NERC CIP-002 through CIP-014 Revision 6
Physical Security Plan
CIP-006-6 1.7
1.7 Issue an alarm or alert in response to detected unauthorized physical access to a Physical Access Control System to the personnel identified in the BES Cyber Security Incident response plan within 15 minutes of the detection.
M1. Evidence must include each of the documented physical security plans that collectively include all of the applicable requirement parts in CIP-006-6 Table R1– Physical Security Plan and additional evidence to demonstrate implementation of the plan or plans as described in the Measures column of the table.CIP-006-6 Table R1– Physical Security Plan Part Applicable Systems Requirements Measures 1.1 Medium Impact BES Cyber Systems without External Routable Connectivity Physical Access Control Systems (PACS) associated with: High Impact BES Cyber Systems orMedium Impact BES Cyber Systems with External RoutableConnectivityDefine operational or procedural controls to restrict physical access. An example of evidence may include but is not limited to documentation that operational or procedural controls exist. CIP-006-6 Table R1– Physical Security Plan Part Applicable Systems Requirements Measures 1.2 Medium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS; andPCAUtilize at least one physical access control to allow unescorted physical access into each applicable Physical Security Perimeter to only those individuals who have authorized unescorted physical access. An example of evidence may include but is not limited to language in the physical security plan that describes each Physical Security Perimeter and how unescorted physical access is controlled by one or more different methods and proof that unescorted physical access is restricted to only authorized individuals such as a list of authorized individuals accompanied by access logs. CIP-006-6 Table R1– Physical Security Plan Part Applicable Systems Requirements Measures 1.3 High Impact BES Cyber Systems and their associated: EACMS; andPCAWhere technically feasible utilize two or more different physical access controls (this does not require two completely independent physical access control systems) to collectively allow unescorted physical access into Physical Security Perimeters to only those individuals who have authorized unescorted physical access. An example of evidence may include but is not limited to language in the physical security plan that describes the Physical Security Perimeters and how unescorted physical access is controlled by two or more different methods and proof that unescorted physical access is restricted to only authorized individuals such as a list of authorized individuals accompanied by access logs. CIP-006-6 Table R1– Physical Security Plan Part Applicable Systems Requirements Measures 1.4 High Impact BES Cyber Systems and their associated: EACMS; andPCAMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS; andPCAMonitor for unauthorized access through a physical access point into a Physical Security Perimeter. An example of evidence may include but is not limited to documentation of controls that monitor for unauthorized access through a physical access point into a Physical Security Perimeter. CIP-006-6 Table R1– Physical Security Plan Part Applicable Systems Requirements Measures 1.5 High Impact BES Cyber Systems and their associated: EACMS; andPCAMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS; andPCAIssue an alarm or alert in response to detected unauthorized access through a physical access point into a Physical Security Perimeter to the personnel identified in the BES Cyber Security Incident response plan within 15 minutes of detection. An example of evidence may include but is not limited to language in the physical security plan that describes the issuance of an alarm or alert in response to unauthorized access through a physical access control into a Physical Security Perimeter and additional evidence that the alarm or alert was issued and communicated as identified in the BES Cyber Security Incident Response Plan such as manual or electronic alarm or alert logs cell phone or pager logs or other evidence that documents that the alarm or alert was generated and communicated. 1.6 Physical Access Control Systems (PACS) associated with: High Impact BES CyberSystems orMedium Impact BES Cyber Systems with External RoutableConnectivityMonitor each Physical Access Control System for unauthorized physical access to a Physical Access Control System. An example of evidence may include but is not limited to documentation of controls that monitor for unauthorized physical access to a PACS. CIP-006-6 Table R1– Physical Security Plan Part Applicable Systems Requirements Measures 1.7 Physical Access Control Systems (PACS) associated with: High Impact BES CyberSystems orMedium Impact BES Cyber Systems with External RoutableConnectivityIssue an alarm or alert in response to detected unauthorized physical access to a Physical Access Control System to the personnel identified in the BES Cyber Security Incident response plan within 15 minutes of the detection. An example of evidence may include but is not limited to language in the physical security plan that describes the issuance of an alarm or alert in response to unauthorized physical access to Physical Access Control Systems and additional evidence that the alarm or alerts was issued and communicated as identified in the BES Cyber Security Incident Response Plan such as alarm or alert logs cell phone or pager logs or other evidence that the alarm or alert was generated and communicated. CIP-006-6 Table R1– Physical Security Plan Part Applicable Systems Requirements Measures 1.8 High Impact BES Cyber Systems and their associated: EACMS; andPCAMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS; andPCALog (through automated means or by personnel who control entry) entry of each individual with authorized unescorted physical access into each Physical Security Perimeter with information to identify the individual and date and time of entry. An example of evidence may include but is not limited to language in the physical security plan that describes logging and recording of physical entry into each Physical Security Perimeter and additional evidence to demonstrate that this logging has been implemented such as logs of physical access into Physical Security Perimeters that show the individual and the date and time of entry into Physical Security Perimeter. CIP-006-6 Table R1– Physical Security Plan Part Applicable Systems Requirements Measures 1.9 High Impact BES Cyber Systems and their associated: EACMS; andPCAMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS; andPCARetain physical access logs of entry of individuals with authorized unescorted physical access into each Physical Security Perimeter for at least ninety calendar days. An example of evidence may include but is not limited to dated documentation such as logs of physical access into Physical Security Perimeters that show the date and time of entry into Physical Security Perimeter. CIP-006-6 Table R1– Physical Security Plan Part Applicable Systems Requirements Measures 1.10 High Impact BES Cyber Systems and their associated: PCAMedium Impact BES Cyber Systems at Control Centers and their associated: PCARestrict physical access to cabling and other nonprogrammable communication components used for connection between applicable Cyber Assets within the same Electronic Security Perimeter in those instances when such cabling and components are located outside of a Physical Security Perimeter. Where physical access restrictions to such cabling and components are not implemented the Responsible Entity shall document and implement one or more of the following: encryption of data that transits such cabling and components; ormonitoring the status of the communication link composed of such cabling and components and issuing an alarm or alert in response to detected communication failures to the personnel identified in the BES Cyber Security Incident response plan within 15 minutes of detection; oran equally effective logical protection.An example of evidence may include but is not limited to records of the Responsible Entity’s implementation of the physical access restrictions (e.g. cabling and components secured through conduit or secured cable trays) encryption monitoring or equally effective logical protections.
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!