Page 22 of 44
NERC Reliability Standard Audit Worksheet
R1 Supporting Evidence and Documentation
R1. Each Responsible Entity shall review and obtain CIP Senior Manager approval at least once every 15 calendar months for one or more documented cyber security policies that collectively address the following topics:
[Violation Risk Factor: Medium] [Time Horizon: Operations Planning] 1.1. For its high impact and medium impact BES Cyber Systems, if any: 1.1.1. Personnel and training (CIP-004); 1.1.2. Electronic Security Perimeters (CIP-005) including Interactive Remote Access; 1.1.3. Physical security of BES Cyber Systems (CIP-006); 1.1.4. System security management (CIP-007); 1.1.5. Incident reporting and response planning (CIP-008); 1.1.6. Recovery plans for BES Cyber Systems (CIP-009); 1.1.7. Configuration change management and vulnerability assessments (CIP-010); 1.1.8. Information protection (CIP-011); and 1.1.9. Declaring and responding to CIP Exceptional Circumstances. 1.2. For its assets identified in CIP-002 containing low impact BES Cyber Systems, if any: 1.2.1. Cyber security awareness; 1.2.2. Physical security controls; 1.2.3. Electronic access controls; 1.2.4. Cyber Security Incident response; 1.2.5. Transient Cyber Assets and Removable Media malicious code risk mitigation; and 1.2.6. Declaring and responding to CIP Exceptional Circumstances.
M1. Examples of evidence may include, but are not limited to, policy documents; revision history, records of review, or workflow evidence from a document management system that indicate review of each cyber security policy at least once every 15 calendar months; and documented approval by the CIP Senior Manager for each cyber security policy. Registered Entity Response (Required): Compliance Narrative: Provide a brief explanation, in your own words, of how you comply with this Requirement. References to supplied evidence, including links to the appropriate page, are recommended.
NERC Reliability Standard Audit Worksheet Audit ID: Audit ID if available; or REG-NCRnnnnn-YYYYMMDD RSAW Version: RSAW_CIP-003-7_2019_v1 Revision Date: May 14, 2019 RSAW Template: RSAW2018R4.0 4
Made with FlippingBook - Online magazine maker