Page 27 of 44
NERC Reliability Standard Audit Worksheet
Attachment 1, Section 3.1 For each asset containing a low impact BES Cyber System, verify that the Responsible Entity has implemented its plan to control electronic access. Attachment 1, Section 3.1 For each asset containing a low impact BES Cyber System, verify that the Responsible Entity has achieved the security objective of permitting only necessary inbound and outbound access to its low impact BES Cyber Systems. Attachment 1, Section 3.2 For each asset containing a low impact BES Cyber System, verify that the Responsible Entity has documented a plan to authenticate all Dial-up Connectivity, if any, that provides access to low impact BES Cyber System(s), per Cyber Asset capability. Attachment 1, Section 3.2 For each asset containing a low impact BES Cyber System, verify that the Responsible Entity has implemented the plan to authenticate Dial-up Connectivity. Attachment 1, Section 3.2 For each asset containing a low impact BES Cyber System, verify that the Responsible Entity has achieved the security objective of authenticating all Dial-up Connectivity, per Cyber Asset capability, where such connectivity permits access to its low impact BES Cyber Systems. Attachment 1, Section 4 For each asset containing a low impact BES Cyber System, verify that the Responsible Entity has documented one or more Cyber Security Incident response plan(s) that include: 1. Identification, classification, and response to Cyber Security Incidents; 2. Determination of whether an identified Cyber Security Incident is a Reportable Cyber Security Incident and subsequent notification to the Electricity Information Sharing and Analysis Center (E-ISAC), unless prohibited by law; 3. Identification of the roles and responsibilities for Cyber Security Incident response by groups or individuals; 4. Incident handling for Cyber Security Incidents; 5. Testing each Cyber Security Incident response plan at least once every 36 calendar months by: (1) responding to an actual Reportable Cyber Security Incident; (2) using a drill or tabletop exercise of a Reportable Cyber Security Incident; or (3) using an operational exercise of a Reportable Cyber Security Incident; and 6. Updating the Cyber Security Incident response plan(s), if needed, within 180 calendar days after completion of a Cyber Security Incident response plan(s) test or actual Reportable Cyber Security Incident. Attachment 1, Section 4 For each asset containing a low impact BES Cyber System, if the Responsible Entity responded to a Cyber Security Incident, verify the Responsible Entity implemented the Cyber Security Incident response plan. Attachment 1, Section 4.5 Verify the Responsible Entity tested each Cyber Security Incident response plan at least once every 36 calendar months by: (1) responding to an actual Reportable Cyber Security
NERC Reliability Standard Audit Worksheet Audit ID: Audit ID if available; or REG-NCRnnnnn-YYYYMMDD RSAW Version: RSAW_CIP-003-7_2019_v1 Revision Date: May 14, 2019 RSAW Template: RSAW2018R4.0 9
Made with FlippingBook - Online magazine maker