NERC CIP-002 through CIP-014 Revision 6
Recovery Plan Specifications
CIP-009-6 1.5
1.5 One or more processes to preserve data per Cyber Asset capability for determining the cause of a Cyber Security Incident that triggers activation of the recovery plan(s). Data preservation should not impede or restrict recovery.
M1. Evidence must include the documented recovery plan(s) that collectively include the applicable requirement parts in CIP-009-6 Table R1– Recovery Plan Specifications.CIP-009-6 Table R1– Recovery Plan Specifications Part Applicable Systems Requirements Measures 1.1 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems and their associated: EACMS; andPACSConditions for activation of the recovery plan(s). An example of evidence may include but is not limited to one or more plans that include language identifying conditions for activation of the recovery plan(s). CIP-009-6 Table R1– Recovery Plan Specifications Part Applicable Systems Requirements Measures 1.2 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems and their associated: EACMS; andPACSRoles and responsibilities of responders. An example of evidence may include but is not limited to one or more recovery plans that include language identifying the roles and responsibilities of responders. 1.3 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems and their associated: EACMS; andPACSOne or more processes for the backup and storage of information required to recover BES Cyber System functionality. An example of evidence may include but is not limited to documentation of specific processes for the backup and storage of information required to recover BES Cyber System functionality. CIP-009-6 Table R1– Recovery Plan Specifications Part Applicable Systems Requirements Measures 1.4 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems at Control Centers and their associated: EACMS; andPACSOne or more processes to verify the successful completion of the backup processes in Part 1.3 and to address any backup failures. An example of evidence may include but is not limited to logs workflow or other documentation confirming that the backup process completed successfully and backup failures if any were addressed. 1.5 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems and their associated: EACMS; andPACSOne or more processes to preserve data per Cyber Asset capability for determining the cause of a Cyber Security Incident that triggers activation of the recovery plan(s). Data preservation should not impede or restrict recovery. An example of evidence may include but is not limited to procedures to preserve data such as preserving a corrupted drive or making a data mirror of the system before proceeding with recovery.
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!