Page 31 of 44
NERC Reliability Standard Audit Worksheet
CIP-003-7 Electronic Controls Implementation Study This section to be completed by the Compliance Enforcement Authority
For compliance engagements between January 1, 2020, and June 30, 2021, compliance monitoring teams shall capture the following information:
1. Describe the electronic access controls for low impact BES Cyber Systems the Responsible Entity has chosen to implement.
2. Describe the circumstances associated with the Responsible Entity’s implementation of electronic access controls for low impact BES Cyber Systems. This information may include aspects of the environment of the controls used, such as physical conditions, network topologies, how the need for access is determined and documented, or other items that are necessary to understand the effectiveness of the electronic controls. 3. In the professional judgement of the compliance monitoring team, do the electronic access controls adopted by the Responsible Entity for low impact BES Cyber Systems provide adequate security? If not, please describe how the security is inadequate and how an entity might approach improving this security.
4. Provide any additional information regarding electronic access to low impact BES Cyber Systems that may be relevant to this study.
5. In the professional judgement of the compliance monitoring team, are any changes necessary to the language of CIP-003-7 in order to improve the effectiveness of this Standard? If so, please describe the suggested changes.
Provide the above information to NERC in the manner prescribed by NERC.
NERC Reliability Standard Audit Worksheet Audit ID: Audit ID if available; or REG-NCRnnnnn-YYYYMMDD RSAW Version: RSAW_CIP-003-7_2019_v1 Revision Date: May 14, 2019 RSAW Template: RSAW2018R4.0 13
Made with FlippingBook - Online magazine maker