Low Impact BES Cyber Systems. Cyber Security Security Management Controls CIP Dave Kenney

Size: px
Start display at page:

Download "Low Impact BES Cyber Systems. Cyber Security Security Management Controls CIP Dave Kenney"

Transcription

1 Low Impact BES Cyber Systems Cyber Security Security Management Controls CIP Dave Kenney November 9, 2016

2 Presentation Agenda Outreach Observations/Audit Approach Cyber Security Awareness Physical Security Controls Electronic Access Controls for Low Impact LERC and Dialup Connectivity Cyber Security Incident Response Presentable Evidence 2

3 What is Low Impact? BES Cyber Systems not included in High or Medium assets that meet the applicability qualifications in Section 4 of Attachment 1 of CIP

4 Compliance vs. Security Information Security in general, is the practice of defending information from unauthorized access, use, discloser, disruption, modification, inspection, recording or destruction Compliance in general, describes the ability to act according to an order, set of rules or request

5 LERC and LEAP Low Impact External Routable Connectivity (LERC) - Bi-directional routable communications between low impact BES Cyber System(s) and Cyber Assets outside the asset containing those Low Impact BES Cyber System(s) Low Impact BES Cyber System Electronic Access Point (LEAP) A Cyber Asset interface that allows Low Impact External Routable Connectivity. The Cyber Asset may reside at a location external to the asset or assets containing Low Impact BES Cyber System(s)

6 CIP Effective Dates CIP Effective Date 7/1/2016 April July Nov Jan April Sept Dec Jan. Aug. Sept Dec CIP Req. 1/3/4 4/1/2017 CIP Req. 1 Part 1.2 CIP Req. 2 9/1/2018 CIP Req. 2, Attach. 1 Sec. 2/3 CIP Req. 2 Attach. 1 Sec. 1/4 6

7 Standard and Requirement Effective Dates CIP effective on July 1, 2016 Requirement 1 Apr. 1, 2016 Requirement 1, Part 1.2 Apr. 1, 2017 Requirement 2 Apr. 1, 2017 Requirement 2, Attachment 1, Section 1 Apr. 1, 2017 Requirement 2, Attachment 1, Section 2 Sept. 1, 2018 Requirement 2, Attachment 1, Section 3 Sept. 1, 2018 Requirement 2, Attachment 1, Section 4 Apr. 1, 2017 Requirement 3 July 1, 2016 Requirement 4 July 1, 2016

8 Outreach Observations The following points have been noticed during FRCC Outreach session: Inventory Although not required, an inventory and network diagram(s) are highly recommended and can assist the audit team in understanding the environment Network Diagrams the initial data request can be a high level network diagram

9 Outreach Observation An entity may have more than one incident management plan. This may be based on what they are registered to perform It will be helpful to review detective, preventative and corrective controls pertaining to physical and electronic key management and access card control

10 Audit Approach Typical Evidence Provided by Entity: Documentation of entity access controls and explanation of implementation of processes as documented Documentation of policies that are clearly signed, dated and approved by the CIP Senior Manager Documentation that processes are being appropriately and consistently applied across all business units.

11 Audit Approach Documentation and explanation of shared facilities and how protections are provided This may be documented in CFR, JRO or MOU It is not unusual that an entity may have more than one Incident Response plans based on their registered function, i.e. Generation, Transmission, etc.

12 Cyber Security Awareness

13 Cyber Security Awareness Cyber Security Awareness - Each Responsible Entity shall reinforce, at least once every 15 calendar months, cyber security practices (which may include associated physical security practices) Evidence: Direct Communications s, memos or evidence of computer based training Indirect Communications Posters, Brochures or Intranet Management Support and Reinforcement Presentations or meetings Make sure all personnel have access to Cyber Security Awareness material

14 Physical Security Controls 16

15 Physical Security Controls Physical Security Controls - Each Responsible Entity shall control physical access, based on need as determined by the Responsible Entity, to: the Asset or the location of Low Impact BES Cyber System within the asset and the Low Impact BES Cyber System Electronic Access Points (LEAPs); if any

16 Evidence for Physical Security Controls Evidence can include any of the following documentation of the selected Access control(s): Card Locks Gates Fences Locks Perimeter Controls (such as Video Monitoring) Alarm Systems (for Monitoring) Human Observation Other (Operational, Procedural, or Technical)

17 Electronic Access Controls With LERC and Dial-up Connectivity

18 Electronic Access Controls Each Responsible Entity shall: For LERC, if any, implement a LEAP to permit only necessary inbound and outbound bi-directions routable protocol access Implement authentication for all Dial-up Connectivity, if any, that provided access to low impact BES Cyber Systems, per Cyber Asset capability

19 Electronic Access Controls Evidence Electronic Access Controls Network Diagram(s) Restrictive IP Addresses, Ports and Services Firewall Configuration files (LEAP Devices) Dial-up Connectivity Network Diagram(s) Evidence of Dual-factor authentication Restrictive IP Addresses, Ports and Services Intermediate system information

20 Cyber Security Incident Response

21 Cyber Security Incident Response Cyber Security Incident Response - Each Responsible Entity shall have one or more Cyber Security Incident Response plan(s), either by asset or group of assets, which shall include: Identification, classification and response to the Cyber Security Incidents Determination of whether an identified Cyber Security Incident is a Reportable Cyber Security Incident and subsequent notification of the Electricity Information Sharing and Analysis Center (E-ISAC)

22 Cyber Security Incident Response Cyber Security Incident Response - Each Responsible Entity shall have one or more Cyber Security Incident Response plan(s), either by asset or group of assets, which shall include: Identification of the roles and responsibilities for Cyber Security Incident response by groups or individuals Incident handling for Cyber Security Incidents

23 Cyber Security Incident Response Testing the Cyber Security Incident Response plan(s) at least once every 36 Calendar months by: 1) responding to an actual Reportable Cyber Security Incident or 2) using a drill or tabletop exercise of a Reportable Cyber Security Incident or 3) using an operational exercise of a Reportable Cyber Security Incident Updating the Cyber Security Incident Response plan(s). if needed, within 180 Calendar days after completion of a Cyber Security Incident Response plan(s) test or actual Reportable incident

24 Evidence for Cyber Security Incident Response Evidence dated and signed document(s) such as Policies, Procedures, process documents of one or more Cyber Security Incident Response plan(s) developed by the asset or group of assets that include the following process: To identify, classify and respond to Cyber Security Incidents; to determine whether an identified Cyber Security Incident is a Reportable Cyber Security Incident and for notifying the Electricity Information Sharing and Analysis Center (E-ISAC)

25 Evidence for Cyber Security Incident Response To identify and document the roles and responsibilities for Cyber Security Incident response by groups or individuals (e.g., initiating, documenting, monitoring, reporting, etc) For incident handling of a Cyber Security Incident (e.g., containment, eradication, or recovery/incident resolution)

26 Evidence for Cyber Security Incident Response For testing the plan(s) along with the dated documentation that a test has been completed at least once every 36 calendar months To update, as needed, the Cyber Security Incident Response plan(s) within 180 calendar days after completed of a test or actual Reportable Cyber Security Incident

27 Presentable Evidence

28 Presentable Evidence Network diagrams/one-line Diagrams/LEAP Configurations (High Level) Pictures and/or video(s) tours of the asset (facility) with Low Impact BES Cyber Systems Dial-up Connectivity Protections and Controls Document Compensating Control (if required) Users and/or Configuration Guides from Vendor(s) Letters or Directives from Vendor(s)

29 Security Resources InfraGard - Department of Homeland Security - Department of Energy (OE-417) - NERC E-ISAC - Center for Internet Security - Security Awareness - Physical Security -

30 32

31 LOW IMPACT Final Questions 33

Compliance: Evidence Requests for Low Impact Requirements

Compliance: Evidence Requests for Low Impact Requirements MIDWEST RELIABILITY ORGANIZATION Compliance: Evidence Requests for Low Impact Requirements Jess Syring, CIP Compliance Engineer MRO CIP Low Impact Workshop March 1, 2017 Improving RELIABILITY and mitigating

More information

CIP Cyber Security Security Management Controls. A. Introduction

CIP Cyber Security Security Management Controls. A. Introduction CIP-003-7 - Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-7 3. Purpose: To specify consistent and sustainable security

More information

CIP Cyber Security Security Management Controls

CIP Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-6 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and

More information

Standard Development Timeline

Standard Development Timeline CIP 003 7 Cyber Security Security Management Controls Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard

More information

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018. Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada

More information

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft

More information

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP V5 Updates Midwest Energy Association Electrical Operations Conference

CIP V5 Updates Midwest Energy Association Electrical Operations Conference CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version

More information

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES 002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

Low Impact Generation CIP Compliance. Ryan Walter

Low Impact Generation CIP Compliance. Ryan Walter Low Impact Generation CIP Compliance Ryan Walter Agenda Entity Overview NERC CIP Introduction CIP-002-5.1, Asset Classification What Should Already be Done CIP-003-7, Low Impact Requirements Tri-State

More information

NPCC Compliance Monitoring Team Classroom Session

NPCC Compliance Monitoring Team Classroom Session NPCC Compliance Monitoring Team Classroom Session John Muir - Director, Compliance Monitoring Jacqueline Jimenez - Senior Compliance Engineer David Cerasoli, CISSP - Manager, CIP Audits 5/14/2018 1 Compliance

More information

CYBER SECURITY POLICY REVISION: 12

CYBER SECURITY POLICY REVISION: 12 1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred

More information

Standard Development Timeline

Standard Development Timeline CIP-003-67(i) - Cyber Security Security Management Controls Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when

More information

SGAS Low Impact Atlanta, GA September 14, 2016

SGAS Low Impact Atlanta, GA September 14, 2016 SGAS Low Impact Atlanta, GA September 14, 2016 Lisa Wood, CISA, Security+, CBRA, CBRM Compliance Auditor Cyber Security Western Electricity Coordinating Council Slide 2 Agenda Low Impact Case Study Overview

More information

Standard CIP Cyber Security Physical Security

Standard CIP Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program

More information

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-1 3. Purpose: Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s)

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).

More information

Critical Cyber Asset Identification Security Management Controls

Critical Cyber Asset Identification Security Management Controls Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.

More information

Designing Secure Remote Access Solutions for Substations

Designing Secure Remote Access Solutions for Substations Designing Secure Remote Access Solutions for Substations John R Biasi MBA, CISA, CISSP October 19, 2017 Agenda Brief Biography Interactive Remote Access Dial-Up Access Examples Transient Devices Vendor

More information

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014 Critical Infrastructure Protection (CIP) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice

More information

Standard CIP-006-1a Cyber Security Physical Security

Standard CIP-006-1a Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1a 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program

More information

Alberta Reliability Standard Cyber Security Incident Reporting and Response Planning CIP-008-AB-5

Alberta Reliability Standard Cyber Security Incident Reporting and Response Planning CIP-008-AB-5 A. Introduction Consultation Draft April 5, 2016 1. Title: 2. Number: 3. Purpose: To mitigate the risk to the reliable operation of the bulk electric system as the result of a cyber security incident by

More information

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010 Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes

More information

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015 Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014-02 CIP Version 5 Revisions replaces

More information

Standard CIP Cyber Security Physical Security

Standard CIP Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security program

More information

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015 Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014 02 CIP Version 5 Revisions replaces

More information

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791. Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives Project 2014-02 - Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives Violation Risk Factor and Justifications The tables

More information

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure

More information

CIP Cyber Security Incident Reporting and Response Planning

CIP Cyber Security Incident Reporting and Response Planning Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Cyber Security Personnel & Training

CIP Cyber Security Personnel & Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric

More information

CIP Cyber Security Personnel & Training

CIP Cyber Security Personnel & Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-5.1 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals

More information

Project CIP Modifications. Webinar on Revisions in Response to LERC Directive August 16, 2016

Project CIP Modifications. Webinar on Revisions in Response to LERC Directive August 16, 2016 Project 2016-02 CIP Modifications Webinar on Revisions in Response to LERC Directive August 16, 2016 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice to obey the antitrust

More information

Violation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards

Violation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards Violation Risk Factor and Violation Severity Level Justifications Project 2016-02 Modifications to CIP Standards This document provides the standard drafting team s (SDT s) justification for assignment

More information

Standard CIP Cyber Security Incident Reporting and Response Planning

Standard CIP Cyber Security Incident Reporting and Response Planning A. Introduction 1. Title: Cyber Security Incident Reporting and Response Planning 2. Number: CIP-008-4 3. Purpose: Standard CIP-008-4 ensures the identification, classification, response, and reporting

More information

NERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System

NERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System Application description 04/2017 NERC CIP Compliance Matrix of RUGGEDCOM RUGGEDCOM https://support.industry.siemens.com/cs/ww/en/view/109747098 Warranty and Liability Warranty and Liability Note The Application

More information

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)

More information

Standard CIP-006-4c Cyber Security Physical Security

Standard CIP-006-4c Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security

More information

Standard CIP-006-3c Cyber Security Physical Security

Standard CIP-006-3c Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security

More information

Standard CIP 004 3a Cyber Security Personnel and Training

Standard CIP 004 3a Cyber Security Personnel and Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).

More information

Standard Development Timeline

Standard Development Timeline CIP-008-6 Incident Reporting and Response Planning Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard

More information

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-6 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan

More information

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)

More information

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)

More information

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-5 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan

More information

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS siemens.com/ruggedcom INTERACTIVE REMOTE ACCESS INTELLIGENT ELECTRONIC DEVICES Intelligent Electronic Devices (IEDs) Devices that can provide real-time

More information

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft

More information

Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1 Reliability Standard Audit Wksheet 1 CIP-004-6 Cyber Security Personnel & Training This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number: Compliance

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

DRAFT. Standard 1300 Cyber Security

DRAFT. Standard 1300 Cyber Security These definitions will be posted and balloted along with the standard, but will not be restated in the standard. Instead, they will be included in a separate glossary of terms relevant to all standards

More information

Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1 Reliability Standard Audit Worksheet 1 CIP-006-6 Cyber Security Physical Security of BES Cyber Systems This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:

More information

Cyber Security Incident Report

Cyber Security Incident Report Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New

More information

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements

More information

Alberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5

Alberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5 A. Introduction 1. Title: 2. Number: 3. Purpose: To manage electronic access to BES cyber systems by specifying a controlled electronic security perimeter in support of protecting BES cyber systems against

More information

CIP Cyber Security Electronic Security Perimeter(s)

CIP Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-5 3. Purpose: To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security

More information

Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1 Reliability Standard Audit Wksheet 1 CIP-008-5 Cyber Security Incident Repting and Response Planning This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number:

More information

Project Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA

Project Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA Project 2016-02 Modifications to CIP Standards Technical Conference April 19, 2016 Atlanta, GA Agenda Welcome Steven Noess NERC Antitrust Compliance Guidelines and Public Announcement* - Al McMeekin Logistics

More information

CIP 005 R2: Electronic Access Controls

CIP 005 R2: Electronic Access Controls CIP 005 R2: Electronic Access Controls Knowing who is in your network Steven Keller Senior Compliance Specialist CIP skeller.re@spp.org 501.688.1633 September 28, 2012 Objectives Improve your understanding

More information

Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1 Reliability Standard Audit Wksheet 1 CIP-005-6 Cyber Security Electronic Security Perimeter(s) This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number:

More information

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015 Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently

More information

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC Standard Requirement Requirement Text Measures ConsoleWorks

More information

CIP Cyber Security Physical Security of BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Security Standards for Electric Market Participants

Security Standards for Electric Market Participants Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system

More information

Loss of Control Center Functionality: EOP-008-1, CIP-008-3, CIP September 30, 2014

Loss of Control Center Functionality: EOP-008-1, CIP-008-3, CIP September 30, 2014 Loss of Control Center Functionality: EOP-008-1, CIP-008-3, CIP-009-3 September 30, 2014 James Williams Lead Compliance Specialist jwilliams.re@spp.org 501.614.3261 Jeremy Withers Senior Compliance Specialist

More information

Project Modifications to CIP Standards. Consideration of Comments Initial Comment Period

Project Modifications to CIP Standards. Consideration of Comments Initial Comment Period Project 2016-02 Modifications to CIP Standards Consideration of Comments Initial Comment Period October 21, 2016 Consideration of Comments Introduction The following are the ballots associated with this

More information

Standard CIP Cyber Security Security Management Controls

Standard CIP Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-4 3. Purpose: Standard CIP-003-4 requires that Responsible Entities have minimum security management controls in

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).

More information

CIP Version 5 Evidence Request User Guide

CIP Version 5 Evidence Request User Guide CIP Version 5 Evidence Request User Guide Version 1.0 December 15, 2015 NERC Report Title Report Date I Table of Contents Preface... iv Introduction... v Purpose... v Evidence Request Flow... v Sampling...

More information

CIP Cyber Security Physical Security of BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP-006-5 3. Purpose: To manage physical access to BES Cyber Systems by specifying a physical security plan in

More information

CIP Cyber Security Implementation

CIP Cyber Security Implementation CIP-003-6 Cyber Security Implementation Electronic Access Controls and Cyber Security Incident Response Joe Peterson, Substation Cyber Lead ALLETE/Minnesota Power MRO CIP Low Impact Workshop March 1, 2017

More information

CIP Cyber Security Systems Security Management

CIP Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-5 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in

More information

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015 Lesson Learned CIP Version 5 Transition Program CIP-002-5.1: Communications and Networking Cyber Assets Version: October 6, 2015 Authorized by the Standards Committee on October 29, 2015 for posting as

More information

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014 Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed

More information

Cyber Security Standards Drafting Team Update

Cyber Security Standards Drafting Team Update Cyber Security Standards Drafting Team Update Michael Assante, VP & Chief Security Officer North American Electric Reliability Corp. February 3, 2008 Overview About NERC Project Background Proposed Modifications

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra

CIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office

More information

CIP Substation Security Project Update

CIP Substation Security Project Update CIP Substation Security Project Update VELCO OPERATING COMMITTEE MAY 15, 2014 5/14/2014 1 CIP Substation Security Project Update 2013 Security Project Activities/Accomplishments NERC CIP - Version 5 Compliance

More information

Meeting Notes Project Modifications to CIP Standards Drafting Team June 28-30, 2016

Meeting Notes Project Modifications to CIP Standards Drafting Team June 28-30, 2016 Meeting Notes Project 2016-02 Modifications to CIP Standards Drafting Team June 28-30, 2016 Exelon Chicago, IL Administrative 1. Introductions / Chair s Remarks The meeting was brought to order by S. Crutchfield

More information

Standard CIP 007 3a Cyber Security Systems Security Management

Standard CIP 007 3a Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for

More information

CIP Cyber Security Configuration Management and Vulnerability Assessments

CIP Cyber Security Configuration Management and Vulnerability Assessments Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Configuration Change Management & Vulnerability Assessments

CIP Configuration Change Management & Vulnerability Assessments CIP-010-2 Configuration Change Management & Vulnerability Assessments FRCC Spring RE Workshop April 17-18, 2018 Objective Change Management to prevent unauthorized modifications to Bulk Electric Systems

More information

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC

More information

TOP for Transmission Operators

TOP for Transmission Operators Meeting Title Date TOP-001-4 for Transmission Operators Compliance Team Lead, Keith Smith Background Effective July 1, 2018 Replaces currently effective TOP-001-3 Modified to address reliability concerns

More information

Cyber Security Reliability Standards CIP V5 Transition Guidance:

Cyber Security Reliability Standards CIP V5 Transition Guidance: Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible

More information

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Do not use this form for submitting comments. Use the electronic form to submit

More information

A. Introduction. Page 1 of 22

A. Introduction. Page 1 of 22 The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

Implementation Plan for Version 5 CIP Cyber Security Standards

Implementation Plan for Version 5 CIP Cyber Security Standards Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 17, 2012 Note: On September 17, 2012, NERC was alerted that some references in the Initial Performance of Certain Periodic

More information

Compliance Exception and Self-Logging Report Q4 2014

Compliance Exception and Self-Logging Report Q4 2014 Agenda Item 5 Board of Trustees Compliance Committee Open Session February 11, 2015 Compliance Exception and Self-Logging Report Q4 2014 Action Information Introduction Beginning in November 2013, NERC

More information

Purpose. ERO Enterprise-Endorsed Implementation Guidance

Purpose. ERO Enterprise-Endorsed Implementation Guidance Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 Requirement R1: Impact Rating of Generation Resource Shared BES Cyber Systems Version: January 29, 2015 Authorized by the Standards Committee

More information

Standard CIP 007 4a Cyber Security Systems Security Management

Standard CIP 007 4a Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for

More information

Standard CIP Cyber Security Systems Security Management

Standard CIP Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-1 3. Purpose: Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing

More information

CIP V5 Implementation Study SMUD s Experience

CIP V5 Implementation Study SMUD s Experience CIP V5 Implementation Study SMUD s Experience Tim Kelley October 16, 2014 Powering forward. Together. SMUD Fast Facts General Information SMUD employs approximately 2,000 individuals Service area of 900

More information

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No. UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Foundation for Resilient Societies ) Docket No. AD17-9-000 COMMENTS OF THE NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION IN OPPOSITION

More information