NERC CIP-002 through CIP-014 Revision 6_CIP-008-5 1.1

NERC CIP-002 through CIP-014 Revision 6

Cyber Security Incident Response Plan Specifications

CIP-008-5 1.1

1.1 One or more processes to identify classify and respond to Cyber Security Incidents.

M1. Evidence must include each of the documented plan(s) that collectively include each of the applicable requirement parts in CIP-008-5 Table R1– Cyber Security Incident Response Plan Specifications.CIP-008-5 Table R1– Cyber Security Incident Response Plan Specifications Part Applicable Systems Requirements Measures 1.1 High Impact BES Cyber Systems Medium Impact BES Cyber Systems One or more processes to identify classify and respond to Cyber Security Incidents. An example of evidence may include but is not limited to dated documentation of Cyber Security Incident response plan(s) that include the process to identify classify and respond to Cyber Security Incidents. 1.2 High Impact BES Cyber Systems Medium Impact BES Cyber Systems One or more processes to determine if an identified Cyber Security Incident is a Reportable Cyber Security Incident and notify the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) unless prohibited by law. Initial notification to the ES-ISAC which may be only a preliminary notice shall not exceed one hour from the determination of a Reportable Cyber Security Incident. Examples of evidence may include but are not limited to dated documentation of Cyber Security Incident response plan(s) that provide guidance or thresholds for determining which Cyber Security Incidents are also Reportable Cyber Security Incidents and documentation of initial notices to the Electricity Sector Information Sharing and Analysis Center (ES-ISAC). CIP-008-5 Table R1– Cyber Security Incident Response Plan Specifications Part Applicable Systems Requirements Measures 1.3 High Impact BES Cyber Systems Medium Impact BES Cyber Systems The roles and responsibilities of Cyber Security Incident response groups or individuals. An example of evidence may include but is not limited to dated Cyber Security Incident response process(es) or procedure(s) that define roles and responsibilities (e.g. monitoring reporting initiating documenting etc.) of Cyber Security Incident response groups or individuals. 1.4 High Impact BES Cyber Systems Medium Impact BES Cyber Systems Incident handling procedures for Cyber Security Incidents. An example of evidence may include but is not limited to dated Cyber Security Incident response process(es) or procedure(s) that address incident handling (e.g. containment eradication recovery/incident resolution).

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video