SCADA System Security Audit Checklist [FREE PDF]

SCADA system security audits are mandated under NERC CIP-002 through CIP-014 standards, requiring utility operators to identify, protect, and monitor critical cyber assets connected to the bulk electric system. The Federal Energy Regulatory Commission (FERC) enforces these standards under Order 706, with penalties reaching $1 million per violation per day. Regular audits ensure that electronic security perimeters, access controls, and incident response plans remain current and effective.

• Industry: Electric Utilities
• Frequency: Quarterly
• Estimated Time: 90-120 minutes
• Role: Grid Operations Manager
• Total Items: 34
• Compliance: NERC CIP-002-5.1a - BES Cyber System Categorization, NERC CIP-005-6 - Electronic Security Perimeters, NERC CIP-007-6 - System Security Management, NERC CIP-010-3 - Configuration Change Management, FERC Order 706 - Mandatory Reliability Standards for CIP

BES Cyber Asset Identification

Verify that all Bulk Electric System (BES) cyber assets are properly identified and categorized per NERC CIP-002.

• Has the facility completed a current BES Cyber System inventory within the last 15 calendar months?
• Are all SCADA servers, HMI workstations, and control consoles listed in the asset register?
• Has the impact rating (High, Medium, or Low) been assigned and documented for each cyber asset?
• Are newly commissioned assets added to the inventory within 30 days of identification?
• Are decommissioned assets removed from the inventory with documented retirement records?

Electronic Security Perimeter (ESP) Controls

Confirm that electronic security perimeters are defined, documented, and enforced per NERC CIP-005.

• Is an Electronic Security Perimeter (ESP) defined and documented for each High and Medium impact BES Cyber System?
• Are all Electronic Access Points (EAPs) to the ESP protected by firewalls or similar devices configured to deny by default?
• Is Interactive Remote Access to the SCADA environment protected with multi-factor authentication (MFA)?
• Are all remote access sessions encrypted using approved cryptographic protocols?
• Are unauthorized inbound and outbound traffic attempts logged and reviewed?

Physical and Logical Access Management

Assess controls governing who can access SCADA systems physically and electronically.

• Is access to SCADA systems restricted to personnel with documented and authorized roles?
• Have all user accounts been reviewed within the last 15 calendar months to confirm continued access need?
• Are shared or default vendor accounts disabled or removed from all SCADA components?
• Are terminated employee or contractor accounts revoked within 24 hours of separation?
• Is a Physical Security Perimeter (PSP) in place for SCADA control room equipment with access logging?

System Security Management

Verify patch management, port controls, and security event monitoring per NERC CIP-007.

• Has a security patch assessment been performed within the last 35 calendar days for all SCADA components?
• Are all non-essential ports and services disabled on SCADA servers and workstations?
• Is malware prevention software deployed and updated on all SCADA systems that support it?
• Are security event logs retained for a minimum of 90 calendar days and reviewed for anomalies?
• Are password complexity and change interval requirements enforced on all SCADA accounts?

Configuration & Change Management

Confirm baseline configurations are maintained and all changes follow documented procedures per NERC CIP-010.

• Is a current baseline configuration documented for each SCADA component including OS version, installed software, and active ports?
• Are all changes to SCADA systems authorized through a formal change management process before implementation?
• Is a vulnerability assessment performed at least every 15 calendar months for High and Medium impact systems?
• Are transient cyber assets (laptops, USB drives) managed under documented policies before connecting to SCADA systems?

Incident Response & Recovery

Evaluate the readiness of incident response and recovery plans for cybersecurity events affecting SCADA.

• Does the facility have a documented cybersecurity incident response plan that addresses SCADA-specific scenarios?
• Has the incident response plan been tested through a drill or tabletop exercise within the last 15 calendar months?
• Are recovery plans for BES Cyber Systems documented and tested, including backup restoration procedures?
• Are backup configurations stored in a secure location separate from the primary SCADA environment?
• Are cybersecurity incidents reported to the E-ISAC and applicable regulatory bodies within required timeframes?

Personnel Training & Awareness

Confirm that all personnel with access to SCADA systems have received required cybersecurity awareness training.

• Have all personnel with authorized access to BES Cyber Systems completed cybersecurity awareness training within the last calendar year?
• Have all personnel completed role-based cybersecurity training covering their specific SCADA responsibilities?
• Have background risk assessments been completed for all personnel prior to granting unescorted physical or electronic access?
• Are training completion records maintained and available for audit purposes?
• Please provide any additional observations or findings from this SCADA security audit.

Related Energy Utilities Checklists

• Capacitor Bank Inspection Checklist [FREE PDF]
• Circuit Breaker Testing Checklist [FREE PDF]
• Relay Protection Testing Inspection Checklist [FREE PDF]
• Transmission Tower Inspection Checklist [FREE PDF]
• Meter Reading Equipment Inspection Checklist [FREE PDF]
• Emergency Generator Load Test Inspection Checklist [FREE PDF]
• Fuel Storage Tank Inspection Checklist [FREE PDF]
• Cooling Tower Inspection Checklist [FREE PDF]

Related Electrical Distribution Checklists

• Substation Inspection and Testing Checklist [FREE PDF] - FREE Download
• Substation Inspection and Testing Checklist [FREE PDF] - FREE Download
• Power Transformer Maintenance Check Checklist [FREE PDF] - FREE Download
• Electrical Switchgear Inspection Checklist [FREE PDF] - FREE Download
• Overhead Power Line Patrol Checklist [FREE PDF] - FREE Download
• Electrical Switchgear Inspection Checklist [FREE PDF] - FREE Download
• Overhead Power Line Patrol Inspection Checklist [FREE PDF] - FREE Download
• Underground Cable Inspection Checklist [FREE PDF] - FREE Download
• Underground Cable Inspection Checklist [FREE PDF] - FREE Download
• Capacitor Bank Inspection Checklist [FREE PDF] - FREE Download

Why Use This SCADA System Security Audit Checklist [FREE PDF]?

This scada system security audit checklist [free pdf] helps electric utilities teams maintain compliance and operational excellence. Designed for grid operations manager professionals, this checklist covers 34 critical inspection points across 7 sections. Recommended frequency: quarterly.

Ensures compliance with NERC CIP-002-5.1a - BES Cyber System Categorization, NERC CIP-005-6 - Electronic Security Perimeters, NERC CIP-007-6 - System Security Management, NERC CIP-010-3 - Configuration Change Management, FERC Order 706 - Mandatory Reliability Standards for CIP. Regulatory-aligned for audit readiness and inspection documentation.

Frequently Asked Questions

Browse More Checklists

• All Electrical Distribution Checklists
• Energy Utilities Checklists
• Browse 9,600+ Free Checklist Templates
• Operations Blog
• Book a Demo