|
Accomplishments
(Since Last Status
Report)
- Functional Area Breakdown CIPs
002-009
- Electronic Room for Cyber
Security Project
- Gap Analyses
- CIP-008 to Cyber
Incident Response Plan
- Cyber Security Policy to CIP
Leadership Requirements
- CIP to NIST 800-53
- Reviews of Existing Related
Documents
- Cyber Incident Response
Program (CIRT)
- Major Event Process
- Security Awareness Training
Program
- DHS Security Awareness
Training Program
- Microsoft Security Awareness
Training Package
- Electronic Room and Website
functionality
- Procedure Lifecycle process
- Transmission Standards Writing
Guide
- PGP vs. GPG initial research
- Summary of Process Modeling
Requirements
- Information Program Elements
- CIP Requirement to Process
Matrix
- CIP Access Requirements Summary
- List Update Requirement Matrix
- Process Update Requirement
Matrix
- Periodic Review Requirement
Matrix
- Process Modeling
- Identify Transmission Critical
Cyber Assets
- CIP 002, R2, R3, and R4
- CIP 005
- Change
Control and Configuration Management
- CIP 003
R6 and CIP 009 R3
- Allocate Access to CCA & Information
- Perform Required Review of
Lists
- CIP 002, R2, R3, R4
- CIP 003 R5.1, R5.1.2, R5.2
- CIP 004 R4, R4.1
- CIP 004 R4.1, CIP 005 R2.5.3,
- Required Review of Processes
- CIP 003 R5.3
- CIP 004, R4.2, R2.5.1
- Protect Critical Cyber Assets
In
Progress
- Gap Analysis: Security
Awareness Website Training Program to CIP 004, R1
- Personnel Risk Assessment Program
[need existing from HR]
- Re-engineer audit templates to
meet Transmission Standards guidelines
- Review IT Security: Ensuring
Appropriate Risk Management
- Process Modeling across all
CIPs
New
Tasks
o Gap analysis: Existing Information
Protection Program and CIP 003 R4 requirements for Information Protection
Program, pending meet
o List Update Requirements Matrix – all CIPs
o Process Update Review Matrix – all CIPs
o Periodic Review, Assessment, Approval
Requirements Matrix – all CIPs
o New templates (ongoing as needed)
- CIP 003 R5.1.1 Designated
Personnel List
|