WON Security Guideline
|
|
- Peter Jonas Miller
- 5 years ago
- Views:
Transcription
1 WON Security Guideline Data Exchange Work Group October 7, rth 400 West, Suite 200 Salt Lake City, Utah
2 WON Security Guideline 1 Table of Contents Purpose... 1 Background... 1 Security Responsibilities... 1 Approved Protocols and Applications... 1 WON Perimeter Security Policy... 2 Wireless Technology... 4 Authentication... 4 Virus Scanning or Application Whitelisting... 4 Operating System Support... 4 Information Exchange... 4 Banners... 4 Physical Security... 5 Glossary... 5
3 WON Security Guideline 1 Purpose The purpose of this document is to provide clear and consistent expectations for security procedures to all users on the WECC Operations Network (WON). Background The WON was established to facilitate the exchange of operational data between Reliability Coordinators (RC), Transmission Operators (TOP), Balancing Authorities (BA), and other member utilities to facilitate exchanging power system reliability data. This network is a collection of connected entities that communicate over the WON to exchange power system-related data. This data includes analog values (e.g., bus voltages, line flows, generator outputs) and status information (e.g., circuit breaker statuses, switch statuses). Access to the WON is granted only to members of WECC that have a reliability responsibility to the WECC interconnected electrical system that requires access to currently-approved, real-time power system data and have executed the WECC Operations Network Connection and Data Use Agreement (attachment 1). Others may be granted a special exemption to these criteria at the discretion of the WECC Data Exchange Work Group (DEWG). Security Responsibilities All locations operating a WON connection shall employ all applicable standards and due diligence to protect the WON telecommunications infrastructure from unauthorized use or access, at a minimum, the entities shall follow the guidelines below. This includes the use of all applicable NERC Standards, other applicable standards, and industry-accepted practices. Approved Protocols and Applications The following is a list of protocols and applications that have been approved by the WECC for use on the WON. Encryption of the allowed protocols is permitted, but not required. Any other protocol or application is not allowed.
4 WON Security Guideline 2 Table 1: WON Protocols and Applications Protocols/Application Inter Control Center Protocol (ICCP) (TASE2) WECCNet Messaging Antivirus Signature Updates Southwest Reserve Sharing Rocky Mountain Reserve Sharing Voice over Internet Protocol (VOIP) Reliability Coordination Offices Distributed Network Protocol 3 (DNP3) Network Time Protocol (NTP) Phasor Measurement System Virus Scanning Required Yes Yes Yes A member utility desiring to use an application or protocol not on this list must submit a proposal for its inclusion in this list to the WECC DEWG. The DEWG will review the proposal and submit a recommendation to the Critical Infrastructure Information Management Subcommittee (CIIMS) either for or against the proposal. The CIIMS will make the final determination as to whether the proposal will be accepted or not. WON Perimeter Security Policy The WON network shall be firewalled from Management, Administrative, and other networks and use proper Access Control Lists (ACL) for ports and services. Utilities shall have a policy for intrusion detection consistent with industry standards. o Firewalls Firewalls or some device performing access control shall exist on all connections between the WON and a member s Supervisory Control and Data Acquisition/Energy Management System (SCADA/EMS) or internal networks require a firewall and related access controls. Firewalls shall be configured to restrict inbound and outbound communication to specific WECC assigned Internet Protocol (IP) addresses and to be limited to the protocols identified in Table 1. o Routers
5 WON Security Guideline 3 Utilities shall only use their assigned WON IP addresses. o Placement The following diagram illustrates the minimum firewall requirements. The drawing shows all servers located behind the firewall, the WECCNet messaging client and other standalone systems may be located outside the firewall. WECCNet WECCNet o Messaging PC The WECCnet Messaging PC may reside on the WON directly or behind a Firewall with the SCADA/EMS system. The WECCnet Messaging PC shall not have another connection to it allowing it to become a bridge to another local area network (LAN), i.e. allowing the corporate LAN to have a connection to the Messaging PC. Reasonable precautions shall be taken to protect the PC from unauthorized access.
6 WON Security Guideline 4 Wireless Technology Wireless LAN (e.g., x) equipment is prohibited on the WON. Members shall not connect any wireless LAN devices to the WON. Authentication Password guidelines for WON-connected devices and approved applications: Length Eight-character minimum Numeric At least one Upper Case At least one Dictionary Words Prohibited Expiration Annually Virus Scanning or Application Whitelisting Password Protection Hashed within the Config The use of virus scanning software is required as shown in Table 1. The WECCnet messaging PC requires the use of virus scanner/anti-malware software or application whitelisting. For entities that do not provide their own antivirus software, WECC provides access to a DEWG-approved solution. Operating System Support Computers connected directly to the WON must be maintained with supported operating system security patches. Any members using an unsupported operating system version must upgrade to a supported version. Information Exchange Any administrative information about the WON, such as IP addresses, network diagram, or Association Information Exchange Form, shall be password protected or encrypted before transmission via any electronic means. Banners All devices connected to the WON shall have the following WECC-approved login banner or equivalent installed.
7 WON Security Guideline 5 WECC-approved login banner: This system is for authorized users only. Anyone using this system expressly consents to being monitored and is advised that if such monitoring reveals possible criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials. Physical Security WECC requires that computers and networking equipment associated with the WON connections be physically secured from unauthorized access. Operation of these computers or networking equipment shall require valid user name and password access. WECC may periodically contract for security testing of the WON. Glossary WON Computer/Device Any devices connected via TCP/IP networking to the WECC Operations Network EHV Data Pool A data repository of generation, flow, voltage, and frequency information on the whole Western Interconnected System provided for and by member companies via the ICCP data exchange protocol. DEWG The Data Exchange Work Group (DEWG) is responsible for supporting the data needs of the Reliability Coordinator function and other entities identified by the WECC OC and for developing and overseeing methodologies to facilitate the exchange of real-time, modeling, and other operational data to help ensure reliable electric power system operations. The Data Exchange Work Group is a member group established by the Operating Committee (OC) and the critical Infrastructure and Information Management Subcommittee (CIIMS). WECCNet Messaging System A data messaging system used by WECC participating entities (e.g. Utilities, Reliability Coordinator), dispatchers and network administrators. The system is used to convey information related to WECC electrical system elements including, but not limited to; informational notices, outages, and emergency and abnormal conditions, as well as restorations. Whitelisting Application whitelisting is a methodology used to prevent unauthorized programs from running. The purpose is to protect systems from harmful applications. The whitelist is a simple list of applications that have been granted permission to run. When an application tries to run, it is checked against the list and, if found, allowed to run. Blacklisting, the opposite approach to whitelisting, is the method used by most antivirus programs.
8 WON Security Guideline 6 Approved By: Approving Committee, Entity or Person Date Operating Committee December 3, 2015 Critical Infrastructure and Information Management Subcommittee October 8, 2013 Data Exchange Work Group October 7, 2015 Operating Committee (OC) March 25, 2014 Data Exchange Work Group (DEWG) February 11, 2014
9 WECC Operations Network Connection and Data Use Agreement Revised: October 13, 2015 Background The WON was established to facilitate the exchange of operational data between Reliability Coordinators (RC), Transmission Operators (TOP), Balancing Authorities (BA), and other member utilities to facilitate exchanging power system reliability data. This network is a collection of connected entities that communicate over the WON to exchange power system-related data. This data includes analog values (e.g., bus voltages, line flows, generator outputs) and status information (e.g., circuit breaker statuses, switch statuses). Access to the WON is granted only to members of WECC that have a reliability responsibility to the WECC interconnected electrical system that requires access to currently-approved, real-time power system data. Others may be granted a special exemption to these criteria at the discretion of the WECC Data Exchange Work Group (DEWG). Requirements for WON Connection A. The organization is a member of WECC. B. The organization has a reliability responsibility to the WECC interconnected electrical system that requires access to currently approved, real-time power system data. C. The organization agrees to treat WON data consistent with (1) the terms of the WECC Universal Synchrophasor and Operating Reliability Data Sharing Agreement (UDSA), dated March 6, 2012, which was assigned by WECC to Peak Reliability and which has expired, and (2) Peak Reliability's Bridge Data Sharing Policy (Policy), dated March 19, 2015, as it revises such UDSA, until such time that Peak Reliability develops and parties execute a new Universal Data Sharing Agreement to replace the foregoing UDSA and Policy, at which point the organization agrees to treat WON data in accordance with the terms of the new Peak Reliability Universal Data Sharing Agreement. D. The organization agrees to exchange only approved, reliability-related information on the WON. E. The organization agrees to follow the requirements of the Guideline for WECC Operations Network de: Responsibilities and Procedures. F. The organization agrees to follow the requirements of the WON Security Guideline. The DEWG shall review those requests for an exemption to the Requirements for WON Connection listed below and shall vote to approve or deny those requests at noticed meetings of the DEWG. All exemptions approved by the DEWG shall be listed in Appendix A. WESTERN ELECTRICITY COORDINATING COUNCIL 155 rth 400 West, Suite 200 Salt Lake City, Utah
10
Date adopted/approved 02/08/2013 Custodian (entity responsible for maintenance and upkeep) Data Exchange Work Group. Web URL: Previous name/number
Document name Category Guideline for WECC Operations Network Node: Responsibilities and Procedures ( ) Regional Reliability Standard ( ) Regional Criteria ( ) Policy (X) Guideline ( ) Report or other (
More informationWECC Criterion INT-001-WECC-CRT-3
WECC Criterion INT-001-WECC-CRT-3 A. Introduction 1. Title: e-tag Requirements for WECC including Wrongful Denial of Request for Interchange (RFI) 2. Number: INT-001-WECC-CRT-3 3. Purpose: To manage Arranged
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationStandard CIP 005 2a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationGuidelines for Submitting NERC Reliability Standards Required Documents to the SPP Reliability Coordinator and the SPP Balancing Authority Version 1
Guidelines for Submitting NERC Reliability Standards Required Documents to the SPP Reliability Coordinator and the SPP Balancing Authority Version 1 Revision History Version Effective Date Summary of Revisions
More informationStandard CIP 005 4a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)
More informationAlberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5
A. Introduction 1. Title: 2. Number: 3. Purpose: To manage electronic access to BES cyber systems by specifying a controlled electronic security perimeter in support of protecting BES cyber systems against
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationStandard CIP 007 4a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for
More informationStandard CIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationWECC Criterion INT-001-WECC-CRT-2.13
WECC Criterion INT-001-WECC-CRT-2.13 A. Introduction 1. Title: e-tag Requirements for WECC including Wrongful Denial and Loss of Communication ProceduresRequest for Interchange (RFI) 2. Number: INT-001-WECC-CRT-2.13
More informationREAL-TIME MONITORING DATA SPECIFICATION
REAL-TIME MONITORING DATA SPECIFICATION Version 1 December 9, 2016 Revision History Version Date Reviewer Revisions 1 11/1/16 Mansion Hudson Initial document 1 Contents 1. DOCUMENT REVIEW... 3 2. DEFINITIONS...
More informationUniversity Network Policies
BACKGROUND Washington State University s network infrastructure and network services are vital to carry out the mission of the University. Policies are needed to ensure the continued integrity of these
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationCIP V5 Updates Midwest Energy Association Electrical Operations Conference
CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version
More informationStandard Req # Requirement D20MX Security Mechanisms D20ME II and Predecessors Security Mechanisms
GE Digital Energy D20MX - NERC - CIP Response Product Bulletin Date: May 6th, 2013 Classification: GE Information NERC Critical Infrastructure Protection Response Overview The purpose of this document
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationAnalysis of CIP-006 and CIP-007 Violations
Electric Reliability Organization (ERO) Compliance Analysis Report Reliability Standard CIP-006 Physical Security of Critical Cyber Assets Reliability Standard CIP-007 Systems Security Management December
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationWECC Criterion MOD-(11 and 13)-WECC-CRT-1.1
WECC Criterion MOD-(11 and 13)-WECC-CRT-1.1 A. Introduction 1. Title: Steady State and Dynamic Data Requirements 2. Number: MOD-(11 and 13)-WECC-CRT-1.1 3. Purpose: To establish the consistent data requirements
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationBC Hydro Open Access Transmission Tariff Effective: January 26, 2018 OATT Attachment Q-1 First Revision of Page 1
OATT Attachment Q-1 First Revision of Page 1 ATTACHMENT Q-1 Dynamic Scheduling This attachment contains the eligibility requirements and the terms and conditions for the provision of dynamic scheduling
More informationConcept White Paper. Concepts for Proposed Content of Eventual Standard(s) for Project : Real-Time Monitoring and Analysis Capabilities
Concept White Paper Concepts for Proposed Content of Eventual Standard(s) for Project 2009-02: Real-Time Monitoring and Analysis Capabilities Real-time Monitoring and Analysis Capabilities Standard Drafting
More informationSmall Generator Interconnection Facilities Study Report. Completed for. ( Interconnection Customer ) Proposed Interconnection Pavant substation
Small Generator Interconnection Facilities Study Report Completed for ( Interconnection Customer ) Proposed Interconnection Pavant substation Original report dated February 17, 2016 Revised March 11, 2016
More informationAcceptable Use Policy
Acceptable Use Policy This Acceptable Use Policy is in addition to South Central Communication s Terms of Service and together the documents constitute the Agreement between South Central Communications
More informationDRAFT. Standard 1300 Cyber Security
These definitions will be posted and balloted along with the standard, but will not be restated in the standard. Instead, they will be included in a separate glossary of terms relevant to all standards
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Wksheet 1 CIP-005-6 Cyber Security Electronic Security Perimeter(s) This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number:
More informationSmall Generator Interconnection Facilities Study Report. Completed for Q0314 ( Interconnection Customer ) A Qualified Facility
Small Generator Interconnection Completed for Q0314 ( Interconnection Customer ) A Qualified Facility Proposed Interconnection PacifiCorp s 34.5-kV West Cedar Substation December 29, 2010 TABLE OF CONTENTS
More informationEU Data Protection Agreement
EU Data Protection Agreement This Data Protection Agreement ("Agreement") is entered into by and between TechTarget, Inc., a Delaware corporation with a principle place of business at 275 Grove Street,
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationUnofficial Comment Form Project Operating Personnel Communications Protocols COM Operating Personnel Communications Protocols
Project 2007-02 Operating Personnel Communications Protocols COM-002-4 Operating Personnel Communications Protocols Please DO NOT use this form. Please use the electronic comment form to submit comments
More informationFLORIDA S PREHOSPITAL EMERGENCY MEDICAL SERVICES TRACKING & REPORTING SYSTEM
FLORIDA S PREHOSPITAL EMERGENCY MEDICAL SERVICES TRACKING & REPORTING SYSTEM END USER SECURITY POLICY MANUAL 1 INTRODUCTION... 3 2 INFORMATION USAGE AND PROTECTION... 3 2.2 PROTECTED HEALTH INFORMATION...
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationPayment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0
Payment Card Industry (PCI) Data Security Standard Summary of s from PCI DSS Version 1.2.1 to 2.0 October 2010 General General Throughout Removed specific references to the Glossary as references are generally
More informationStandard CIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-1 3. Purpose: Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s)
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-1 3. Purpose: Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing
More informationCalifornia Independent System Operator Corporation Fifth Replacement Electronic Tariff
Table of Contents Appendix M... 2 Dynamic Scheduling Protocol (DSP)... 2 1. DYNAMIC SCHEDULES OF IMPORTS TO THE CAISO BALANCING AUTHORITY AREA... 2 1.2 Contractual Relationships... 2 1.3 Communications,
More informationLow Impact Generation CIP Compliance. Ryan Walter
Low Impact Generation CIP Compliance Ryan Walter Agenda Entity Overview NERC CIP Introduction CIP-002-5.1, Asset Classification What Should Already be Done CIP-003-7, Low Impact Requirements Tri-State
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationTIME SYSTEM SECURITY AWARENESS HANDOUT
WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/16/2017 2018 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationManaged NIDS Care Services
Managed NIDS Care Services This Service Guide ( SG ) sets forth a description of CenturyLink Managed NIDS Care Service ( Service ) offerings including technical details and additional requirements or terms,
More informationCOM Communications and Coordination
COM-002-2 Communications and Coordination February 27, 2014 Lonnie Lindekugel ~ SPP Jim Nail ~ City of Independence INTRODUCTION NERC Reliability Standard COM-002-2 (Communications and Coordination) serves
More informationCompliance Exception and Self-Logging Report Q4 2014
Agenda Item 5 Board of Trustees Compliance Committee Open Session February 11, 2015 Compliance Exception and Self-Logging Report Q4 2014 Action Information Introduction Beginning in November 2013, NERC
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCIP Cyber Security Security Management Controls. A. Introduction
CIP-003-7 - Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-7 3. Purpose: To specify consistent and sustainable security
More informationPeak Reliability Coordination Services in the West March 30, 2018
Peak Reliability Coordination Services in the West March 30, 2018 Peak Reliability, 2018. 1 Peak Reliability Coordination Services in the West Peak s fundamental mission is to enhance and promote the reliability
More informationWinnebago Industries, Inc. Privacy Policy
Winnebago Industries, Inc. Privacy Policy At Winnebago Industries, we are very sensitive to the privacy concerns of visitors to our websites. Though we do not obtain any personal information that individually
More informationThe University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems
The University of Texas at El Paso Information Security Office Minimum Security Standards for Systems 1 Table of Contents 1. Purpose... 3 2. Scope... 3 3. Audience... 3 4. Minimum Standards... 3 5. Security
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationCAISO RIG Acceptance Test Procedure
CAISO RIG Acceptance Test Procedure TABLE OF CONTENTS 1.0 PURPOSE... 3 2.0 INTRODUCTION... 3 3.0 TEST PROCEDURE... 8 Market Services/ EDAS CAISO Public Revision History 1.0 PURPOSE The procedure is intended
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationJanuary 22, The Honorable Kimberly D. Bose Secretary Federal Energy Regulatory Commission 888 First Street, N.E. Washington, D.C.
California Independent System Operator Corporation January 22, 2013 The Honorable Kimberly D. Bose Secretary Federal Energy Regulatory Commission 888 First Street, N.E. Washington, D.C. 20426 Re: California
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationOutage Management System Pilot Roll-out: Division User Manual
Outage Management System Pilot Roll-out: Division User Manual February 2017 Table of Contents 1. Outage Management System... 2 1.1. Overall Objective... 2 1.2. Outage Categories... 2 1.3. Division User
More informationReliability Coordinator Procedure PURPOSE... 1
No. RC0550 Restriction: Table of Contents PURPOSE... 1 1. RESPONSIBILITIES... 2 1.1.1. CAISO RC... 2 1.1.2. RC Working Groups... 2 1.1.3. Operationally Affected Parties... 2 1.1.4. RC Oversight Committee...
More informationQuébec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan
Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan 2017 Annual Implementation Plan Effective Date: January 1, 2017 Approved by the Régie: December 1, 2016 Table
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationInstitute of Technology, Sligo. Information Security Policy. Version 0.2
Institute of Technology, Sligo Information Security Policy Version 0.2 1 Document Location The document is held on the Institute s Staff Portal here. Revision History Date of this revision: 28.03.16 Date
More informationSALT RIVER PROJECT STANDARDS OF CONDUCT AND WRITTEN PROCEDURES FOR COMPLIANCE WITH FERC ORDER 717 February 11, 2009
SALT RIVER PROJECT STANDARDS OF CONDUCT AND WRITTEN PROCEDURES FOR COMPLIANCE WITH FERC ORDER 717 February 11, 2009 The Salt River Project Agricultural Improvement and Power District ( SRP ), in compliance
More informationNERC Relay Loadability Standard Reliability Standards Webinar November 23, 2010
Transmission Relay Loadability FERC Order 733 Project 2010-1313 NERC Relay Loadability Standard Reliability Standards Webinar November 23, 2010 Project Overview 2 Standards Involved PRC-023-2 Transmission
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationStandard INT Dynamic Transfers
Standard INT-004-3.1 Dynamic Transfers A. Introduction 1. Title: Dynamic Transfers 2. Number: INT-004-3.1 3. Purpose: To ensure Dynamic Schedules and Pseudo-Ties are communicated and accounted for appropriately
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationHetch Hetchy Water and Power of the City and County of San Francisco. Joint Transmission Planning Base Case Preparation Process
California Independent System Operator & Hetch Hetchy Water and Power of the City and County of San Francisco Joint Transmission Planning Base Case Preparation Process This is a living document. Please
More informationAccess Control Procedure
HIPAA Security Procedure # Last Revised: 3/15/2006 Approved: Scope of Procedure The scope of this Policy covers the unique user identification and password, emergency access, automatic logoff, encryption
More informationProject Consideration of Commission Directives in Order No. 693
Project 2009-02 Consideration of Commission Directives in Order Order P 905-906 Further, consistent with the NOPR, the Commission directs the ERO to modify IRO-002-1 to require a minimum set of tools that
More informationGeneration, Transmission, and End User Facilities
Procedures for Interconnection of Generation, Transmission, and End User To the Grand River Dam Authority Transmission System Table of Contents GRDA/SPP Interaction... 3 Standards... 3 Generation... 3
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationDaxko s PCI DSS Responsibilities
! Daxko s PCI DSS Responsibilities According to PCI DSS requirement 12.9, Daxko will maintain all applicable PCI DSS requirements to the extent the service prov ider handles, has access to, or otherwise
More information<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy
Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Allowed Personally Owned Device Policy Every 2 years or as needed Purpose: A personally owned information system or device
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationYADTEL - Privacy Information INFORMATION WE COLLECT
YADTEL - Privacy Information As a customer of Yadtel, you are entitled to know what we do with personal information about you that we receive. We consider our treatment of such information to be a part
More informationCanada Education Savings Program (CESP) Data Interface Operations and Connectivity
(CESP) Version Number: 7.0 Version Date: November 24, 2016 Version History Version Release Date Description R 1.0 September 30, 1998 Initial version for HRSDC internal reviews. D 2.0 March 15, 1999 Ongoing
More informationIntroduction. ADSTF Report of Lessons Learned from the Implementation of the 2028 ADS Anchor Data Set Task Force February 22, 2019
ADSTF Report of Lessons Learned from the Implementation of the 2028 ADS Anchor Data Set Task Force February 22, 2019 Introduction Throughout 2015 and 2016 the structure of committees in the Western Electricity
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationServer Security Checklist
Server identification and location: Completed by (please print): Date: Signature: Manager s signature: Next scheduled review date: Date: Secure Network and Physical Environment 1. Server is secured in
More informationCustomer Proprietary Network Information
Customer proprietary network information (CPNI) means information that relates to the quantity, technical configuration, type, destination, location, and amount of use of our service by you and information
More informationA. Introduction. Page 1 of 22
The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure
More informationUnofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)
Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Do not use this form for submitting comments. Use the electronic form to submit
More informationADDITIONAL TERMS FOR HOSTED IP TELEPHONY SERVICES SCHEDULE 2K(B)
ADDITIONAL TERMS FOR HOSTED IP TELEPHONY SERVICES SCHEDULE 2K(B) CONTENTS 1. Service Description... 3 2. Definitions... 3 3. Service Terms... 3 4. IP Phones... 4 5. Customer Obligations... 4 6. Access
More information