Standardized Processes for CIP Low Impact and Supply Chain
NAGF Standardized Procedure Templates for Low Impact BES Cyber Systems/Assets
The NAGF Security Practices/CIP Working Group low-impact cyber systems procedures sub-group completed development of the subject standardized procedure templates for the pending CIP-003-7 low impact requirements associated with physical security controls, electronic access controls, transient cyber assets & removable media and CIP exceptional circumstances. This effort included the review and incorporation of comments provided by NERC as well as the Regional Entities.
The templates have been posted to the NAGF Security Practices/CIP Working Group file cabinet and available for member use:
Please contact Frank Lyter Frank.Lyter@talenenergy.com with any questions.
Coordination of Supply Chain Efforts
The NAGF has begun working with NERC, NATF, and others on a Proof of Concepts effort focused on developing a streamlined process, or processes, for registered entities to evaluate a supplier's supply chain cyber security risk by determining the supplier's adherence to the NATF Supply Chain Criteria. Initial steps include one-on-one conversations between the participants and the NATF to determine current Supply Chain work efforts in this area as well as a future workshop with all participants to move this effort forward. The NAGF will keep members informed as this effort progresses.