Purpose
Standard CIP-009-3 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009-3 should be read as part of a group of standards numbered Standards CIP-002-3 through CIP-009-3.
Applicability
Within the text of Standard CIP-009-3,
…
Purpose
Standard CIP-008-3 ensures the identification, classification, response, and reporting of Cyber Security Incidents related toCritical Cyber Assets. Standard CIP-008-23 should be read as part of a group of standards numbered Standards CIP-002-3 through CIP-009-3.
Applicability
Within the text of Standard CIP-008-3,
…
Purpose
Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets withinthe Electronic Security Perimeter(s). Standard CIP-007-3 should be read as part of a group of standards numbered Standards CIP-002-3 through CIP-009-3.
…
Purpose
Standard CIP-006-3 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be read as part of a group of standards numbered Standards CIP-002-3 through CIP-009-3.
Applicability
Within the text of Standard CIP-006-3c,
…
Purpose
Standard CIP-005-3 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-3 should be read as part of a group of standards numbered Standards CIP-002-3 through CIP-009-3.
Applicability
Within the text of Standard CIP-005-3,
…
Purpose
Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessment, training, and security awareness. Standard CIP-004-3 should be read as part of a group of standards numbered Standards CIP-002-3 through CIP-009-3
Applicability
Within the text of Standard CIP-004-3,
…
Purpose
Standard CIP-003-3 requires that Responsible Entities have minimum security management controls in place to protect CriticalCyber Assets. Standard CIP-003-3 should be read as part of a group of standards numbered Standards CIP-002-3 through CIP-009-3.
Applicability
Within the text of Standard CIP-003-3,
…
Purpose
NERC Standards CIP-002-3 through CIP-009-3 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.
These standards recognize the differing roles of each entity in the operation of the Bulk Electric System,
…