NERC FFT Reports: Reliability Standard CIP-007-3a

Alert

1 min read

 

Unidentified Registered Entity 3 (WECC_URE3), Docket No. RC13-9-000 (May 30, 2013)

Reliability Standard: CIP-007-3a

Requirement: 6

Region: WECC

Issue: WECC_URE3 self-reported that it did not implement required protective measures for a single Cyber Asset. The Cyber Asset lacked automated tools or organizational process controls to monitor system events. WECC_URE3 failed to timely file a technical feasibility exception (TFE) request.

Finding: WECC found that this issue posed a minimal, but not a serious or substantial risk to BPS reliability. The violation only impacted a single Cyber Asset that was located within an Electronic Security Perimeter that monitored system events and controlled electronic access.

Unidentified Registered Entity 4 (WECC_URE4), Docket No. RC13-9-000 (December 31, 2013)

Reliability Standard: CIP-007-3a

Requirement: 5

Region: WECC

Issue: Following a compliance audit, WECC found that for one year WECC_URE4 could not show that it changed its passwords for its admin/shared/services accounts.

Finding: WECC found that this issue posed a minimal, but not a serious or substantial, risk to BPS reliability, as there was no access to the accounts outside of a PSP or ESP. Only authorized personnel could gain access.

Top