Page 19 of 44
Reliability Standard Audit Worksheet 1
CIP-003-7 – Cyber Security — Security Management Controls
This section to be completed by the Compliance Enforcement Authority.
Audit ID:
Audit ID if available; or REG-NCRnnnnn-YYYYMMDD
Registered Entity:
Registered name of entity being audited
NCR Number:
NCRnnnnn
Compliance Enforcement Authority: Compliance Assessment Date(s) 2 : Compliance Monitoring Method:
Region or NERC performing audit Month DD, YYYY, to Month DD, YYYY [On-site Audit | Off-site Audit | Spot Check]
Names of Auditors:
Supplied by CEA
Applicability of Requirements BA DP GO
GOP PA/PC
RC
RP
RSG
TO
TOP
TP
TSP
R1 R2 R3 R4
X X X X
* * * *
X X X X
X X X X
X X X X
X X X X
X X X
X * CIP-003-7 is only applicable to DPs that own certain UFLS, UVLS, RAS, protection systems, or cranking paths. See CIP-003-7 Section 4, Applicability, for details.
Legend: Text with blue background:
Fixed text – do not edit Text entry area with Green background: Entity-supplied information Text entry area with white background: Auditor-supplied information
1 NERC developed this Reliability Standard Audit Worksheet (RSAW) language in order to facilitate NERC’s and the Regional Entities’ assessment of a registered entity’s compliance with this Reliability Standard. The NERC RSAW language is written to specific versions of each NERC Reliability Standard. Entities using this RSAW should choose the version of the RSAW applicable to the Reliability Standard being assessed. While the information included in this RSAW provides some of the methodology that NERC has elected to use to assess compliance with the requirements of the Reliability Standard, this document should not be treated as a substitute for the Reliability Standard or viewed as additional Reliability Standard requirements. In all cases, the Regional Entity should rely on the language contained in the Reliability Standard itself, and not on the language contained in this RSAW, to determine compliance with the Reliability Standard. NERC’s Reliability Standards can be found on NERC’s website. Additionally, NERC Reliability Standards are updated frequently, and this RSAW may not necessarily be updated with the same frequency. Therefore, it is imperative that entities treat this RSAW as a reference document only, and not as a substitute or replacement for the Reliability Standard. It is the responsibility of the registered entity to verify its compliance with the latest approved version of the Reliability Standards, by the applicable governmental authority, relevant to its registration status. The RSAW may provide a non-exclusive list, for informational purposes only, of examples of the types of evidence a registered entity may produce or may be asked to produce to demonstrate compliance with the Reliability Standard. A registered entity’s adherence to the examples contained within this RSAW does not necessarily constitute compliance with the applicable Reliability Standard, and NERC and the Regional Entity using this RSAW reserve the right to request additional evidence from the registered entity that is not included in this RSAW. This RSAWmay include excerpts from FERC Orders and other regulatory references which are provided for ease of reference only, and this document does not necessarily include all applicable Order provisions. In the event of a discrepancy between FERC Orders, and the language included in this document, FERC Orders shall prevail.
2 Compliance Assessment Date(s): The date(s) the actual compliance assessment (on-site audit, off-site spot check, etc.) occurs.
Made with FlippingBook - Online magazine maker