CIP-003-7 Supplemental Material
Reference Model 6 – Indirect Access In implementing its electronic access controls, the Responsible Entity may identify that it has indirect access between the low impact BES Cyber System and a Cyber Asset outside the asset containing the low impact BES Cyber System through a non-BES Cyber Asset located within the asset. This indirect access meets the criteria of having communication between the low impact BES Cyber System and a Cyber Asset outside the asset containing the low impact BES Cyber System. In this reference model, it is intended that the Responsible Entity implement electronic access controls that permit only necessary inbound and outbound electronic access to the low impact BES Cyber System. Consistent with the other reference models provided, the electronic access in this reference model is controlled using the security device that is restricting the communication that is entering or leaving the asset.
Routable communications entering or leaving the asset containing low impact BES Cyber System(s)
Routable Protocol
DMZ
Firewall, Router Access Control List, Gateway or Other Security Device (Cyber Asset(s) performing electronic access controls)
Network
Non-BES Cyber Asset
Low impact BES Cyber System
Asset containing low impact BES Cyber System(s)
Communication between a low impact BES Cyber System and a Cyber Asset outside the asset
Routable Protocol
Non-routable Protocol
Reference Model 6
Page 41 of 57
Made with FlippingBook - Online magazine maker