CIP-003-7 - Cyber Security — Security Management Controls
Violation Severity Levels (CIP-003-7)
Time Horizon
R #
VRF
Lower VSL
Moderate VSL
High VSL
Severe VSL
Attachment 1, Section 5.3. (R2)
R3
Operations Planning
Medium The Responsible
The Responsible Entity has identified by name a CIP Senior Manager, but did not document changes to the CIP Senior Manager within 40 calendar days but did document this change in less than 50 calendar days of the change. (R3)
The Responsible Entity has identified by name a CIP Senior Manager, but
The Responsible Entity has not identified, by name, a CIP Senior Manager. OR The Responsible Entity has identified by name a CIP Senior Manager, but did not document changes to the CIP Senior Manager within 60 calendar days of the change. (R3) The Responsible Entity has used delegated authority for actions where allowed by the CIP Standards, but does not have a process
Entity has identified by name a CIP Senior Manager, but did not document changes to the CIP Senior Manager within 30 calendar days but did document this change in less than 40 calendar days of the change. (R3)
did not document changes to the CIP
Senior Manager within 50 calendar days but did document this change in less than 60 calendar days of the change. (R3)
R4
Operations Planning
Lower
The Responsible Entity has identified a delegate by name, title, date of delegation, and specific actions delegated, but did
The Responsible Entity has identified a delegate by name, title, date of delegation, and specific actions delegated, but did
The Responsible Entity has identified a delegate by name, title, date of delegation, and specific actions delegated, but did not document changes to the delegate
Page 18 of 57
Made with FlippingBook - Online magazine maker