Cyber Security Compliance Checklist

NERC CIP Cyber Security Compliance Checklist

NERC CIP Compliance Checklist

System Control Centers (SOC, TOC, DOC, Data Centers)

o  CIP 002 R1  Critical Asset Identification Method       

o  Critical Asset Identification

o  CIP 002 R2  Critical Asset Identification

o  Critical Asset Identification

o        CIP-002 R3 Critical Cyber Asset Identification

o        Critical Cyber Asset Identification Guideline

o        Critical Cyber Asset List

o  CIP 003 R1  Cyber Security Policy

o  Transmission Cyber Security Policy

o  CIP 003 R2  Leadership

o  Transmission Cyber Security Policy

o  CIP 003 R3  Exceptions

o  Transmission Cyber Security Policy

o        CIP-004 R2 Training (personnel understanding of responsibilities related to CCAs at System Control Centers)

o        Annual Cyber Security Training Program

o   Personnel: Assessment, Training, & Authorization

o   Training Program Process Model

o        Annual Review process of the Training Program

o        Training Attendance Records Database

o        CIP-004 R3 Personnel Risk Assessment

o        Personnel Risk Assessment Program Standard

o   rules for performing background checks

o   who, what, when, where

o   grandfather existing employees -yes

o   contractor process is primary focus – ask SOC

o        List of Personnel Checked (max 30 days after access granted)

o        CIP-004 R4 Access

o        Process for Granting and Revoking Access to Critical Cyber Assets (process model)

o  Approval (Managers)

o  Review & document gaps

o        List of Personnel with Access to Critical Cyber Asset at System Control Centers

o  How to produce list

o  How to maintain list

o  Review documentation

o        Standard - organization & documentation, including above processes

o        Final step: validate CCA list against processes

o        CIP-007 R1 Test Procedures

o  Transmission Cyber Security Policy

o        Security Test Plan

o   Standard - Security Test Procedure Guideline

o  A single Change Management Process (High-level)

o   High-level Security Control Verification Procedure

·         Nuclear documentation & gap analysis

o        Document testing

o   Test Results Log

o   Audit Trail

o        CIP-008 R1 Incident Response

o        Entergy’s Cyber Incident Response Plan (ES-ISAC & DOE 417 Reporting)

o  Validate OOR includes incident responses

o  Review modified CIRP and Gaps (all team members,)

Incident Response Standard

o        CIP-009 R1 Recovery Plan

o        SOC cut-over plan (under revision)

o        SOC “when to implement” plan (when available)

o        SOC disaster recovery plan (complete)

o        TOC recovery plan(s)

o        Host Connectivity Plan

o        Disaster Recovery Standard

o        CIP-009 R2 Recovery Exercises

o        Annual Recovery Plan Exercise (SOC test & manual)
NERC CIP CRITICAL CYBER ASSET CCA IDENTIFICATION PROCESS
SCADANET CYBER INCEDENT RESPONSE CYBER SECURITY STATUS REPORT
NERC CIP & FERC CRITICAL CYBER ASSET LIST CYBER SECURITY COMPLIANCE CHECKLIST
NERC CYBER SECURITY CYBER SECURITY PROPOSAL CRITICAL ASSET IDENTIFICATION METHODOLOGY