NERC CIP-002 through CIP-014 Revision 6_CIP-011-2 2.2

Lionfish Cyber Security | July 5th 2023 |

NERC CIP-002 through CIP-014 Revision 6

BES Cyber Asset Reuse and Disposal

CIP-011-2 2.2

2.2 Prior to the disposal of applicable Cyber Assets that contain BES Cyber System Information the Responsible Entity shall take action to prevent the unauthorized retrieval of BES Cyber System Information from the Cyber Asset or destroy the data storage media.

M2. Evidence must include each of the applicable documented processes that collectively include each of the applicable requirement parts in CIP-011-2 Table R2– BES Cyber Asset Reuse and Disposal and additional evidence to demonstrate implementation as described in the Measures column of the table.CIP-011-2 Table R2– BES Cyber Asset Reuse and Disposal Part Applicable Systems Requirements Measures 2.1 High Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAPrior to the release for reuse of applicable Cyber Assets that contain BES Cyber System Information (except for reuse within other systems identified in the Applicable Systems column) the Responsible Entity shall take action to prevent the unauthorized retrieval of BES Cyber System Information from the Cyber Asset data storage media. Examples of acceptable evidence include but are not limited to: Records tracking sanitization actions taken to prevent unauthorized retrieval of BES Cyber System Information such as clearing purging or destroying; orRecords tracking actions such as encrypting retaining in the Physical Security Perimeter or other methods used to prevent unauthorized retrieval of BES Cyber System Information.CIP-011-2 Table R2 — BES Cyber Asset Reuse and Disposal Part Applicable Systems Requirements Measures 2.2 High Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAPrior to the disposal of applicable Cyber Assets that contain BES Cyber System Information the Responsible Entity shall take action to prevent the unauthorized retrieval of BES Cyber System Information from the Cyber Asset or destroy the data storage media. Examples of acceptable evidence include but are not limited to: Records that indicate that data storage media was destroyed prior to the disposal of an applicable Cyber Asset; orRecords of actions taken to prevent unauthorized retrieval of BES Cyber System Information prior to the disposal of an applicable Cyber Asset.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video