NERC CIP-002 through CIP-014 Revision 6_CIP-007-6 R5

Lionfish Cyber Security | July 20th 2023 |

NERC CIP-002 through CIP-014 Revision 6

System Access Control

CIP-007-6 R5

R5. Each Responsible Entity shall implement one or more documented process(es) that collectively include each of the applicable requirement parts in CIP-007-6 Table R5 ? System Access Controls. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning].

M5. Evidence must include each of the applicable documented processes that collectively include each of the applicable requirement parts in CIP-007-6 Table 5– System Access Controls and additional evidence to demonstrate implementation as described in the Measures column of the table.CIP-007-6 Table R5– System Access Control Part Applicable Systems Requirements Measures 5.1 High Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems at Control Centers and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS;PACS; andPCAHave a method(s) to enforce authentication of interactive user access where technically feasible. An example of evidence may include but is not limited to documentation describing how access is authenticated. CIP-007-6 Table R5– System Access Control Part Applicable Systems Requirements Measures 5.2 High Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAIdentify and inventory all known enabled default or other generic account types either by system by groups of systems by location or by system type(s). An example of evidence may include but is not limited to a listing of accounts by account types showing the enabled or generic account types in use for the BES Cyber System. CIP-007-6 Table R5– System Access Control Part Applicable Systems Requirements Measures 5.3 High Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS;PACS; andPCAIdentify individuals who have authorized access to shared accounts. An example of evidence may include but is not limited to listing of shared accounts and the individuals who have authorized access to each shared account. CIP-007-6 Table R5– System Access Control Part Applicable Systems Requirements Measures 5.4 High Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAChange known default passwords per Cyber Asset capability Examples of evidence may include but are not limited to: Records of a procedure that passwords are changed when new devices are in production; orDocumentation in system manuals or other vendor documents showing default vendor passwords were generated pseudo-randomly and are thereby unique to the device.CIP-007-6 Table R5– System Access Control Part Applicable Systems Requirements Measures 5.5 High Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAFor password-only authentication for interactive user access either technically or procedurally enforce the following password parameters: 5.5.1. Password length that is at least the lesser of eight characters or the maximum length supported by the Cyber Asset; and 5.5.2. Minimum password complexity that is the lesser of three or more different types of characters (e.g. uppercase alphabetic lowercase alphabetic numeric nonalphanumeric) or the maximum complexity supported by the Cyber Asset. Examples of evidence may include but are not limited to: System-generated reports or screen-shots of the systemenforced password parameters including length and complexity; orAttestations that include a reference to the documented procedures that were followed.CIP-007-6 Table R5– System Access Control Part Applicable Systems Requirements Measures 5.6 High Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems with External Routable Connectivity and their associated: EACMS;PACS; andPCAWhere technically feasible for password-only authentication for interactive user access either technically or procedurally enforce password changes or an obligation to change the password at least once every 15 calendar months. Examples of evidence may include but are not limited to: System-generated reports or screen-shots of the systemenforced periodicity of changing passwords; orAttestations that include a reference to the documented procedures that were followed.CIP-007-6 Table R5– System Access Control Part Applicable Systems Requirements Measures 5.7 High Impact BES Cyber Systems and their associated: EACMS;PACS; andPCAMedium Impact BES Cyber Systems at Control Centers and their associated: EACMS;PACS; andPCAWhere technically feasible either: Limit the number of unsuccessful authentication attempts; orGenerate alerts after a threshold of unsuccessful authentication attempts.Examples of evidence may include but are not limited to: Documentation of the accountlockout parameters; orRules in the alerting configuration showing how the system notified individuals after a determined number of unsuccessful login attempts.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video