NERC CIP-002 through CIP-014 Revision 6
Cyber Security Incident Response Plan Review, Update, and Communication
CIP-008-5 R3
R3. Each Responsible Entity shall maintain each of its Cyber Security Incident response plans according to each of the applicable requirement parts in CIP-008-5 Table R3 ? Cyber Security Incident Response Plan Review Update and Communication. [Violation Risk Factor: Lower] [Time Horizon: Operations Assessment].
M3. Evidence must include but is not limited to documentation that collectively demonstrates maintenance of each Cyber Security Incident response plan according to the applicable requirement parts in CIP-008-5 Table R3– Cyber Security Incident.CIP-008-5 Table R3– Cyber Security Incident Response Plan Review Update and Communication Part Applicable Systems Requirements Measures 3.1 High Impact BES Cyber Systems Medium Impact BES Cyber Systems No later than 90 calendar days after completion of a Cyber Security Incident response plan(s) test or actual Reportable Cyber Security Incident response: 3.1.1. Document any lessons learned or document the absence of any lessons learned; 3.1.2. Update the Cyber Security Incident response plan based on any documented lessons learned associated with the plan; and 3.1.3. Notify each person or group with a defined role in the Cyber Security Incident response plan of the updates to the Cyber Security Incident response plan based on any documented lessons learned. An example of evidence may include but is not limited to all of the following: Dated documentation of post incident(s) review meeting notes or follow-up report showing lessons learned associated with the Cyber Security Incident response plan(s) test or actual Reportable Cyber Security Incident response or dated documentation stating there were no lessons learned;Dated and revised Cyber Security Incident response plan showing any changes based on the lessons learned; andEvidence of plan update distribution including but not limited to:Emails;USPS or other mail service;Electronic distribution system; orTraining sign-in sheets.CIP-008-5 Table R3– Cyber Security Incident Response Plan Review Update and Communication Part Applicable Systems Requirements Measures 3.2 High Impact BES Cyber Systems Medium Impact BES Cyber Systems No later than 60 calendar days after a change to the roles or responsibilities Cyber Security Incident response groups or individuals or technology that the Responsible Entity determines would impact the ability to execute the plan: 3.2.1. Update the Cyber Security Incident response plan(s); and 3.2.2. Notify each person or group with a defined role in the Cyber Security Incident response plan of the updates. An example of evidence may include but is not limited to: Dated and revised Cyber Security Incident response plan with changes to the roles or responsibilities responders or technology; andEvidence of plan update distribution including but not limited to:Emails;USPS or other mail service;Electronic distribution system; orTraining sign-in sheets.
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!