CIP Standards Basics

Question 1

CIP-002

Answer 1

Asset Identification and Classification
- Facility Classification
- Asset Identification
- Inventory Approval

Question 2

CIP-003

Answer 2

Policy and Governance
- Designation of Senior Responsible Official
- Policy Creation and Maintenance
- Policy Creation and Maintenance for Low-Impact Assets

Question 3

CIP-004

Answer 3

Personnel and Training
- Security Awareness
- Background Checks
- Training
- Access Management
- Access Review

Question 4

CIP-005

Answer 4

Network Security
- Creation of Electric Security Perimeters or Virtualized Equivalents
- Management of Secure Interactive Remote Access

Question 5

CIP-006

Answer 5

Physical Security of Cyber Assets
- Physical Security Plans
- Creation and Monitoring of Physical Security Parameters

Question 6

CIP-007

Answer 6

System Security Controls
- Patch Management
- Management of Ports and Services
- Malware Prevention
- Security Event Logging
- Management of Shared Accounts
- Password and Credential Management

Question 7

CIP-008

Answer 7

Cyber Security Incident Response
- Basically self explanatory, just make sure the incident response is in place

Question 8

CIP-009

Answer 8

Recovery Plans
- Continuity of Operations
- Backup and Restoration

Question 9

CIP-010

Answer 9

Change and Vulnerability Management
- Configuration Capture and Management
- Change Management and Monitoring
- Vulnerability Management
- Management of Transient Cyber Assets

Question 10

CIP-011

Answer 10

Protection of BES Cyber System Information
- Classification and Protection of Information
- Disposal of Media

Question 11

CIP-012

Answer 11

Control Center Communications

Question 12

CIP-013

Answer 12

Supply Chain Security

Question 13

CIP-014

Answer 13

Physical Security of Key Substations

Question 14

CIP-015-1

Answer 14

Internal Network Security Standard to Strengthen ICS Defenses (Industrial Control Systems)