CIP-007: Cyber Security Measures
- M1. The Responsible Entity shall make available documentation of its security test procedures as specified in Requirement R1.
- M2. The Responsible Entity shall make available documentation as specified in Requirement R2.
- M3. The Responsible Entity shall make available documentation and records of its security patch management program, as specified in Requirement R3.
- M4. The Responsible Entity shall make available documentation and records of its malicious software prevention program as specified in Requirement R4.
- M5. The Responsible Entity shall make available documentation and records of its account management program as specified in Requirement R5.
- M6. The Responsible Entity shall make available documentation and records of its security status monitoring program as specified in Requirement R6.
- M7. The Responsible Entity shall make available documentation and records of its program for the disposal or redeployment of Cyber Assets as specified in Requirement R7.
- M8. The Responsible Entity shall make available documentation and records of its annual vulnerability assessment of all Cyber Assets within the Electronic Security Perimeters(s) as specified in Requirement R8.
- M9. The Responsible Entity shall make available documentation and records demonstrating the review and update as specified in Requirement R9.
Copyright © Cloud Software Group, Inc. All rights reserved.