2008_Self_Certification_Q4

Document Sample
2008_Self_Certification_Q4 Powered By Docstoc
					                                                                     0b2c4e83-a4ff-4fd0-af0a-252e3385340c.xls




NERC Reliability Status Worksheet
[Self-Certification form for CIP-002-1 though CIP-009-1]

Regional Entity File ID Number:

Reliability Standards
Number: CIP-002-1 though CIP-009-1
Title: Cyber Security
Applicability: RC, BA, TSP, TO, TOP, GO, GOP, LSE, IA, NERC, RRO
Where:      RC - Reliability Coordinator
                       BA - Balancing Authority
                       TSP - Transmission Service Provider
                       TO - Transmission Owner
                       TOP - Transmission Operator
                       GO - Generator Owner
                       GOP - Generator Operator
                       LSE - Load Serving Entity
                       IA - Interchange Authority
                       NERC - NERC
                       RRO - Regional Reliability Organization

Registered Entity Identification
Name:
Functional Type(s):
Registration Date:

Self Certification information
Self-Certification Type: Status Update and Certification of Compliance (as specified in the implementation plan)
Self-Certification Date: End of Q4-2008 (December 31, 2008)
Self-Certification Due Date: 1/31/2009

Process Instructions


           Please input your status into the Questions Tab and the CIP-002 through 009 Status Tab. For each function that your organization
        1) has registered for, please fill out the applicable columns.

           As some BAs and TOPs were not required to self-certify to Urgent Action (UA) Standard 1200, there are multiple columns for those
           functions. For those that were required to self-certify for UA 1200, please fill out the columns labeled "required to self-certify to
           UA1200". If you were not required to self-certify to UA 1200, please fill out the columns labeled "not required to self-certify to UA1200".
           Please note that all RCs and BAs and TOPs, that were required to self-certify to UA 1200, are required to fill out two columns for each
        2) of those functions, one for the System Control Center and one for other functions.

           Please complete the CIP-002 through 009 Status Tab. At a minimum, answers must be supplied for CIP-002-1/R1-R4 by all entities
           on the CIP-002 through 009 Status Tab. If no critical cyber assets are identified after applying your risk-based methodology, only the
           Questions Tab needs to be filled out. As a reminder, if you select "No" for line 10 then line 12 should be "No" as well; an entity cannot
        3) have Critical Cyber Assets if they have not identified any Critical Assets.

           Once you have identified the appropriate columns representing the functions for which your entity is registered, you will need to fill out
        4) your status and certification of compliance (as required in the implementation plan) for each row in that column.


        a. Status 1 or "NS" - Not Started - The Responsible Entity has not achieved all the requirements of Status 2 - Begin Work.

           Status 2 or "BW" - Begin Work - Responsible Entity has developed and approved a plan to address the requirements of a standard, has
        b. begun to identify and plan for necessary resources, and has begun implementing the requirements.

           Status 3 or "SC" - Substantially Compliant - entity is well along in its implementation to becoming compliant with a requirement, but is
        c. not yet fully compliant.

           Status 4 or "C" - Compliant - entity meets the full intent of the requirements and is beginning to maintain required "data," "documents,"
        d. "documentation," "logs," and "records.
           Status 5 or "AC" - Auditably Compliant - entity meets the full intent of the requirement and can demonstrate compliance to an auditor,
           including 12-calendar-months of auditable "data," "documents," "documentation," "logs," and "records." Per the standards, each
        e. subsequent compliance-monitoring period will require the previous full calendar year of such material.

           If you certify a status of Not Started (NS) for any requirement, you must submit a schedule to your Regional Entity indicating the steps to
        5) achieve the required status and how prompt implementation of that particular requirement will be achieved.

           If you are unable to record that your compliance status is equal to or better than required based on your functional registration to the CIP
           Implementation Plan, you must submit a mitigation plan to your Regional Entity indicating the steps to achieve the required status and
        6) how prompt implementation of that particular requirement will be achieved.


           When submitting your status update to your Regional Entity, please include this worksheet, along with a copy of your region's signature
        7) page, which must be completed according to your Regional Entity's established procedure.


           A failure to meet the implementation plan for achieving Compliant Stage or Auditably Compliant Stage will be considered a
           compliance violation and will be subject to penalties and sanctions according to the NERC Compliance Monitoring and
           Enforcement Program and the NERC Rules of Procedure.
                         NERC Reliability Status Worksheet
 As of December 31, 2008 [Self-Certification form for CIP-002-1 though CIP-009-1]
                         Compliance Finding Summary
                                                                                                                                                               Function




                               System Ctrl Center
                               certify to UA1200-
                               BA required to self-

                                                      Functions
                                                      certify to UA1200-Other
                                                      BA required to self-

                                                                                UA1200
                                                                                to self-certify to
                                                                                BA - not required

                                                                                                     GO




                                                                                                          GOP




                                                                                                                 LSE




                                                                                                                           NERC




                                                                                                                                     RC - System Ctrl Center




                                                                                                                                                                   RC - Other Functions




                                                                                                                                                                                          RRO




                                                                                                                                                                                                IA




                                                                                                                                                                                                     TO




                                                                                                                                                                                                          System Ctrl Center
                                                                                                                                                                                                          certify to UA1200-
                                                                                                                                                                                                          TOP required to self-

                                                                                                                                                                                                                                  Functions
                                                                                                                                                                                                                                  certify to UA1200- Other
                                                                                                                                                                                                                                  TOP required to self-

                                                                                                                                                                                                                                                             certify to UA1200
                                                                                                                                                                                                                                                             TOP not required to self-


                                                                                                                                                                                                                                                                                         2008 and beyond
                                                                                                                                                                                                                                                                                         Entities Registering in
          Question




Do you have a
documented risk based
methodology that is used
to identify critical assets?
(Y/N)

Do you have
documentation describing
your risk-based
assessment methodology
that includes procedures
and evaluation criteria
(Y/N)

Does your methodology
take into consideration the
asset classes in CIP002
R1.2.1 - R1.2.7? (Y/N)

Have you identified and
documented any critical
assets using your
methodology? (Y/N)

When did you last perform
the assessment to identify
critical assets? (DATE-
MM/DD/YYYY)
Have you identified and
documented any critical
cyber assets that meet one
or more of the
requirements in CIP002
R3.1 - R3.3? (Y/N)




                                                                                                                0b2c4e83-a4ff-4fd0-af0a-252e3385340c.xls                                                                                                                                                           Page 2
                        NERC Reliability Status Worksheet
As of December 31, 2008 [Self-Certification form for CIP-002-1 though CIP-009-1]
                        Compliance Finding Summary
                                                                                                                                                               Function




                               System Ctrl Center
                               certify to UA1200-
                               BA required to self-

                                                      Functions
                                                      certify to UA1200-Other
                                                      BA required to self-

                                                                                UA1200
                                                                                to self-certify to
                                                                                BA - not required

                                                                                                     GO




                                                                                                          GOP




                                                                                                                 LSE




                                                                                                                           NERC




                                                                                                                                     RC - System Ctrl Center




                                                                                                                                                                   RC - Other Functions




                                                                                                                                                                                          RRO




                                                                                                                                                                                                IA




                                                                                                                                                                                                     TO




                                                                                                                                                                                                          System Ctrl Center
                                                                                                                                                                                                          certify to UA1200-
                                                                                                                                                                                                          TOP required to self-

                                                                                                                                                                                                                                  Functions
                                                                                                                                                                                                                                  certify to UA1200- Other
                                                                                                                                                                                                                                  TOP required to self-

                                                                                                                                                                                                                                                             certify to UA1200
                                                                                                                                                                                                                                                             TOP not required to self-


                                                                                                                                                                                                                                                                                         2008 and beyond
                                                                                                                                                                                                                                                                                         Entities Registering in
         Question




Identify the senior manager
or delegates who approved
the list of critical assets
and list of critical cyber
assets for each registered
function. * List below
referencing the functions
to the names.


* Please identify the senior
manager or delegate(s)
who approved the list of
Critical Assets and the list
of Critical Cyber Assets for
each function your are
registered for:




                                                                                                                0b2c4e83-a4ff-4fd0-af0a-252e3385340c.xls                                                                                                                                                           Page 3
                                                                                                                                                                                 0b2c4e83-a4ff-4fd0-af0a-252e3385340c.xls




                          NERC Reliability Status Worksheet                                                               Specify:              NS - Not Started                                                                                                                                                NS   BW   SC   C   AC
                          [Self-Certification form for CIP-002-1 though CIP-009-1]                                                              BW - Begin Work
                          Compliance Finding Summary                                                                                            SC - Substantially Compliant
As of December 31, 2008
                                                                                                                                                C - Compliant
                                                                                                                                                AC - Auditably Compliant

                                                                                                                                                Function
                           System Ctrl Center
                           certify to UA1200-
                           BA required to self-

                                                  Other Functions
                                                  certify to UA1200-
                                                  BA required to self-


                                                                         self-certify to UA1200
                                                                         BA - not required to



                                                                                                  GO




                                                                                                       GOP




                                                                                                             LSE




                                                                                                                   NERC



                                                                                                                             Center
                                                                                                                             RC - System Ctrl



                                                                                                                                                    RC - Other Functions




                                                                                                                                                                           RRO




                                                                                                                                                                                     IA




                                                                                                                                                                                                 TO



                                                                                                                                                                                                          System Ctrl Center
                                                                                                                                                                                                          certify to UA1200-
                                                                                                                                                                                                          TOP required to self-

                                                                                                                                                                                                                                  Other Functions
                                                                                                                                                                                                                                  certify to UA1200-
                                                                                                                                                                                                                                  TOP required to self-


                                                                                                                                                                                                                                                          self-certify to UA1200
                                                                                                                                                                                                                                                          TOP not required to



                                                                                                                                                                                                                                                                                   TSP



                                                                                                                                                                                                                                                                                         in 2008 and beyond
                                                                                                                                                                                                                                                                                         Entities Registering
 Standard/Requirement




     CIP-002-1 R1

     CIP-002-1 R2

     CIP-002-1 R3

     CIP-002-1 R4

     CIP-003-1 R1

     CIP-003-1 R2

     CIP-003-1 R3

     CIP-003-1 R4

     CIP-003-1 R5

     CIP-003-1 R6

     CIP-004-1 R1

     CIP-004-1 R2

     CIP-004-1 R3

     CIP-004-1 R4

     CIP-005-1 R1

     CIP-005-1 R2

     CIP-005-1 R3

     CIP-005-1 R4

     CIP-005-1 R5

     CIP-006-1 R1

     CIP-006-1 R2

     CIP-006-1 R3

     CIP-006-1 R4

     CIP-006-1 R5

     CIP-006-1 R6

     CIP-007-1 R1

     CIP-007-1 R2

     CIP-007-1 R3

     CIP-007-1 R4

     CIP-007-1 R5

     CIP-007-1 R6

     CIP-007-1 R7

     CIP-007-1 R8

     CIP-007-1 R9

     CIP-008-1 R1

     CIP-008-1 R2

     CIP-009-1 R1

     CIP-009-1 R2

     CIP-009-1 R3




                                                                                                                                                                                          CIP-002 through 009 Status                                                                                                                    Page 4
                                                                                                                                                                                              Page 5
                                           AC
                                           C
                                           SC
                                           BW
                                           NS




                                                                                                                                 Entities Registering
                                                                                                                                 in 2008 and beyond
                                                                                                                                 TSP
                                                                                                                                 TOP not required to
                                                                                                                                 self-certify to UA1200
                                                                                                                                 TOP required to self-
0b2c4e83-a4ff-4fd0-af0a-252e3385340c.xls




                                                                                                                                 certify to UA1200-
                                                                                                                                 Other Functions




                                                                                                                                                                                              CIP-002 through 009 Status
                                                                                                                                 TOP required to self-
                                                                                                                                 certify to UA1200-
                                                                                                                                 System Ctrl Center
                                                                                                                                 TO
                                                                                                                                 IA
                                           SC - Substantially Compliant

                                           AC - Auditably Compliant




                                                                                                                                 RRO
                                           BW - Begin Work
                                           NS - Not Started


                                           C - Compliant


                                                                                                                      Function




                                                                                                                                 RC - Other Functions
                                           Specify:




                                                                                                                                 RC - System Ctrl
                                                                                                                                 Center
                                                                                                                                 NERC
                                                                                                                                 LSE
                                           [Self-Certification form for CIP-002-1 though CIP-009-1]




                                                                                                                                 GOP
                                                                                                                                 GO
                                           NERC Reliability Status Worksheet

                                           Compliance Finding Summary




                                                                                                                                 BA - not required to
                                                                                                                                 self-certify to UA1200
                                                                                                                                 BA required to self-
                                                                                                                                 certify to UA1200-
                                                                                                                                 Other Functions
                                                                                                                                 BA required to self-
                                                                                                                                 certify to UA1200-
                                                                                                                                 System Ctrl Center
                                                                                            As of December 31, 2008




                                                                                                                                         Standard/Requirement




                                                                                                                                                                CIP-009-1 R4

                                                                                                                                                                               CIP-009-1 R5

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:19
posted:3/7/2012
language:
pages:5