NERC CIP-002 through CIP-014 Revision 6_CIP-003-6 R4

NERC CIP-002 through CIP-014 Revision 6

Security Management Controls

CIP-003-6 R4

R4. The Responsible Entity shall implement a documented process to delegate authority unless no delegations are used. Where allowed by the CIP Standards the CIP Senior Manager may delegate authority for specific actions to a delegate or delegates. These delegations shall be documented including the name or title of the delegate the specific actions delegated and the date of the delegation; approved by the CIP Senior Manager; and updated within 30 days of any change to the delegation. Delegation changes do not need to be reinstated with a change to the delegator. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]

M4. An example of evidence may include but is not limited to a dated document approved by the CIP Senior Manager listing individuals (by name or title) who are delegated the authority to approve or authorize specifically identified items.


Click here to Start your FREE trial today!

Explainer video


What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video