100 likes | 257 Views
CIP Submittals - July 2010. Tony Purgar June 22, 2010. Topics. Background Portal Update CIP 002 thru 009 Self Certification Forms Functional Specific (i.e. BA, RC, TOP – SCC, Other) Nuclear CIP Supplemental Questionnaire Portal Timing Reporting Periods Q & A. Background.
E N D
CIP Submittals - July 2010 Tony Purgar June 22, 2010
Topics • Background • Portal Update • CIP 002 thru 009 Self Certification Forms • Functional Specific (i.e. BA, RC, TOP – SCC, Other) • Nuclear • CIP Supplemental Questionnaire • Portal Timing • Reporting Periods • Q & A
Background • ReliabilityFirst has been collecting CIP Self Certifications, in the ReliabilityFirst Portal, on a bi-annual basis since 2008. • Custom portal forms have been developed and are updated for each bi-annual self certification data collection. • The forms are identified as CIP 002 – 009 and are function specific (i.e. BA, RC, TOP, etc) • In Jan – 2010, ReliabilityFirst introduced the CIP 002 – 009 Nuclear Form • ReliabilityFirst has been collecting a CIP Supplemental Questionnaire, in the ReliabilityFirst Portal, on a bi-annual basis since 2009.
Portal Update • CIP 002 – 009 Forms are being updated for the July 2010 data collection. • Each form includes specific questions about the Risk Based Assessment Methodology (RBAM), Critical Assets, Critical Cyber Assets, Cyber Security Policy and the identification of the Senior Manager per CIP-003 R2 • Each form collects a registered entity’s compliance status with schedule/explanation, for each CIP Requirement, per the (Revised) Implementation Plan for Cyber Security Standards CIP-002-1 through CIP-009-1. • The plan includes tables that specify the compliance schedules for entities. • Compliance Status options are: Not Started (NS), Begin Work (BW), Substantially Compliant (SC), Compliant (C), Auditable Compliant (AC).
Portal Update • CIP 002-009 Nuclear Form • Introduced in Jan-2010 • Being utilized for the second time in July 2010 • Applies to Registered Entities who own or operate a nuclear unit. • Content is same as functional specific forms • Current updates include: • One form must be filled out for each nuclear unit • Collection of the nuclear unit name (since collecting on form per unit)
Portal Update • CIP Supplemental Questionnaire • As of 5/25/10, NERC announced to the Regional Entities that this questionnaire would not be administered by the regions for the July 2010 CIP data collection. • Plans are to administer this questionnaire in Jan-2011 using a section 1600 data request.
Portal Timing • CIP 002 – 009 Self Certification Forms • 7/1/10 – Start Date (Forms available in the Portal) • 8/2/10 – Due Date (Entity Submittal date) • 8/16/10 – Lockout Date (Forms no longer available)
Reporting Period • CIP 002 – 009 Self Certification Forms • Per “NERC Compliance Process Bulletin #2010-002: Update to 2010 CMEP Implementation Plan”: • Compliance_Process_Bulletin_2010-002_Update_2010 Implementation Plan.pdf • With CIP V2 standards effective on 4/1/10, special consideration was needed for the 2010 bi-annual CIP self certifications.
Reporting Period • CIP 002 – 009 Self Certification Forms • Self-certification due in July 2010 will cover compliance with CIP Version 1 standards for the period from 1/1/10 – 3/31/10. • Self-certification due in January 2011 will cover compliance with CIP Version 2 standards for the period April 1, 2010 through December 31, 2010. • It is expected that this will be the last bi-annual self certification. • Plans are to release annual CIP Self Certification forms (similar to dynamic Portal self cert forms) for use in latter 2011.
Questions • Questions should be emailed to Matt Thomas (matt.thomas@rfirst.org), Subject: “CIP WEBINAR” • Questions will considered in the order they are received • Clarifying questions are welcome and we’ll do our best to answer during the question period • Challenges to a position should be addressed to the presenter and will be taken offline