Compliance: Evidence Requests for Low Impact Requirements

Similar documents
Low Impact BES Cyber Systems. Cyber Security Security Management Controls CIP Dave Kenney

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

CYBER SECURITY POLICY REVISION: 12

NPCC Compliance Monitoring Team Classroom Session

Standard Development Timeline

CIP Cyber Security Security Management Controls. A. Introduction

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

CIP Cyber Security Security Management Controls

Standard Development Timeline

Standard Development Timeline

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014

CIP Cyber Security Implementation

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives

Alberta Reliability Standard Cyber Security Incident Reporting and Response Planning CIP-008-AB-5

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard Development Timeline

Implementing Cyber-Security Standards

CIP V5 Updates Midwest Energy Association Electrical Operations Conference

Standard CIP Cyber Security Incident Reporting and Response Planning

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

NERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System

CIP Version 5 Evidence Request User Guide

Cyber Security Supply Chain Risk Management

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

Standard CIP-006-3c Cyber Security Physical Security

Violation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

Standard CIP-006-4c Cyber Security Physical Security

Standard CIP Cyber Security Physical Security

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Physical Security

CIP Cyber Security Incident Reporting and Response Planning

Critical Cyber Asset Identification Security Management Controls

Standard CIP-006-1a Cyber Security Physical Security

Low Impact Generation CIP Compliance. Ryan Walter

Reliability Standard Audit Worksheet 1

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

CIP Cyber Security Personnel & Training

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider

Project CIP Modifications. Webinar on Revisions in Response to LERC Directive August 16, 2016

Cyber Security Incident Report

Project Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.

SGAS Low Impact Atlanta, GA September 14, 2016

CIP Cyber Security Configuration Management and Vulnerability Assessments

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

CIP Cyber Security Personnel & Training

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

Standard Development Timeline

CIP Cyber Security Systems Security Management

CIP Cyber Security Recovery Plans for BES Cyber Systems

Standard CIP Cyber Security Security Management Controls

Implementation Plan for Version 5 CIP Cyber Security Standards

Loss of Control Center Functionality: EOP-008-1, CIP-008-3, CIP September 30, 2014

Cyber Security Standards Drafting Team Update

CIP Cyber Security Recovery Plans for BES Cyber Systems

Reliability Standard Audit Worksheet 1

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Standard Development Timeline

CIP Configuration Change Management & Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Critical Asset Identification Methodology. William E. McEvoy Northeast Utilities

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

Hang on it s going to be a wild ride

Standard CIP Cyber Security Critical Cyber As s et Identification

Reliability Standard Audit Worksheet 1

Grid Security & NERC

Breakfast. 7:00 a.m. 8:00 a.m.

Standard CIP Cyber Security Critical Cyber As s et Identification

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Lesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: September 8, 2015

Cyber Security Reliability Standards CIP V5 Transition Guidance:

Reliability Standard Audit Worksheet 1

Standard CIP Cyber Security Systems Security Management

Access Control and CIP 10/20/2011

Designing Secure Remote Access Solutions for Substations

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Better Practices to Provide Reasonable Assurance of Compliance with the CIP Standards, Part 2

Standard CIP 007 3a Cyber Security Systems Security Management

Standard Development Timeline

Philip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company. CSO706 SDT Webinar August 24, 2011

CIP Substation Security Project Update

CIP Cyber Security Electronic Security Perimeter(s)

Reliability Standard Audit Worksheet 1

Rich Powell Director, CIP Compliance JEA

Standards Authorization Request Form

Reliability Standard Audit Worksheet 1

Transcription:

MIDWEST RELIABILITY ORGANIZATION Compliance: Evidence Requests for Low Impact Requirements Jess Syring, CIP Compliance Engineer MRO CIP Low Impact Workshop March 1, 2017 Improving RELIABILITY and mitigating RISKS to the Bulk Power System

Topics Requirements for Low Impact BES Cyber Systems (LIBCS) Evidence Requests tied to LIBCS Potential change for CIP evidence requests 2

Requirements tied to LIBCS LIBCS Requirements and Enforcement Date CIP-002-5.1a R1 Part 1.3 currently enforceable CIP-002-5.1a R2 currently enforceable CIP-003-6 R1 Part 1.2 April 1, 2017 CIP-003-6 R2 April 1, 2017 (including plans for all sections within Attachment 1) Implementation for Attachment 1 Sections 1 and 4 April 1, 2017 Implementation for Attachment 1 Sections 2 and 3 September 1, 2018 3

BES Cyber System Categorization Evidence CIP-002-5.1a R1 Part 1.3 Documentation of the process for classifying the LIBCS A list of any asset(s) that contain a LIBCS CIP-002-5.1a R2 Documentation that a review has taken place for CIP-002-5.1a R1 Part 1.3 at least once every 15 calendar months Documentation that the CIP Senior Manager or delegate approves the identifications at least once every 15 calendar months Date(s) of when the review(s) take place for both of the above are important in reviewing this information Evidence showing that the review happened needs to be provided even if no asset containing a LIBCS is identified 4

Cyber Security Policies CIP-003-6 R1 Part 1.2 Documentation that a review and approval has taken place for CIP-003-6 documented cyber security policies for LIBCS at least once every 15 calendar months by the CIP Senior Manager Date(s) of when the review(s) and approval(s) take place are important in reviewing this information Documentation will be requested showing that the cyber security policy for asset(s) containing LIBCS includes the following: Cyber security awareness Physical security controls Electronic access controls for Low Impact External Routable Connectivity (LERC) Electronic access controls for Low Impact Dial-up Connectivity Cyber Security Incident response 5

Cyber Security Plans CIP-003-6 R2 Documentation of the cyber security plan(s) for LIBCS Ensure this addresses all sections of Attachment 1 of the requirement A list of the assets that contain a LIBCS, if applicable A list of LIBCS for asset(s) that require LIBCS to be listed explicitly, if applicable For Attachment 1, Section 1 documentation will be requested of the cyber security practice materials provided to personnel who have access to assets containing LIBCS Dates of when the material was provided will be requested as well 6

Physical Security Controls CIP-003-6 R2 Attachment 1, Section 2 Evidence will be requested of the implemented physical security control(s) for LIBCS Sampling will be performed on the asset(s) containing LIBCS and on explicitly listed LIBCS Based on the sample selection, evidence will be requested showing the physical security controls that were implemented to control physical access based on need to: The asset or the location(s) of the LIBCS within the asset; and The LIBCS Electronic Access Points (LEAPs), if any Reminder: The implementation date for this section is September 1, 2018 7

Electronic Access Controls CIP-003-6 R2 Attachment 1, Section 3 Evidence will be requested of the implemented electronic access control(s) for LIBCS Sampling will be performed on the asset(s) and on explicitly listed LIBCS that have Low Impact External Routable Connectivity Evidence will be requested showing the following: Description or diagram of the specific implementation of a LEAP for this asset The inbound and outbound access permissions for each LEAP that controls LERC at this asset, per Cyber Asset capability Documentation that the enabled inbound and outbound permissions are necessary 8

Electronic Access Controls CIP-003-6 R2 Attachment 1, Section 3 (continued) Sampling will be performed on the asset(s) and on explicitly listed LIBCS that have Dialup Connectivity Evidence will be requested showing the following: Description or diagram of the specific implementation of Dial-up Connectivity for the asset For each BES Cyber Asset with Dial-up Connectivity: Documentation that authentication of Dial-up Connectivity has been implemented; or Documentation of the incapability of the BES Cyber Asset to perform authentication Reminder: The implementation date for this section is September 1, 2018 9

Incident Response Plans CIP-003-6 R2 Attachment 1, Section 4 Documentation will be requested of all Cyber Security Incident response plan(s) for LIBCS that include the following: Identification, classification, and response to Cyber Security Incidents Determination of whether an identified Cyber Security Incident is a Reportable Cyber Security Incident and subsequent notification to the Electricity Sector Information Sharing and Analysis Center (E-ISAC), unless prohibited by law Identification of the roles and responsibilities for Cyber Security Incident response by groups or individuals Incident handling for Cyber Security Incidents Testing the Cyber Security Incident response plan(s) at least once every 36 calendar months by: Responding to an actual Reportable Cyber Security Incident Using a drill or tabletop exercise of a Reportable Cyber Security Incident Using an operational exercise of a Reportable Cyber Security Incident 10

Incident Response Plans CIP-003-6 R2 Attachment 1, Section 4 (continued) Evidence requested showing each test or activation of the incident response plan Evidence will be requested that the Cyber Security Incident response plan(s) were reviewed and/or updated within 180 calendar days of the activation or test of the response plan. Evidence is still needed if no changes were determined to be needed after the test or activation of the plan(s) Dates are important for all evidence requested above 11

Potential change for CIP evidence requests MRO is considering using the NERC evidence request worksheet instead of the current MRO RFI spreadsheet The NERC Evidence Request spreadsheet and User Guide can be found on the NERC website in the CIP V5 Transition Program page RSAWs will still be submitted as part of the audit notification and response The NERC evidence request does have tabs for supplying information to be used for sampling purposes MRO will provide notice and a transition period before implementing the NERC evidence request worksheet 12

Questions? 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback