CIP-003-7 - Cyber Security — Security Management Controls
Electricity Information Sharing and Analysis Center (E-ISAC), unless prohibited by law; Identification of the roles and responsibilities for Cyber Security Incident response by groups or individuals; 4.5 Testing the Cyber Security Incident response plan(s) at least once every 36 calendar months by: (1) responding to an actual Reportable Cyber Security Incident; (2) using a drill or tabletop exercise of a Reportable Cyber Security Incident; or (3) using an operational exercise of a Reportable Cyber Security Incident; and 4.6 Updating the Cyber Security Incident response plan(s), if needed, within 180 calendar days after completion of a Cyber Security Incident response plan(s) test or actual Reportable Cyber Security Incident. Section 5. Transient Cyber Asset and Removable Media Malicious Code Risk Mitigation: Each Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more plan(s) to achieve the objective of mitigating the risk of the introduction of malicious code to low impact BES Cyber Systems through the use of Transient Cyber Assets or Removable Media. The plan(s) shall include: 5.1 For Transient Cyber Asset(s) managed by the Responsible Entity, if any, the use of one or a combination of the following in an ongoing or on-demand manner (per Transient Cyber Asset capability): • Antivirus software, including manual or managed updates of signatures or patterns; • Application whitelisting; or • Other method(s) to mitigate the introduction of malicious code. 5.2 For Transient Cyber Asset(s) managed by a party other than the Responsible Entity, if any, the use of one or a combination of the following prior to connecting the Transient Cyber Asset to a low impact BES Cyber System (per 4.3 4.4 Incident handling for Cyber Security Incidents;
Transient Cyber Asset capability): • Review of antivirus update level;
• Review of antivirus update process used by the party; • Review of application whitelisting used by the party; • Review use of live operating system and software executable only from read-only media; • Review of system hardening used by the party; or • Other method(s) to mitigate the introduction of malicious code.
Page 23 of 57
Made with FlippingBook - Online magazine maker