Submitting Evidence to the Vault. FRCC CIP Spring Compliance Workshop May 13-16, 2013

Transcription

1 Submitting Evidence to the Vault FRCC CIP Spring Compliance Workshop May 13-16, 2013

2 Objectives Explain the step-by-step process for submitting evidence to FRCC Vault Share what happens to the evidence after it is uploaded 2

3 Software Needed You will need the following software to properly secure your evidence: Anti-virus scan: Software used by your company Cryptographic hash utility: MultiHasher along with SHA-1 hashing algorithm File Compression & Encryption Utility: 3

4 Instructions and Password Obtain a copy of the Instructions for Evidence Submittal and your password FRCC website: Compliance tab > Entity Secure File Transfer Click on: Detailed View > Entity Acronym (HVEC) > 2013 CIP Audit* > Instructions for Evidence Submittal folder Items in the folder: o DOC-09 - Instructions for Evidence Submittal o HVEC Password (txt document) Don t wait until the day the evidence is due to start uploading, it takes some time to run the utilities! * Will change depending on the year of the event and the type of Compliance action 4

5 Preparing the Evidence Package Locate the folder on your computer system containing your evidence: Perform a virus check then put the anti-virus scan report or a screen shot into a Text file, Word document or such called: antivirus-check.txt Create a hash listing of ALL your evidence then put the hash file into a Text file, Word document or such called: hash.txt Include the antivirus-check.txt, the hash.txt, and evidence files in the evidence folder to be zipped 5

6 Secure the Evidence Package Create a secure encrypted evidence package Open 7zip software While in your evidence folder, highlight all the evidence files and the 2 documents Click the Add to Archive button o Name the file (see next slide for naming convention) o Enter or paste in the password provided by FRCC o Select Encryption method: AES-256 o Check: Encrypt file names o Click: OK o Your evidence package has been zipped! 6

7 Name the Evidence Package Name the folder as follows: YYYY-MM-DD.NCR00###.XXX.001.7z YYYY-MM-DD is the start date of the audit or the start date of an enforcement or TFE request NCR00### is your Entity s NCR number, which can be found on the NERC website under registry XXX is in reference to whether this evidence if for an O&P (693) or CIP (706) audit, an enforcement request (ENF) or a Technical Feasibility Exception (TFE) 001 is the number for the first package of evidence sent for an audit. Add one (1) every time a new package is sent (002, 003 etc). Note: For Mitigation Plan (MP) requests or Determination Requests (DR) use MP001 or DR001, respectively. 7

8 Upload the Evidence Package Upload your zipped evidence folder Sign-on to the FRCC website Click on Compliance > FRCC Evidence Vault Click on your FRCC Evidence Data Folder XX (XX is number 01 to 10) Copy or move your zipped folder to the Evidence Data Folder; after folder is uploaded, no taking it back A message will appear to notify you that the upload was successful or rejected. Possible reasons for rejection: file size is too big, file name is too long, unpermitted characters in the file name Approx. 15 minutes after being placed in the Evidence Data Folder, your zipped folder should disappear. You re done! 8

9 Where s Your Zipped File? Your zipped file is in transit Your fully encrypted zipped file has been swept to the FRCC Vault staging area Automatic messages go to the ComplianceManager box and the Compliance Administrators personal box 9

10 Where s Your Evidence Stored? Compliance Administrator unzips your zipped evidence file Sends a confirmation receipt to the Entity s primary compliance contact, and Sends an to the Lead Auditor or Enforcement Specialist to let them know the evidence is ready for review. 10

11 Questions? 11