draft cip standards version 5 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Draft CIP Standards Version 5 PowerPoint Presentation
Download Presentation
Draft CIP Standards Version 5

Loading in 2 Seconds...

play fullscreen
1 / 21

Draft CIP Standards Version 5 - PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on

Draft CIP Standards Version 5. Project 2008-06 Cyber Security Order 706 January 10, 2012. Most of the material presented has been compiled from NERC webinars and drafting team meetings. January 6 Official Ballot Results. Next Steps.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Draft CIP Standards Version 5' - yardley-pittman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
draft cip standards version 5

Draft CIP Standards Version 5

Project 2008-06 Cyber Security Order 706 January 10, 2012

Most of the material presented has been compiled from NERC webinars and drafting team meetings

next steps
Next Steps
  • The drafting team will consider all comments and determine what changes to make to each of the standards, the implementation plan, and the definitions. 
  • After the drafting team has revised the standards, they will be submitted, along with the team’s Consideration of Comments, for quality review and subsequently posted for a successive ballot.
definitions retired and replaced
DefinitionsRetired and Replaced
  • Critical assets
    • Replaced by CIP-002 Attachment 1 and BES Reliability Operating Services definition
  • Critical cyber assets
    • Replaced by BES Cyber Asset and BES Cyber System
  • Physical security perimeter
    • Replaced by Defined Physical Boundary
    • No more “six-wall” specification
definitions core applicable assets
DefinitionsCore Applicable Assets
  • Cyber Assets Programmable electronic devices including the hardware, software, and data in those devices
  • BES Cyber Asset A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its operation, mis-operation, or non-operation, when required, adversely impact one or more BES Reliability Operating Services
  • BES Cyber System One or more BES Cyber Assets that are typically grouped together, logically or physically, to operate one or more BES Reliability Operating Services
    • Largely replaces Critical Cyber Asset
    • Provides an opportunity for controls to be applied at a system level
levels of impact
Levels of Impact
  • High Impact
    • Large Control Centers
    • CIP-003 through 009+
  • Medium Impact
    • Generation and Transmission
    • Other Control Centers
    • Similar to CIP-003 to 009 v4
  • All other BES Cyber Systems
    • Security Policy
    • Security Awareness
    • Incident Response
    • Boundary Protection
cip 002 5 summary of modifications
CIP-002-5 Summary of Modifications
  • Categorized list of High and Medium Impact
    • Attachment 1 criteria
  • Other BES Cyber Systems deemed to be Low Impact by default
  • Update required lists for significant changes to BES that affect High/Medium categorization
  • Senior manager or delegate annual review and approval
cip 003 5 summary of modifications
CIP-003-5 Summary of Modifications
  • CIP-003-5 was reorganized to only include elements of policy and cyber security program governance.
    • Elements that addressed Change Control and Configuration Management were moved to CIP-010-5
    • Elements that address Information Protection were moved to CIP-011-5
cip 004 5 summary of modifications 1 2
CIP-004-5 Summary of Modifications (1/2)
  • Training
    • Addition of visitor control program
    • Reorganization of requirements into the respective requirements for “program” and “implementation” of the training.
  • Personnel Risk Assessment
    • Changed to only initial identity verification
    • Now includes documenting the processes used to determine when to deny access
    • Reorganization of requirements into the respective requirements for “program” and “implementation”
cip 004 5 summary of modifications 2 2
CIP-004-5 Summary of Modifications (2/2)
  • Authorization
    • Consolidated authorization and review requirements from CIP-003-4, CIP-004-4, CIP-006-4 and CIP-007-4
    • Allow quarterly and annual reviews to find and fix problems rather than self-report everything as a violation
  • Revocation
    • Remove ability to access BES Cyber System when access no longer needed
cip 005 5 summary of modifications
CIP-005-5 Summary of Modifications
  • Define ‘External Connectivity’ for scope modification
  • Focus on ‘Electronic Access Points’ vs. ESP
  • Require IDS at Control Centers
  • Add clarity to ‘secure’ dialups
  • Consolidated Monitoring and Vulnerability Assessment Requirements in CIP-007 and CIP-011 respectively
  • Removed Appropriate Use Banner
  • Incorporated CIP-005-4 Urgent Action revisions
cip 006 5 summary of modifications
CIP-006-5 Summary of Modifications
  • Physical Security Program
    • Must define the operational or procedural controls to restrict physical access
    • Removed current “6 wall” wording to instead require Defined Physical Boundary
    • For High Impact, added the need to utilize two or more different and complementary physical access controls to restrict physical access
    • Testing changed to a 24 month cycle with ongoing discussions of different cycles based on environment.
cip 007 5 summary of modifications 1 2
CIP-007-5 Summary of Modifications (1/2)
  • Addition of physical I/O port requirement
  • Security Patch management source requirement
  • Non-prescriptive malware requirement
  • Security Event Monitoring failure handling
  • Bi-weekly log summary/sampling reviews
cip 007 5 summary of modifications 2 2
CIP-007-5 Summary of Modifications (2/2)
  • Simplified access-control requirements, removed TFE language while strengthening password requirements
  • Added requirement for maintenance devices
  • Consolidated vulnerability assessment in CIP-010-5
  • Disposal requirement moved to CIP-011-5
cip 008 5 summary of modifications
CIP-008-5 Summary of Modifications
  • Defined Reportable Cyber Security Incident for clearer
  • Working to harmonize with EOP-004-2
  • Includes additional specification on update and lessons learned associated with the response plan.
cip 009 5 summary of modifications
CIP-009-5 Summary of Modifications
  • Added requirement to implement the response plan.
  • Verification of backup media information prior to storage
  • Preservation of data for analysis
cip 010 5 summary of modifications
CIP-010-5 Summary of Modifications
  • Consolidates all references to Configuration Change Management and Vulnerability Assessments.
    • Previously these requirements were dispersed throughout CIP-003-4, CIP-005-4, and CIP-007-4
cip 011 5 summary of modifications
CIP-011-5 Summary of Modifications
  • Consolidates all references to Information Protection and Media Sanitization.
    • Previously these requirements were dispersed throughout CIP-003-4 and CIP-007-4
  • Requirements for authorization and revocation of access to BES Cyber System Information moved to CIP-004-5.
  • Shifts the focus of the requirements for media sanitization from the Cyber Asset to the information itself.
proposed effective date for version 5
Proposed Effective Date for Version 5
  • 18 Months Minimum – The standards shall become effective on the later of January 1, 2015, or the first calendar day of the seventh calendar quarter after the date of the order providing applicable regulatory approval. Notwithstanding any order to the contrary, CIP-002-4 through CIP-009-4 do not become effective, and CIP-002-3 through CIP-009-3 remain in effect and are not retired until the effective date of the Version 5 CIP Cyber Security Standards under this implementation plan.
  • In jurisdictions where CIP-002-4 through CIP-009-4 have not yet become effective according to their implementation plan (even if approved by order), this implementation plan and the Version 5 CIP Cyber Security Standards supersede and replace the implementation plan and standards for CIP-002-4 through CIP-009-4.