatory Commission (FERC or the Commission) issued Order No. 907 1 formally approving North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standard CIP-015-1, which will require Internal Network Security Monitoring (INSM) (east-west monitoring) for network traffic inside Electronic Security Perimeters (ESPs) across the North American electric sector.

FERC has also directed NERC to develop modifications to CIP-015-1 to increase the scope to include Electronic Access Control or Monitoring Systems (EACMS) and Physical Access Control Systems (PACS) outside of the ESP. NERC is required to develop and submit modifications within one year.

Registered Entities should begin aligning resources and internal plans to meet the CIP-015-1 requirements within the implementation timeline.