NERC CIP-002 through CIP-014 Revision 6_CIP-009-6 3.1

Lionfish Cyber Security | June 1st 2022 |

NERC CIP-002 through CIP-014 Revision 6

Recovery Plan Review, Update and Communication

CIP-009-6 3.1

3.1 No later than 90 calendar days after completion of a recovery plan test or actual recovery: 3.2.1. Update the Cyber Security Incident response plan(s); and3.2.2. Notify each person or group with a defined role in the Cyber Security Incident response plan of the updates.

M3. Acceptable evidence includes but is not limited to each of the applicable requirement parts in CIP-009-6 Table R3– Recovery Plan Review Update and Communication.CIP-009-6 Table R3– Recovery Plan Review Update and Communication Part Applicable Systems Requirements Measures 3.1 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems at Control Centers and their associated: EACMS; andPACSNo later than 90 calendar days after completion of a recovery plan test or actual recovery: 3.1.1. Document any lessons learned associated with a recovery plan test or actual recovery or document the absence of any lessons learned; 3.1.2. Update the recovery plan based on any documented lessons learned associated with the plan; and 3.1.3. Notify each person or group with a defined role in the recovery plan of the updates to the recovery plan based on any documented lessons learned. An example of evidence may include but is not limited to all of the following: Dated documentation ofidentified deficiencies or lessons learned for each recovery plan test or actual incident recovery or dated documentation stating there were no lessons learned;Dated and revised recovery plan showing any changes based on the lessons learned; andEvidence of plan update distribution including but not limited to:Emails;USPS or other mail service;Electronic distribution system; orTraining sign-in sheets.CIP-009-6 Table R3– Recovery Plan Review Update and Communication Part Applicable Systems Requirements Measures 3.2 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems at Control Centers and their associated: EACMS; andPACSNo later than 60 calendar days after a change to the roles or responsibilities responders or technology that the Responsible Entity determines would impact the ability to execute the recovery plan: 3.2.1. Update the recovery plan; and3.2.2. Notify each person or group with a defined role in the recovery plan of the updates. An example of evidence may include but is not limited to all of the following: Dated and revised recovery plan with changes to the roles or responsibilities responders or technology; andEvidence of plan update distribution including but not limited to:Emails;USPS or other mail service;Electronic distribution system; orTraining sign-in sheets.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video