NERC CIP-002 through CIP-014 Revision 6_CIP-004-6 R2

NERC CIP-002 through CIP-014 Revision 6

Cyber Security Training Program

CIP-004-6 R2

R2. Each Responsible Entity shall implement one or more cyber security training program(s) appropriate to individual roles functions or responsibilities that collectively includes each of the applicable requirement parts in CIP-004-6 Table R2 ? Cyber Security Training Program. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]

M2. Evidence must include the training program that includes each of the applicable requirement parts in CIP-004-6 Table R2– Cyber Security Training Program and additional evidence to demonstrate implementation of the program(s).CIP-004-6 Table R2– Cyber Security Training Program Part Applicable Systems Requirements Measures 2.1 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS; andPACSTraining content on: 2.1.1. Cyber security policies; 2.1.2. Physical access controls; 2.1.3. Electronic access controls; 2.1.4. The visitor control program; 2.1.5. Handling of BES Cyber System Information and its storage; 2.1.6. Identification of a Cyber Security Incident and initial notifications in accordance with the entity?s incident response plan; 2.1.7. Recovery plans for BES Cyber Systems; 2.1.8. Response to Cyber Security Incidents; and 2.1.9. Cyber security risks associated with a BES Cyber Systems electronic interconnectivity and interoperability with other Cyber Assets including Transient Cyber Assets and with Removable Media. Examples of evidence may include but are not limited to training material such as power point presentations instructor notes student notes handouts or other training materials. CIP-004-6 Table R2– Cyber Security Training Program Part Applicable Systems Requirements Measures 2.2 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS; andPACSRequire completion of the training specified in Part 2.1 prior to granting authorized electronic access and authorized unescorted physical access to applicable Cyber Assets except during CIP Exceptional Circumstances. Examples of evidence may include but are not limited to training records and documentation of when CIP Exceptional Circumstances were invoked. 2.3 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS; andPACSRequire completion of the training specified in Part 2.1 at least once every 15 calendar months. Examples of evidence may include but are not limited to dated individual training records.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video