NERC CIP-002 through CIP-014 Revision 6_CIP-009-6 2.3

Lionfish Cyber Security | July 27th 2023 |

NERC CIP-002 through CIP-014 Revision 6

Recovery Plan Implementation and Testing

CIP-009-6 2.3

2.3 Test each of the recovery plans referenced in Requirement R1 at least once every 36 calendar months through an operational exercise of the recovery plans in an environment representative of the production environment.An actual recovery response may substitute for an operational exercise.

M2. Evidence must include but is not limited to documentation that collectively demonstrates implementation of each of the applicable requirement parts in CIP-009-6 Table R2– Recovery Plan Implementation and Testing.CIP-009-6 Table R2– Recovery Plan Implementation and Testing Part Applicable Systems Requirements Measures 2.1 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems at Control Centers and their associated: EACMS; andPACSTest each of the recovery plans referenced in Requirement R1 at least once every 15 calendar months: By recovering from an actual incident;With a paper drill or tabletop exercise; orWith an operational exercise.An example of evidence may include but is not limited to dated evidence of a test (by recovering from an actual incident with a paper drill or tabletop exercise or with an operational exercise) of the recovery plan at least once every 15 calendar months. For the paper drill or full operational exercise evidence may include meeting notices minutes or other records of exercise findings. CIP-009-6 Table R2– Recovery Plan Implementation and Testing Part Applicable Systems Requirements Measures 2.2 High Impact BES Cyber Systems and their associated: EACMS; andPACSMedium Impact BES Cyber Systems at Control Centers and their associated: EACMS; andPACSTest a representative sample of information used to recover BES Cyber System functionality at least once every 15 calendar months to ensure that the information is useable and is compatible with current configurations. An actual recovery that incorporates the information used to recover BES Cyber System functionality substitutes for this test. An example of evidence may include but is not limited to operational logs or test results with criteria for testing the usability (e.g. sample tape load browsing tape contents) and compatibility with current system configurations (e.g. manual or automated comparison checkpoints between backup media contents and current configuration). 2.3 High Impact BES Cyber Systems Test each of the recovery plans referenced in Requirement R1 at least once every 36 calendar months through an operational exercise of the recovery plans in an environment representative of the production environment. An actual recovery response may substitute for an operational exercise. Examples of evidence may include but are not limited to dated documentation of: An operational exercise at least once every 36 calendar months between exercises that demonstrates recovery in a representative environment; orAn actual recovery response that occurred within the 36 calendar month timeframe that exercised the recovery plans.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video