Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIP 43 ReliabilityFirst Audit Observations ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Tony Purgar, Sr. Consultant - Compliance.

Published byGarry Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "CIP 43 ReliabilityFirst Audit Observations ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Tony Purgar, Sr. Consultant - Compliance."— Presentation transcript:

1 CIP 43 ReliabilityFirst Audit Observations ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Tony Purgar, Sr. Consultant - Compliance

2 Topics Background CIP 43 Audit Observations CIP 43 Next Steps Questions

3 Background ReliabilityFirst has started conducting CIP 43 Audits in 2010 A planned and coordinated approach is utilized to execute Pre-Audit, Onsite and Post-Audit activities ReliabilityFirst continuously evaluates auditing practices for improvements to help streamline the audit process for the auditors and the registered entity

4 Background Scope: 2010: ReliabilityFirst is evaluating CIP compliance for the review period covering the previous full calendar year up through the end of audit date (based on Data Retention defined in the CIP Standards)  2010 audits cover 1/1/09 through end of audit 2011: ReliabilityFirst is evaluating CIP compliance for the review period of 10/1/10 through the end of audit date to coincide with the release of the CIP V3 standards.  2011 CMEP Implementation Plan and Actively Monitored List will define the “minimum list” of CIP requirements within scope. Compliance is assessed against: CIP V1 standards from 1/1/09 to 3/31/10 CIP V2 standards from 4/1/10 to 9/30/10 CIP V3 standards from 10/1/10 and on………

5 Background ReliabilityFirst is sharing the following observations for entity awareness in preparation for an upcoming CIP 43 Audit

6 CIP 43 Audit Observations CIP 43 vs. CIP 13: 2 teams of 3 vs. 1 team of 3, including the Audit Team Lead (ATL)  Each team focused on specific CIP Standards CIP 43 Onsite review started ½ day earlier  (Monday @ 1:00 pm vs. Tuesday @ 8:30 am) CIP 43 requires 2-3 wks of coordinated, web based pre-audit reviews by the two audit teams  CIP 13 usually required less with only one team Greater focus on final findings during pre-audit reviews

7 CIP 43 Audit Observations Audit - completed in 1 wk onsite ½ days: Monday (pm) & Friday (am) 8-10 hr days:Tuesday through Thursday  Based on onsite progress, additional time would have been scheduled to complete onsite objectives, if necessary  While onsite, managing the hrs spent auditing allowed for daily recap and a fresh start the next day

8 CIP 43 Audit Observations Audit team and Entity’s Primary Compliance Contact worked closely to manage the agenda and SME coordination between both audit teams Entity SMEs split their time, as needed Effective and timely coordination within the team and with the entity allowed for meeting the schedule demands

9 CIP 43 Audit Observations Onsite data requests had an assigned due date prior to the pre-established deadline Due dates were agreed to by the entity and flexibility was granted where appropriate

10 CIP 43 Audit Observations Evidence was voluminous but organized extremely well Entity bookmarked all versions of policies, procedures, processes, programs and test results for entire audit review period This resulted in efficient evidentiary reviews that supported the schedule demands

11 CIP 43 Audit Observations Daily status reports were issued to keep the entity and audit team abreast of the overall audit status The entity and audit team appreciated the value of the daily status report At the end of each day, audit team met to discuss status, results, questionable interpretations, problem areas, expectations and plans for the next day

12 CIP 43 Audit Observations The audit team used the following tools and techniques to supplement evidentiary reviews: CIP-002: Entity presented its process for determining Critical Assets and Critical Cyber Assets per its risk based assessment methodology Examined the meaning of “essential to the operation” with regard to remote cyber access Examined other systems that access Critical Assets and how the risks of those systems are addressed

13 CIP 43 Audit Observations CIP-003: Regionally developed “Cyber Security Policy” checklist was used to confirm the entity’s cyber security policy addressed all CIP-002 thru CIP-009 requirements CIP-004: Regionally developed ”CIP-004” checklist was used to evaluate training, PRA and physical / electronic access records for a designated sample size. –Supporting evidence for each date, activity, record was cross-checked against the checklist

14 CIP 43 Audit Observations CIP-006: Conducted thorough walk thru of main control center, backup control center and IT data centers Checked drop ceilings, cages, raised floors, HVAC and maintenance penetrations Evaluated unauthorized access attempts (i.e. held door). Evaluated physical access controls (i.e. monitoring, logging, alarming, security personnel activities)

15 CIP 43 Audit Observations CIP-005 & CIP-007: Strategic (haphazard) sampling was utilized  The audit team selected four applications representing major processes and walked through entity procedures associated with each requirement Evaluated firewall rule-sets and compared physical ESP device connections (i.e. ports) against diagrams and documentation

16 CIP 43 Audit Observations CIP-008 & CIP-009: Reviewed the meaning of “annual”; how it relates to applicable requirements; and the audit team’s evidentiary expectations Reviewed “Bookending” expectations regarding exercising of Cyber Security Incident Response Plans and Recovery Plans for Critical Cyber Assets

17 CIP 43 Next Steps ReliabilityFirst is preparing for the 2011 CIP Audit Schedule CIP 43 and 693 audits will be conducted separately Regional Entities are sharing audit observations to help develop effective practices and regional consistencies, where practical ReliabilityFirst will implement audit process improvements, as necessary, based on audit observations We welcome your support and preparedness in making your CIP 43 Audit a success!!!!!!

18 Questions Questions should be emailed to Karen Yoder (karen.yoder@rfirst.org) Subject: “CIP WEBINAR”karen.yoder@rfirst.org Questions will be considered in the order they are received Clarifying questions are welcome and we will do our best to answer during the question period Challenges to a position should be addressed to the presenter and will be taken offline

Download ppt "CIP 43 ReliabilityFirst Audit Observations ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Tony Purgar, Sr. Consultant - Compliance."

Similar presentations

MONITORING OF SUBGRANTEES

MONITORING OF SUBGRANTEES
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Q1 Q – The data retention period for Standards CIP-002 to CIP-009 versions 2 and 3 state: “The Responsible Entity shall keep all documentation and records.

Q1 Q – The data retention period for Standards CIP-002 to CIP-009 versions 2 and 3 state: “The Responsible Entity shall keep all documentation and records.
Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.

Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.
Fiscal Monitoring Fiscal Monitoring. Agenda I. Fiscal Monitoring I. Fiscal Monitoring II. Follow-up II. Follow-up III. Correction Action Plan III. Correction.

Fiscal Monitoring Fiscal Monitoring. Agenda I. Fiscal Monitoring I. Fiscal Monitoring II. Follow-up II. Follow-up III. Correction Action Plan III. Correction.
1 Hot Topics in the CIP Standards First Quarter 2010 Dial-in Number: 877-309-4265 Meeting ID: 1299 Password: 123789  If possible, please consolidate your.

1 Hot Topics in the CIP Standards First Quarter 2010 Dial-in Number: Meeting ID: 1299 Password:  If possible, please consolidate your.
CIP Spot Check Process Gary Campbell Manager of Compliance Audits ReliabilityFirst Corporation August, 2009.

CIP Spot Check Process Gary Campbell Manager of Compliance Audits ReliabilityFirst Corporation August, 2009.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.

1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
1 Ports and Services An Audit Approach ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.

1 Ports and Services An Audit Approach ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.
Bryan J. Carr, PMP, CISA Compliance Auditor, Cyber Security

Bryan J. Carr, PMP, CISA Compliance Auditor, Cyber Security
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Notice of Compliance Audit

Notice of Compliance Audit
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
FPSC Safety, LLC ISO 14001 4.5.4 AUDIT.

FPSC Safety, LLC ISO AUDIT.
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
Network security policy: best practices

Network security policy: best practices
Photocopies Occasionally need uncontrolled copies

Photocopies Occasionally need uncontrolled copies
Supplier Overview of Johnson & Johnson MD&D Supplier Quality Standard Operating Procedures (SOPs) Supplier Business Reviews.

Supplier Overview of Johnson & Johnson MD&D Supplier Quality Standard Operating Procedures (SOPs) Supplier Business Reviews.

Similar presentations

Ads by Google