Electric utilities are audited periodically for compliance with the North American Energy Reliability Corporation's (NERC) requirements. The Critical Infrastructure Protection (CIP) area contains requirements related to protection of critical cyber assets, and section 005, gives requirements related to electronic access to so-called "critical cyber assets". Anticipated changes in the scope of what is critical will likely increase the number of devices utilities are responsible for demonstrating limited access. Automated means of doing accessibility analysis are possible using a tool such as NetAPT, but as the size of the network to analyze grows, the algorithmic complexity of doing the analysis grows rapidly. This paper describes the issues and techniques that may be used to aid both utilities and auditors to gain confidence that a utility is in compliance with access control requirements. This abstract outlines points made in a panel presentation at the 2012 IEEE PES Conference on Innovative Smart Grid Technologies.