The Lighthouse: CIP low impact from the ground up
By Lew Folkerth, Principal Reliability Consultant, External Affairs
In this series of articles, I’ll explore the NERC CIP Standards applicable to low impact Bulk Electric System Cyber Systems. These articles are my opinions only – consider them to be my advice to you. Most of this advice will reference the enforceable language of the Reliability Standards, and I’ll quote the applicable wording or provide links to the applicable documents. The enforceable language of the standards will always govern, and if you think my advice conflicts with this language, please let me know.
In the low-impact series, I will tell you what you must accomplish and what you should accomplish with your compliance program. But I cannot tell you how to be compliant. How you implement these standards is individual to each organization.
I’m going to assume you are new to the CIP Standards. I will begin with some foundational material before progressing to more advanced topics and provide links that may be useful for your own reference library.
Part 1, Introduction to NERC and the Reliability Standards
Part 2, Initial compliance steps
Part 3, Overview of compliance steps
Part 4, Identifying your CIP Senior Manager (CIP-003 R3, R4)
Coming soon…
Part 5, Quality Evidence
Part 6, Identifying BES assets containing low impact BCS
Part 7, Developing cyber security policies (low impact only)
Part 8, Developing your low impact cyber security plans
Part 9, Developing your security awareness plan
Part 10, Developing your physical security controls plan
Part 11, Developing your electronic access controls plan
Part 12, Developing your CSIRP plan and the CSIRP
Part 13, Developing your TCA and RM plan
Part 14, Developing your Control Center communications plan
Part 15, CIP-014-3 considerations for low impact
Part 16, Series wrap-up