The National Academies Press

Currently Skimming:

Appendix E: Summary of NERC Cyber Security Standards
Pages 128-133

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 128... ... maintaining a reliable bulk electric system increasingly rely Using this list of critical assets, the responsible entity on cyber assets supporting critical reliability functions and must develop a list of associated critical cyber assets essential processes to communicate with each other, across func- to the operation of the critical asset. Examples at control centions and organizations, for services and data, resulting in ters and backup control centers include systems and facilities increased risks to these cyber assets. Read the entire page →
From page 129... ... information to be protected shall include, at a minimum and must include any externally connected communicaregardless of media type, operational procedures, lists of tion end point (for example, dial-up modems) termicritical assets, network topology or similar diagrams, floor nating at any device within the electronic security plans of computing centers that contain critical cyber assets, perimeter(s) Read the entire page →
From page 130... ... 1. For dial-up-accessible critical cyber assets that use INCIDENT REPORTING AND RESPONSE PLANNING non-routable protocols, the responsible entity must implement and document monitoring process(es) Read the entire page →
From page 131... ... Biometric, keypad, 1. Processes to ensure and document that all cyber token, or other equivalent devices that control physi assets within an electronic security perimeter also cal access to critical cyber assets. Read the entire page →
From page 132... ... training was completed and attendance records. PERSONNEL AND TRAINING Personnel Risk Assessment Personnel having authorized cyber or authorized une- The responsible entity must have a documented personnel scorted physical access to critical cyber assets, including risk assessment program, in accordance with federal, state, contractors and service vendors, are required to have an provincial, and local laws, and subject to existing collective appropriate level of personnel risk assessment, training, and bargaining unit agreements, for personnel having authorized security awareness. Read the entire page →
From page 133... ... can range from a paper nel with authorized cyber or authorized unescorted physi drill, to a full operational exercise, to recovery from an actual cal access to critical cyber assets, including their specific incident. electronic and physical access rights to critical cyber assets. Read the entire page →

From page 128...

... maintaining a reliable bulk electric system increasingly rely Using this list of critical assets, the responsible entity on cyber assets supporting critical reliability functions and must develop a list of associated critical cyber assets essential processes to communicate with each other, across func- to the operation of the critical asset. Examples at control centions and organizations, for services and data, resulting in ters and backup control centers include systems and facilities increased risks to these cyber assets.

Read the entire page →

From page 129...

... information to be protected shall include, at a minimum and must include any externally connected communicaregardless of media type, operational procedures, lists of tion end point (for example, dial-up modems) termicritical assets, network topology or similar diagrams, floor nating at any device within the electronic security plans of computing centers that contain critical cyber assets, perimeter(s)

Read the entire page →

From page 130...

... 1. For dial-up-accessible critical cyber assets that use INCIDENT REPORTING AND RESPONSE PLANNING non-routable protocols, the responsible entity must implement and document monitoring process(es)

Read the entire page →

From page 131...

... Biometric, keypad, 1. Processes to ensure and document that all cyber token, or other equivalent devices that control physi assets within an electronic security perimeter also cal access to critical cyber assets.

Read the entire page →

From page 132...

... training was completed and attendance records. PERSONNEL AND TRAINING Personnel Risk Assessment Personnel having authorized cyber or authorized une- The responsible entity must have a documented personnel scorted physical access to critical cyber assets, including risk assessment program, in accordance with federal, state, contractors and service vendors, are required to have an provincial, and local laws, and subject to existing collective appropriate level of personnel risk assessment, training, and bargaining unit agreements, for personnel having authorized security awareness.

Read the entire page →

From page 133...

... can range from a paper nel with authorized cyber or authorized unescorted physi drill, to a full operational exercise, to recovery from an actual cal access to critical cyber assets, including their specific incident. electronic and physical access rights to critical cyber assets.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Appendix E: Summary of NERC Cyber Security Standards Pages 128-133

Appendix E: Summary of NERC Cyber Security Standards
Pages 128-133