1 / 11

NERC Cyber Security Standards Pre-Ballot Review

NERC Cyber Security Standards Pre-Ballot Review. Background. President’s Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action Cyber Security Standards 1200 Joint US-Canada Task Force Report on the August 2003 Blackout National Infrastructure Protection Plan.

edahl
Télécharger la présentation

NERC Cyber Security Standards Pre-Ballot Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NERC Cyber Security StandardsPre-Ballot Review

  2. Background • President’s Commission on Critical Infrastructure Protection • PDD-63 • SMD NOPR • NERC Urgent Action Cyber Security Standards 1200 • Joint US-Canada Task Force Report on the August 2003 Blackout • National Infrastructure Protection Plan

  3. General • Numerous comments received on Draft 3 • Comments focused on technical issues • Comments represented industry consensus

  4. General • Ensured that requirements are clear and concise. • Eliminated redundancy between the standards. • Ensured that levels of noncompliance correctly align with the requirements and are auditable. • Removed references to IAW/SOP

  5. Definitions • The definition of Critical Assets was changed to remove the references to “large quantities of customers” and “significant risk to public health and safety.” • The new definition is “Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System.”

  6. CIP-002Critical Cyber Asset Identification • List of Required Critical Assets in Requirement 1 was removed. • R1 divided into two requirements: “R1. Critical Asset Identification Method” and “R2. Critical Asset Identification.” (New R1 requires Responsible Entities to identify and document a risk-based assessment methodology that shall consider, at a minimum, certain assets as listed in the standard.) • R2 requires Responsible Entities to apply the risk-based assessment methodology required in R1 to identify their lists of Critical Assets.

  7. CIP-004Personnel and Training • The update period for Personnel Risk Assessment was extended to 7 years. The review period was changed to be consistent with the update period. • Personnel risk assessments and training no longer need to be completed prior to permitting authorized cyber or authorized unescorted physical access; rather, they must be conducted within 90 calendar days of personnel being granted such access.

  8. Other Changes of Significance • CIP-003 – Security Management Controls • Provision for emergency situations • Removed “test environment” from Change Management • CIP-005 – Electronic Security Perimeter(s) • Removed requirement for port scanning

  9. Implementation Plan for Standards • Implementation plan has been modified to recognize the time necessary to fully implement these standards. • New phase of compliance has been added to the tables. • Begin Work (BW) has been clarified to mean a Responsible Entity has developed and approved a plan to address the requirements of a standard, has begun to identify and plan for necessary resources, and has begun implementing the requirements.

  10. Ballot Process • Balloting opens Feb. 17th for ten days • Drafting Team will respond to any negative comments • If necessary, recirculation balloting will be conducted • Persons interested in voting must be registered to ballot pool by Feb. 17th

  11. And now it’s time for your questions and comments. Larry Bugh Chair, Cyber Security Standards Drafting Team 330.580.8017 larry.bugh@rfirst.org

More Related