NERC CIP-002 through CIP-014 Revision 6
Information Protection
CIP-011-2 R1
R1. Each Responsible Entity shall implement one or more documented information protection program(s) that collectively includes each of the applicable requirement parts in CIP-011-2 Table R1 ? Information Protection. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning].
M1. Evidence for the information protection program must include the applicable requirement parts in CIP-011-2 Table R1– Information Protection and additional evidence to demonstrate implementation as described in the Measures column of the table.CIP-011-2 Table R1– Information Protection Part Applicable Systems Requirements Measures 1.1 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems and their associated: EACMS; andPACSMethod(s) to identify information that meets the definition of BES Cyber System Information. Examples of acceptable evidence include but are not limited to: Documented method to identify BES Cyber System Information from entitys information protection program; orIndications on information (e.g. labels or classification) that identify BES Cyber System Information as designated in the entitys information protection program; orTraining materials that provide personnel with sufficientknowledge to recognize BES Cyber System Information; orRepository or electronic and physical location designated for housing BES Cyber System Information in the entitys information protection program.CIP-011-2 Table R1– Information Protection Part Applicable Systems Requirement Measure 1.2 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems and their associated: EACMS; andPACSProcedure(s) for protecting and securely handling BES Cyber System Information including storage transit and use. Examples of acceptable evidence include but are not limited to: Procedures for protecting and securely handling which include topics such as storage security during transit and use of BES Cyber System Information; orRecords indicating that BES Cyber System Information is handled in a manner consistent with the entitys documented procedure(s).
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!