Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.

Published byBarrett Liff Modified over 9 years ago

Similar presentations

Presentation on theme: "Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014."— Presentation transcript:

1 Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014

2 2 Revision History CIP ImplementationChange HistoryDateDescription Implementation PlanAdded slide 93/7/2014Added slide describing newly identified Critical Assets

3 3 The makeup of CIP v5 Key dates Timeline and date matrix V5 Transition Pilot review and next steps Agenda

4 4 BES Cyber Asset (BCA) Protected Cyber Asset (PCA) BES Cyber System (BCS) BES Cyber System Information CIP Exceptional Circumstance Impact Rating Criteria (IRC) New / Modified CIP Terms

5 5 V3 V5 V3 to V5 Facilities Comparison

6 6 Decrypting CIP v5

7 7 V5 Format o Background section before requirements o Requirement and Measurement next to each other o Rationale and guidance developed in parallel with Requirements o Two posting formats – one with guidance/rationale text boxes inline; other with guidance and rational text grouped at end o Still must audit only to the requirement o Guidelines and Technical Basis section at end Decrypting CIP v5

8 8 V5 Approval DateNovember 21, 2013 V5 Effective Date February 3, 2014 V5 Initial Compliance DateApril 1, 2016 o Keep in mind the CIP v5 Implementation Plan dates (pages 2-3) Key Dates

9 9 During the remainder of the transition period, newly identified assets applicable to the Version 3 based on the “Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities” may migrate directly to Version 5 applicable standards and requirements. o The Registered Entity must follow the timeline established for V3 for assets coming into compliance before V5 effective dates o In the event of newly acquired companies or mergers, the Registered Entity shall coordinate with their Region to clarify anticipated compliance dates and expectations during the transition. Entities notified by Registered 3rd parties (such as TP, RC, PA) resulting in High or Medium BES Cyber Assets during the transition period have 12-24 months from the time of notification to bring the assets into compliance. The V5 Implementation Plan’s Scenario for Unplanned Changes should be referenced to determine if the notified entity will be on the 12 month or 24 month implementation window. Implementation For Newly Identified Cyber Assets

10 10 Initial Performance of Certain Periodic Requirements o Specific Version 5 CIP Cyber Security Standards have periodic requirements that contain time parameters for subsequent and recurring iterations of the requirement, such as, but not limited to,“... at least once every 15 calendar months...”, and responsible entities shall comply initially with those periodic requirements as follows: V5 Implementation for Periodic Requirements

11 11 V5 Implementation Timeline

12 12 V5 Implementation Timeline

13 13 Address V3 to V5 Transition issues. Provide a clear roadmap for V5 steady-state. Justify budget for V5 implementation and compliance. Foster communication and knowledge sharing. CIP v5 Transition Study Pilot Goals

14 14 CIP v5 Transition Study Pilot Elements A new transition guidance will be provided after V5 Order Periodic Guidance 6 entities with strong compliance cultures 6-8 month implementation of V5 for certain facilities Lessons learned throughout and after study phase Implementation Study Integration with RAI Identify approaches to address IAC alternative processes Compliance and Enforcement New website created for all Transition Program activity http://www.nerc.com/pa/CI/Pages/Transition-Program.aspx Outreach & Communications Quarterly training opportunities will be provided to industry V5 Technical Training will be provided at the March 4th CIPC Meeting in St. Louis Training

15 15 V5 Implementation Plan o http://www.nerc.com/pa/comp/Resources/ResourcesDL/Cyber%20Security%20Sta ndards%20Transition%20Guidance%20%28Revised%29.pdf http://www.nerc.com/pa/comp/Resources/ResourcesDL/Cyber%20Security%20Sta ndards%20Transition%20Guidance%20%28Revised%29.pdf NERC CIPC Presentation on Transition Guidance o http://www.nerc.com/pa/CI/CIPOutreach/CIP%20Training/CIP%20Technical%20Wo rkshop.pdf http://www.nerc.com/pa/CI/CIPOutreach/CIP%20Training/CIP%20Technical%20Wo rkshop.pdf References

16 Brent Castagnetto CBRM, CBRA, MABR Manager, Cyber Security Audits & Investigations O: 801.819.7627 M: 801.597.7957 bcastagnetto@wecc.biz Questions?

Download ppt "Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014."

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
Standards Development and Approval Process Steve Rueckert Director of Standards Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake.

Standards Development and Approval Process Steve Rueckert Director of Standards Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake.
Document Categorization Steve Ashbaker Director of Operations Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake City, UT May 6-7,

Document Categorization Steve Ashbaker Director of Operations Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake City, UT May 6-7,
1 Compliance Report WECC Board of Directors Meeting December 7-8, 2006 Steve Rueckert Director, Standards and Compliance.

1 Compliance Report WECC Board of Directors Meeting December 7-8, 2006 Steve Rueckert Director, Standards and Compliance.
NERC Orientation Joint Guidance Committee WECC Leadership

NERC Orientation Joint Guidance Committee WECC Leadership
Brent Castagnetto, CBRM, CBRA, MABR Manager, Cyber Security Audits

Brent Castagnetto, CBRM, CBRA, MABR Manager, Cyber Security Audits
CUG Meeting June 3 – 5 Salt Lake City, UT

CUG Meeting June 3 – 5 Salt Lake City, UT
Keshav Sarin Manager, Compliance Risk Analysis

Keshav Sarin Manager, Compliance Risk Analysis
CIP Version 5 Transition Guidance September 2013 Open-Webinar

CIP Version 5 Transition Guidance September 2013 Open-Webinar
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
PER Update & Compliance Lessons Learned

PER Update & Compliance Lessons Learned
FRCC Fall Compliance Workshop October , 2013

FRCC Fall Compliance Workshop October , 2013
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Update in NERC CIP Activities September 4, 2014. 2 Update on CIP-014-1 Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.

Update in NERC CIP Activities September 4, Update on CIP Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.

State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.
Compliance Application Notice Process Update and Discussion with NERC MRC.

Compliance Application Notice Process Update and Discussion with NERC MRC.
1. Globally Harmonized System of Classification and Labelling of Chemicals (GHS) Presentation to RCC Stakeholders - Webinar Session January 14 th, 2014.

1. Globally Harmonized System of Classification and Labelling of Chemicals (GHS) Presentation to RCC Stakeholders - Webinar Session January 14 th, 2014.
Darren T. Nielsen, M.Ad., CISA, CPP, PCI, PSP, CBRA, CBRM Senior Compliance Auditor, Cyber Security Salt Lake City, UT Office CIP-006 V3 to CIP-006 V5.

Darren T. Nielsen, M.Ad., CISA, CPP, PCI, PSP, CBRA, CBRM Senior Compliance Auditor, Cyber Security Salt Lake City, UT Office CIP-006 V3 to CIP-006 V5.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Similar presentations

Ads by Google