CIP Compliance Training Workshop - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

CIP Compliance Training Workshop

Description:

CIP Compliance Training Workshop Workshop Introduction CIP Background The NERC CIP Standards are nine sets of requirements for protecting the reliability of the bulk ... – PowerPoint PPT presentation

Number of Views:525
Avg rating:3.0/5.0
Slides: 14
Provided by: jackm57
Category:

less

Transcript and Presenter's Notes

Title: CIP Compliance Training Workshop


1
CIP Compliance Training Workshop
2
Workshop Introduction
3
CIP Background
  • The NERC CIP Standards are nine sets of
    requirements for protecting the reliability of
    the bulk electric system.
  • This workshop focuses on CIP standards -002
    through -009. We are required to comply with
    these standards as of 12/31/2009.

4
CIP-001 - Sabotage Reporting
  • CIP-001 requires we to provide
  • Guidelines for employees on indications of
    possible sabotage.
  • Procedures for reporting incidents to specific
    authorities.
  • Our compliance with CIP-001 was established as
    of June 2007. Printed procedures for reporting
    incidents should be present in plant control
    rooms.
  • CIP-001 is outside the scope of this workshop.

5
Where we are 2009 accomplishments
  • Defined risk-based methodology and used it to
    identify our critical assets (CAs) and critical
    cyber assets (CCAs)
  • Enclosed CCAs within required physical security
    perimeters
  • Inventoried components of critical cyber assets
    and established electronic security perimeters to
    protect them
  • Identified and certified employees who have
    unescorted access to CCAs
  • Delivered training and initiated awareness
    program
  • Created policies and program documents as
    required by CIP-002 through CIP-009

6
Purpose of this workshop
  • Explain required CIP policies, programs, and
    procedures
  • Identify the Intranet NERC CIP page as the source
    of published documents
  • Discuss details of implementing standards
    CIP-002 through -009 at your facility
  • Describe each of your roles and responsibilities
    for compliance
  • Identify the kinds of evidence you need to save
    to be prepared for NERC audits
  • Show the CIP SharePoint Evidence Repository that
    you will use for posting evidence
  • Answer questions and discuss procedures as needed

7
Compliance roles for plant staff
Plant Managers responsible for overall CIP
compliance at their facilities CIP coordinators
coordinate compliance activities and
participate in annual reviews of policies and
programs Critical cyber asset administrators
ensure compliance with CIP standards in operation
of CCAs
7
8
CIP-002 CIP-009 framework
9
QA
10
Policies, Programs, and Procedures
Policies
Programs
Procedures
  • Policies affirm that we will comply with the CIP
    Standards.
  • Programs explainat an enterprise levelhow we
    will comply with the CIP requirements.
  • Procedures provide details on the steps employees
    must follow to conform with the programs.

10
11
Example Critical Cyber Asset Information
  • The CIP Cyber Security Policy simply states that
    in accordance with CIP-003, we will identify,
    classify, and protect information associated with
    its critical cyber assets.
  • The Critical Cyber Asset Information Protection
    Program defines CCAI, explains how it should be
    identified and collected, and states that a
    checkout procedure must be in place for employees
    to access that information.
  • Within that program is a CCAI Checkout Procedure.
    Additional procedures could be developed at each
    location to further spell out the steps required
    to conform to the Critical Cyber Asset
    Information Protection Program.

Policies
Programs
Procedures
11
12
NERC CIP Compliance Monitoring
  • NERC uses these processes to monitor and enforce
    compliance with CIP through the Regional Entities
    (RFC, NPCC, WECC)
  • Self certification
  • Self reporting
  • Spot checks
  • Compliance audits

12
13
QA
Write a Comment
User Comments (0)
About PowerShow.com