Other

NERC CIP v7 Standards and Requirements

0 purchase

Course
NERC CIP v7 Standards and Requirements

Institution
NERC CIP V7 Standards And Requirements

NERC CIP v7 Standards and Requirements-CIP-002-5.1 - BES Cyber System Categorization CIP-002 R1 - Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: Control Centers and backup Control Centers, Transmission stations...

[Show more]

Last document update: 1 month ago

Preview 3 out of 26 pages

View example

Uploaded on February 24, 2023
File latest updated on January 14, 2025
Number of pages 26
Written in 2024/2025
Type Other
Person Unknown

nerc cip v7 standards and requirements

Institution NERC CIP v7 Standards and Requirements
Course NERC CIP v7 Standards and Requirements

ProfMiaKennedy Member since 4 year 1788 documents sold

172

$11.04

Also available in package deal from $35.04

Add to cart

Add to wishlist

100% satisfaction guarantee
Immediately available after payment
Both online and in PDF
No strings attached

Also available in package deal (1)

NERC BUNDLED EXAMS QUESTIONS WITH 100% CORRECT & VERIFIED ANSWERS, LATEST UPDATE (INCLUDING STUDY GUIDES)

$ 97.62 $ 35.04

9x sold

8 items

1. Exam (elaborations) - Sos nerc prep - reliability exam questions & answers
2. Exam (elaborations) - Nerc exam questions with 100% correct and verified answers
3. Exam (elaborations) - Nerc prep - bal, int, & trans exam questions and answers
4. Other - Nerc cip v7 standards and requirements
5. Exam (elaborations) - Nerc rc exam questions and answers with complete verified solutions, a+ guide
6. Exam (elaborations) - Nerc prep test 101 exam questions and answers
7. Exam (elaborations) - Nerc transmission practice test, exam q&as, a+ guide
8. Exam (elaborations) - Nerc practice test, exam questions & answers
Show more

NERC CIP v7 Standards and Requirements
CIP-002-5.1 - BES Cyber System Categorization

CIP-002 R1 - Each Responsible Entity shall implement a process that considers
each of the following assets for purposes of parts 1.1 through 1.3: Control Centers
and backup Control Centers, Transmission stations and substations, Generation
resources, Systems and facilities critical to system restoration, including Blackstart
Resources and Cranking Paths and initial switching requirements, Special
Protection Systems that support the reliable operation of the Bulk Electric System;
and For Distribution Providers

CIP-002 R1.1 - Identify each of the high impact BES Cyber Systems according to
Attachment 1, Section 1, if any, at each asset;

CIP-002 R1.2 - Identify each of the medium impact BES Cyber Systems according
to Attachment 1, Section 2, if any, at each asset;

CIP-002 R1.3 - Identify each asset that contains a low impact BES Cyber System
according to Attachment 1, Section 3, if any (a discrete list of low impact BES
Cyber Systems is not required).

CIP-002 R2.1 - Review the identifications in Requirement R1 and its parts (and
update them if there are changes identified) at least once every 15 calendar months,
even if it has no identified items in Requirement R1,

CIP-002 R2.2 - Have its CIP Senior Manager or delegate approve the
identifications required by Requirement R1 at least once every 15 calendar months,
even if it has no identified items in Requirement R1.

CIP-003-7 - Security Management Controls

CIP-003 R1 - Each Responsible Entity shall review and obtain CIP Senior
Manager approval at least once every 15 calendar months for one or more
documented cyber security policies that collectively address the following topics:

,CIP-003 R2 - Each Responsible Entity with at least one asset identified in CIP-002
containing low impact BES Cyber Systems shall implement one or more
documented cyber security plan(s) for its low impact BES Cyber Systems that
include the sections in Attachment 1.

CIP-003 R3 - Each Responsible Entity shall identify a CIP Senior Manager by
name and document any change within 30 calendar days of the change.

CIP-003 R4 - The Responsible Entity shall implement a documented process to
delegate authority, unless no delegations are used. Where allowed by the CIP
Standards, the CIP Senior Manager may delegate authority for specific actions to a
delegate or delegates. These delegations shall be documented, including the name
or title of the delegate, the specific actions delegated, and the date of the
delegation; approved by the CIP Senior Manager; and updated within 30 days of
any change to the delegation. Delegation changes do not need to be reinstated with
a change to the delegator.

CIP-003 Attachment 1 Section 2 - Lows Physical Security Controls: Each
Responsible Entity shall control physical access, based on need as determined by
the Responsible Entity, to (1) the asset or the locations of the low impact BES
Cyber Systems within the asset, and (2) the Cyber Asset(s), as specified by the
Responsible Entity, that provide electronic access control(s) implemented for
Section 3.1, if any.

CIP-003 Attachment 1 Section 3 - Lows Electronic Access Controls: For each
asset containing low impact BES Cyber System(s) identified pursuant to CIP-002,
the Responsible Entity shall implement electronic access controls to:
3.1 Permit only necessary inbound and outbound electronic access as determined
by the Responsible Entity for any communications that are:
between a low impact BES Cyber System(s) and a Cyber Asset(s) outside the asset
containing low impact BES Cyber System(s); using a routable protocol when
entering or leaving the asset containing the low impact BES Cyber System(s); and
not used for time-sensitive protection or control functions between intelligent
electronic devices (e.g., communications using protocol IEC TR- 61850-90-5 R-
GOOSE).

, 3.2 Authenticate all Dial-up Connectivity, if any, that provides access to low
impact BES Cyber System(s), per Cyber Asset capability.

CIP-003 Attachment 1 Section 1 - Lows Cyber Security Awareness: Each
Responsible Entity shall reinforce, at least once every 15 calendar months, cyber
security practices (which may include associated physical security practices).

CIP-003 Attachment 1 Section 4 - Lows Cyber Security Incident Response: Each
Responsible Entity shall have one or more Cyber Security Incident response
plan(s), either by asset or group of assets, which shall include:
4.1 Identification, classification, and response to Cyber Security Incidents;
4.2 Determination of whether an identified Cyber Security Incident is a Reportable
Cyber Security Incident and subsequent notification to the Electricity Sector
Information Sharing and Analysis Center (ES-ISAC), unless prohibited by law;
4.3 Identification of the roles and responsibilities for Cyber Security Incident
response by groups or individuals;
4.4 Incident handling for Cyber Security Incidents;
4.5 Testing the Cyber Security Incident response plan(s) at least once every 36
calendar months by: (1) responding to an actual Reportable Cyber Security
Incident; (2) using a drill or tabletop exercise of a Reportable Cyber Security
Incident; or (3) using an operational exercise of a Reportable Cyber Security
Incident; and
4.6 Updating the Cyber Security Incident response plan(s), if needed, within 180
calendar days after completion of a Cyber Security Incident response plan(s) test or
actual Reportable Cyber Security Incident.

CIP-003 Attachment 1 Section 5 - Lows Transient Cyber Asset and Removable
Media Malicious Code Risk Mitigation: Each Responsible Entity shall implement,
except under CIP Exceptional Circumstances, one or more plan(s) to achieve the
objective of mitigating the risk of the introduction of malicious code to low impact
BES Cyber Systems through the use of Transient Cyber Assets or Removable
Media. The plan(s) shall include:
5.1 For Transient Cyber Asset(s) managed by the Responsible Entity, if any, the
use of one or a combination of the following in an ongoing or on-demand manner
(per Transient Cyber Asset capability):

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ProfMiaKennedy. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $11.04. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

69252 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 15 years now

Start selling

Other

NERC CIP v7 Standards and Requirements

Document information

Subjects

Written for

Seller

Reviews received

Content preview