CIP-X
12 standards

CIP-X Standards Framework

A comprehensive set of standards for cryptographic device inventory management — covering asset registration, security controls, verification, and compliance.

CIP-X-101v0.2.0

Asset Registry

Authoritative inventory of every cryptographic device — types, tiers, statuses, verification schedules, and the data model for device records.

Updated 2026-02-08

CIP-X-102v0.1.0

Risk Classification

Framework for assessing and categorizing risk levels across cryptographic infrastructure based on asset value and threat exposure.

Updated 2026-01-15

CIP-X-103v0.1.0

Tier Assignment

Criteria and procedures for assigning security tiers to devices based on their role in cryptographic operations and custody chains.

Updated 2026-01-15

CIP-X-104v0.1.0

Access Control

Policies governing who can access cryptographic devices, including authentication requirements, role-based permissions, and audit trails.

Updated 2026-01-10

CIP-X-105v0.1.0

Key Management

Lifecycle management for cryptographic keys — generation, storage, rotation, backup, and destruction procedures.

Updated 2026-01-10

CIP-X-106v0.1.0

Verification & Audit

Scheduled and ad-hoc verification procedures to confirm device state matches registry records, plus audit trail requirements.

Updated 2026-01-05

CIP-X-107v0.1.0

Incident Response

Playbooks for responding to security incidents involving cryptographic devices — detection, containment, eradication, and recovery.

Updated 2025-12-20

CIP-X-108v0.1.0

Change Management

Procedures for making changes to cryptographic infrastructure — approval workflows, testing requirements, and rollback plans.

Updated 2025-12-20

CIP-X-109v0.1.0

Network Security

Network segmentation, VLAN configuration, firewall rules, and monitoring requirements for cryptographic device networks.

Updated 2025-12-15

CIP-X-110v0.1.0

Physical Security

Physical access controls, tamper-evident enclosures, environmental monitoring, and data center security requirements.

Updated 2025-12-15

CIP-X-111v0.1.0

Decommissioning

Secure procedures for retiring cryptographic devices — key destruction, data wiping, chain-of-custody documentation, and disposal.

Updated 2025-12-10

CIP-X-112v0.1.0

Compliance Reporting

Reporting templates, dashboards, and export formats for demonstrating compliance with the CIP-X framework to auditors and regulators.

Updated 2025-12-10