NERC CIP-002 through CIP-014 Revision 6
Cyber Security Incident Response Plan Implementation and Testing
CIP-008-5 R2
R2. Each Responsible Entity shall implement each of its documented Cyber Security Incident response plans to collectively include each of the applicable requirement parts in CIP-008-5 Table R2 ? Cyber Security Incident Response Plan Implementation and Testing. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning and Real-Time Operations].
M2. Evidence must include but is not limited to documentation that collectively demonstrates implementation of each of the applicable requirement parts in CIP-008-5 Table R2– Cyber Security Incident Response Plan Implementation and Testing.CIP-008-5 Table R2– Cyber Security Incident Response Plan Implementation and Testing Part Applicable Systems Requirements Measures 2.1 High Impact BES Cyber Systems Medium Impact BES Cyber Systems Test each Cyber Security Incident response plan(s) at least once every 15 calendar months: By responding to an actual Reportable Cyber Security Incident;With a paper drill or tabletop exercise of a Reportable Cyber Security Incident; orWith an operational exercise of a Reportable Cyber Security Incident.Examples of evidence may include but are not limited to dated evidence of a lessons-learned report that includes a summary of the test or a compilation of notes logs and communication resulting from the test. Types of exercises may include discussion or operations based exercises. CIP-008-5 Table R2– Cyber Security Incident Response Plan Implementation and Testing Part Applicable Systems Requirements Measures 2.2 High Impact BES Cyber Systems Medium Impact BES Cyber Systems Use the Cyber Security Incident response plan(s) under Requirement R1 when responding to a Reportable Cyber Security Incident or performing an exercise of a Reportable Cyber Security Incident. Document deviations from the plan(s) taken during the response to the incident or exercise. Examples of evidence may include but are not limited to incident reports logs and notes that were kept during the incident response process and follow-up documentation that describes deviations taken from the plan during the incident or exercise. 2.3 High Impact BES Cyber Systems Medium Impact BES Cyber Systems Retain records related to Reportable Cyber Security Incidents. An example of evidence may include but is not limited to dated documentation such as security logs police reports emails response forms or checklists forensic analysis results restoration records and post-incident review notes related to Reportable Cyber Security Incidents.
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!