A Note to our Customers and Partners in the Middle East
More Information
Academy
Labs
Careers
Partner Login
Support
COMPLIANCE

Accelerate NERC CIP-015-1 Compliance with Nozomi Networks INSM

We understand the complexities and burden of NERC CIP-015-1 compliance for responsible entities. By streamlining monitoring, anomaly detection, reporting and evidence generation, our internal network security monitoring (INSM) solution enables teams to focus on business operations while assuring regulatory compliance and uptime.

Request Demo

What Is NERC CIP-015-1 (INSM)?

With CIP-015-1, the Federal Energy Regulatory Commission (FERC) acknowledges that protecting the electronic security perimeter (ESP) is not enough. It directs high- and medium-impact Bulk Electric System (BES) Cyber Systems with external routable connectivity (ERC) to implement INSM by October 1, 2028. All other BES Cyber Systems with ERC have until October 1, 2030, to comply.

INSM provides continuous visibility into how networked devices within a trusted zone (ESP) are communicating with each other, allowing for early detection of lateral movement and malicious or anomalous activity within that zone.

Since CIP-015-1 was approved in July 2025, FERC has directed NERC to extend INSM beyond the ESP to include the EACMS, PACS and SCI. When selecting an INSM solution, responsible entities should also consider these future requirements.

Diagram showing a network architecture with centralized services connected via VPN and firewall to the DMZ containing GUARDIAN, and level 2 devices including SEL-2741 SDN Switch connecting ARC, SEL-3355 Blueframe computing platform with DMA, SEL-3555 RTAC, and level 1 devices labeled IED.

Simplified INSM network architecture using the Nozomi Networks platform with SEL Blueframe®

What Are the NERC CIP-015-1 Requirements?

NERC CIP-015-1 mandates that responsible entities use INSM to collect network data within an ESP, detect anomalous or unauthorized activity against established baselines, evaluate threats and anomalies, retain investigation records and protect INSM data integrity. 


Nozomi Networks offers both the technology and expertise to help BES Cyber Systems operators meet the requirements.

NERC CIP 15 Requirements
R1. Documented process for monitoring anomalous activity within ESP
R1. Part 1.1. Risk-Driven network data feed collection
R1. Part 1.2. Detecting anomalies in network data feed(s)
R1. Part 1.3. Evaluate anomalies for response
R2. Retain anomaly data until resolution
R3. Protect INSM data integrity
Nozomi Guidance 
& Support
Nozomi Platform
R1. Documented process for monitoring anomalous activity within ESP
R1. Part 1.1. Risk-Driven network data feed collection
R1. Part 1.2. Detecting anomalies in network data feed(s)
R1. Part 1.3. Evaluate anomalies for response
R2. Retain anomaly data until resolution
R3. Protect INSM data integrity
Nozomi Guidance 
& Support
Nozomi Platform

Why Nozomi Networks for NERC CIP-015-1 Compliance?

Compliance Assurance
  • Audit-ready evidence generation mapped directly to CIP-015-1 INSM requirements
  • Nozomi NERC CIP SMEs who support our customers' programs and evidence needs
  • Data retention, management, and redundancy that meet evidence retention requirements
Dark gray downward pointing arrow.
Seamless Program 
Integration
  • Easy incorporation into your existing NERC CIP program
  • An extensive set of native integrations to common industry tools
  • Integration into your environment with assurance of operational uptime
Dark gray downward pointing arrow.
Flexible & Scalable 
Approach
  • Scalable from a single sensor to a multi-tier enterprise architecture
  • On-prem, Hybrid, and SaaS (Licensing Only) deployment options
  • Wide range of sensor options, including embedded, lightweight, endpoint, virtual, and physical

Flexible Deployment Options

Choose the OT/ICS cybersecurity platform that’s easy to deploy, with flexible architectures that conform to your ESP environment and NERC program requirements.

Technical network diagram showing multiple Guardian devices connected to Central Management Console, CMC Gateway, and Vantage Licensing & Update Management with electronic security perimeter and remote collectors.Network architecture diagram showing Guardian security devices connected to a central management system and CMC gateways, illustrating electronic security perimeters and licensing update management.

Related Resources

Electrical transmission towers and power lines under a colorful sky at sunset.
BLOG

Preparing for NERC CIP-015-1: Internal Network Security Monitoring for Electric Utilities

Read
Multiple high-voltage power transmission towers with electric lines at sunset under a partly cloudy sky.
Blog

Get Ready: NERC CIP-015-2 Will Expand INSM Beyond the Electronic Security Perimeter

Read
Webinar announcement for NERC CIP-015-1 internal network security monitoring for electric utilities by Nozomi Networks and Schweitzer Engineering Laboratories with transmission towers in the background.
WEBINAR

Why NERC CIP Compliance Matters for Municipal Electric Utilities

Watch

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationsPSIRT

Professional Services

Professional ServicesDesignated EngineerFast Track ServicesHealth Check ServiceOptimization Service

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

NERC CIPNIS2 DirectiveTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

AcademyCareersCompanyCustomer StoriesContact UsPartnersResourcesLabsLegalTrust Center
LinkedIn logo
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Notice and Certifications. System Status.