Security

NERC CIP Low Impact Requirements — Electronic Access Controls, Proposed Modifications

by Michael C. Johnson July 22, 2016

As noted in my previous post on the Electronic Access Control, I indicated that the Standard Drafting Team (SDT) charged with working on the FERC-ordered Low Impact External Routable Connectivity (LERC) modifications was in the process of completing its initial revisions to be submitted for industry comment and balloting. This update summarizes the most important […]

Read the full article →

NERC CIP Low Impact Requirements — Physical Security Controls

by Michael C. Johnson July 14, 2016

In this seventh blog installment on NERC CIP Low Impact BES Cyber Systems (BCS) requirements, I’ll cover the physical security controls necessary for successfully implementing these BCS requirements. What’s Covered CIP-003-6, Requirement R2, Attachment 1, Section 2 — indicates that physical security must be applied to the BCS requirements and any Low Impact BCS Electronic […]

Read the full article →

NERC CIP Low Impact Requirements — Electronic Access Controls

by Michael C. Johnson July 7, 2016

In this sixth blog installment on successfully implementing the NERC CIP Low Impact BES Cyber Systems (BCS) requirements, I’ll cover the requirements for electronic access controls. What’s Required CIP-003-6, Requirement R2, Attachment 1, Section 2 — the Electronic Access Controls section of the CIP requirements — indicates that a facility, or BES asset, with Low […]

Read the full article →

NERC CIP Low Impact Requirements — Security Awareness & Incident Response

by Michael C. Johnson June 22, 2016

In this fifth blog installment on successfully implementing the NERC CIP Low Impact BES Cyber Systems (BCS) requirements, I’ll cover the two requirements that must be fully implemented by April 1, 2017. Cyber Security Awareness For Entities with an existing High/Medium Impact BCS CIP Program, use of that program’s Security Awareness processes will cover the […]

Read the full article →

NERC CIP Low Impact Requirements — Inventory or Not?

by Michael C. Johnson June 16, 2016

In this fourth blog installment on implementing NERC CIP Low Impact BES Cyber Systems (BCS) requirements, I’ll dive into the prerequisite Standard CIP-002-5.1 for determining if Low Impact BCS are present at a Bulk Energy System (BES) facility and if an inventory should be created. No List Required? CIP-002-5.1 Requirement R1, Part 1.3 and CIP-003-6 […]

Read the full article →

NERC CIP Low Impact Requirements — Policy, Plans, Processes, Procedures

by Michael C. Johnson June 8, 2016

In this third installment on successfully implementing the NERC CIP Low Impact BES Cyber Systems (BCS) requirements, I’ll cover the different administrative parts of the Standards: policies, plans, processes and procedures. Policy, Plans, Process and Procedures Definitions used by the Regional Entities for Policy, Plan, Process, and Procedure are included in Section 6, titled “Background,” […]

Read the full article →