NERC CIP 005 warrants protection and identification of electronic security perimeters within which all the critical cyber assets are found. Besides all the access points are found within the parameter. The responsible entity ensures that all the critical cyber assets lie within the electronic security parameter. The responsible entity also document and identifies electronic security parameter and all the access points in the parameter. To be compliant, 005 should maintain and create inventories of electronics as part of critical assets list or essential to critical assets operation.
NERC CIP 005 version standards offer a wide array of significant changes which address issues which were addressed in the other North American Electric Reliability Corporation guidelines and Compliance Application Notices (CAN). The 005 version reduces the overarching requirements from five to two. More so, the 005 version changes some terminologies. Critical Cyber Asset is now referred to as BES Cyber Systems, non-Critical Cyber Asset is now referred to as PCA (Protected Cyber Assets).
Energy Management Pics