Page 38 of 44
NERC Reliability Standard Audit Worksheet
4.4 Incident handling for Cyber Security Incidents; 4.5 Testing the Cyber Security Incident response plan(s) at least once every 36 calendar months by: (1) responding to an actual Reportable Cyber Security Incident; (2) using a drill or tabletop exercise of a Reportable Cyber Security Incident; or (3) using an operational exercise of a Reportable Cyber Security Incident; and 4.6 Updating the Cyber Security Incident response plan(s), if needed, within 180 calendar days after completion of a Cyber Security Incident response plan(s) test or actual Reportable Cyber Security Incident. Section 5. Transient Cyber Asset and Removable Media Malicious Code Risk Mitigation: Each Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more plan(s) to achieve the objective of mitigating the risk of the introduction of malicious code to low impact BES Cyber Systems through the use of Transient Cyber Assets or Removable Media. The plan(s) shall include: 5.1 For Transient Cyber Asset(s) managed by the Responsible Entity, if any, the use of one or a combination of the following in an ongoing or on-demand manner (per Transient Cyber Asset capability): • Antivirus software, including manual or managed updates of signatures or patterns; • Application whitelisting; or • Other method(s) to mitigate the introduction of malicious code. 5.2 For Transient Cyber Asset(s) managed by a party other than the Responsible Entity, if any, the use of one or a combination of the following prior to connecting the Transient Cyber Asset to a low impact BES Cyber System (per Transient Cyber Asset capability): • Review of antivirus update level; • Review of antivirus update process used by the party; • Review of application whitelisting used by the party; • Review use of live operating system and software executable only from read-only media; • Review of system hardening used by the party; or • Other method(s) to mitigate the introduction of malicious code. 5.3 For Removable Media, the use of each of the following: 5.3.1 Method(s) to detect malicious code on Removable Media using a Cyber Asset other than a BES Cyber System; and 5.3.2 Mitigation of the threat of detected malicious code on the Removable Media prior to connecting Removable Media to a low impact BES Cyber System.
NERC Reliability Standard Audit Worksheet Audit ID: Audit ID if available; or REG-NCRnnnnn-YYYYMMDD RSAW Version: RSAW_CIP-003-7_2019_v1 Revision Date: May 14, 2019 RSAW Template: RSAW2018R4.0 20
Made with FlippingBook - Online magazine maker