Brent castagnetto manager cyber security audits investigations team
Download
1 / 16

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team - PowerPoint PPT Presentation


  • 66 Views
  • Uploaded on

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team. CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City , UT May 14-15, 2014. Revision History . Agenda . The makeup of CIP v5 Key dates Timeline and date matrix V5 Transition Pilot review and next steps.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Brent Castagnetto Manager, Cyber Security Audits & Investigations Team' - ginny


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Brent castagnetto manager cyber security audits investigations team

Brent CastagnettoManager, Cyber Security Audits & Investigations Team

CIP v5 Implementation Guidance

CIP v5 Roadshow Salt Lake City, UT

May 14-15, 2014



Agenda
Agenda

  • The makeup of CIP v5

  • Key dates

  • Timeline and date matrix

  • V5 Transition Pilot review and next steps


New modified cip terms
New / Modified CIP Terms

  • BES Cyber Asset (BCA)

  • Protected Cyber Asset (PCA)

  • BES Cyber System (BCS)

  • BES Cyber System Information

  • CIP Exceptional Circumstance

  • Impact Rating Criteria (IRC)




Decrypting cip v51
Decrypting CIP v5

  • V5 Format

    • Background section before requirements

    • Requirement and Measurement next to each other

    • Rationale and guidance developed in parallel with Requirements

    • Two posting formats – one with guidance/rationale text boxes inline; other with guidance and rational text grouped at end

    • Still must audit only to the requirement

    • Guidelines and Technical Basis section at end


Key dates
Key Dates

  • V5 Approval Date November 21, 2013

  • V5 Effective Date February 3, 2014

  • V5 Initial Compliance Date April 1, 2016

    • Keep in mind the CIP v5 Implementation Plan dates (pages 2-3)


Implementation for newly identified cyber assets
Implementation For Newly Identified Cyber Assets

  • During the remainder of the transition period, newly identified assets applicable to the Version 3 based on the “Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities” may migrate directly to Version 5 applicable standards and requirements.

    • The Registered Entity must follow the timeline established for V3 for assets coming into compliance before V5 effective dates

    • In the event of newly acquired companies or mergers, the Registered Entity shall coordinate with their Region to clarify anticipated compliance dates and expectations during the transition.

  • Entities notified by Registered 3rd parties (such as TP, RC, PA) resulting in High or Medium BES Cyber Assets during the transition period have 12-24 months from the time of notification to bring the assets into compliance. The V5 Implementation Plan’s Scenario for Unplanned Changes should be referenced to determine if the notified entity will be on the 12 month or 24 month implementation window.


V5 implementation for periodic requirements
V5 Implementation for Periodic Requirements

  • Initial Performance of Certain Periodic Requirements

    • Specific Version 5 CIP Cyber Security Standards have periodic requirements that contain time parameters for subsequent and recurring iterations of the requirement, such as, but not limited to,“. . . at least once every 15 calendar months . . .”, and responsible entities shall comply initially with those periodic requirements as follows:






References
References

  • V5 Implementation Plan

    • http://www.nerc.com/pa/comp/Resources/ResourcesDL/Cyber%20Security%20Standards%20Transition%20Guidance%20%28Revised%29.pdf

  • NERC CIPC Presentation on Transition Guidance

    • http://www.nerc.com/pa/CI/CIPOutreach/CIP%20Training/CIP%20Technical%20Workshop.pdf


Brent castagnetto manager cyber security audits investigations team

Brent Castagnetto CBRM, CBRA, MABRManager, Cyber Security Audits & Investigations

O: 801.819.7627M: 801.597.7957bcastagnetto@wecc.biz

Questions?