What CIP 011?
Background: Standard CIP-011 exists as part of a suite of CIP Standards related to cyber security, which require the initial identification and categorization of BES Cyber Systems and require a minimum level of organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems.
What are the CIP standards?
The CIP standards provide a cybersecurity framework to identify and secure critical assets that can impact the efficient and reliable supply of electricity of North America’s BES.
What are NERC CIP requirements?
The NERC CIP standards are the mandatory security standards that apply to entities that own or manage facilities that are part of the U.S. and Canadian electric power grid. They were initially approved by the Federal Energy Regulatory Commission (FERC) in 2008.
Who does CIP 013 apply to?
CIP-013-1 Compliance Challenges NERC CIP-013-1 only addresses high- and medium-risk BES cyber systems, and responsible entities must make strategic decisions regarding the scope of their activities in these areas.
What is considered BCSI?
BCSI means Bulk Electric System Cyber System Information in any form (whether printed or electronic) including data, files, and file attributes. BCSI is information about a BES Cyber System that could be used to gain unauthorized access or pose a security threat to the BES CyberSystem, as determined by PG&E.
What is BES Cyber system?
BES Cyber System has the definition given to it by NERC, and includes any installed software and electronic data, and communication networks that support, operate, or otherwise interact with the bulk electric system operations that are identified by Buyer or its Affiliate as a BES Cyber System.
Who must comply with NERC?
All bulk power system owners, operators, and users must comply with NERC-approved Reliability Standards. These entities are required to register with NERC through the appropriate Regional Entity.
What CIP 13?
The CIP-013-1 is an update to the Critical Infrastructure Protection (CIP) standard, which includes a set of regulatory requirements “to mitigate cyber security risks to the reliable operation of the Bulk Electric System (BES)”.
What CIP 002?
Standard CIP-002 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System.