CIP-003-7 Supplemental Material
appropriate for its organization. Elements of a policy that extend beyond the scope of NERC’s cyber security Reliability Standards will not be considered candidates for potential violations although they will help demonstrate the organization’s internal culture of compliance and posture towards cyber security. For Part 1.1, the Responsible Entity may consider the following for each of the required topics in its one or more cyber security policies for medium and high impact BES Cyber Systems, if any: 1.1.1 Personnel and training (CIP-004) • Organization position on acceptable background investigations • Identification of possible disciplinary action for violating this policy • Account management 1.1.2 Electronic Security Perimeters (CIP-005) including Interactive Remote Access • Organization stance on use of wireless networks • Identification of acceptable authentication methods • Identification of trusted and untrusted resources • Monitoring and logging of ingress and egress at Electronic Access Points • Maintaining up-to-date anti-malware software before initiating Interactive Remote Access • Maintaining up-to-date patch levels for operating systems and applications used to initiate Interactive Remote Access • Disabling VPN “split-tunneling” or “dual-homed” workstations before initiating Interactive Remote Access • For vendors, contractors, or consultants: include language in contracts that requires adherence to the Responsible Entity’s Interactive Remote Access controls 1.1.3 Physical security of BES Cyber Systems (CIP-006) • Strategy for protecting Cyber Assets from unauthorized physical access
• Acceptable physical access control methods • Monitoring and logging of physical ingress
1.1.4 System security management (CIP-007) • Strategies for system hardening
• Acceptable methods of authentication and access control • Password policies including length, complexity, enforcement, prevention of brute force attempts • Monitoring and logging of BES Cyber Systems
Page 29 of 57
Made with FlippingBook - Online magazine maker