CIP-004: Cyber Security Measures
- M1. The Responsible Entity shall make available documentation of its security awareness and reinforcement program as specified in Requirement R1.
- M2. The Responsible Entity shall make available documentation of its cyber security training program, review, and records as specified in Requirement R2.
- M3. The Responsible Entity shall make available documentation of the personnel risk assessment program and that personnel risk assessments have been applied to all personnel who have authorized cyber or authorized unescorted physical access to Critical Cyber Assets, as specified in Requirement R3.
- M4. The Responsible Entity shall make available documentation of the lists, list review and update, and access revocation as needed as specified in Requirement R4.
Copyright © Cloud Software Group, Inc. All rights reserved.