CIP-003-7 - Cyber Security — Security Management Controls
Violation Severity Levels (CIP-003-7)
Time Horizon
R #
VRF
Lower VSL
Moderate VSL
High VSL
Severe VSL
months but did complete this review in less than or equal
months but did complete this review in less than or equal to 17 calendar months of the previous review. (R1.2) OR The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by Requirement R1 by the CIP Senior Manager within 16 calendar months but did complete this approval in less than or equal to 17
assets identified in CIP- 002 containing low impact BES Cyber Systems as required by Requirement R1 by the CIP Senior Manager within 17 calendar months but did complete this approval in less than or equal to 18 calendar months of the previous approval. (R1.2)
The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by Requirement R1 by the CIP Senior Manager within 18 calendar months of the previous approval. (R1.2)
to 16 calendar months of the previous review. (R1.2) OR The Responsible Entity did not complete its
approval of the one or more documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by Requirement R1 by the CIP Senior Manager within 15 calendar months but did complete this approval in less than or equal to 16 calendar months of
Page 11 of 57
Made with FlippingBook - Online magazine maker