Status:

A successive ballot concluded on April 28, 2011.  The ballot achieved a quorum of 79.66% and an approval of 38%.  The drafting team is reviewing all comments received.

Background:

Provide requirements for Cyber Assets used to access Critical Cyber Assets (and other non-critical Cyber Assets within a defined Electronic Security Perimeter) from outside their Electronic Security Perimeter.

Recent discovery and announcement of vulnerabilities for remote access methods and technologies, that were previously thought secure and in use by a number of large electric sector entities, necessitate urgent changes to industry security control standards.  Currently, no requirements or guidance documents are available to either require or recommend how secure remote access to Critical Cyber Assets (and other non-critical Cyber Assets within a defined Electronic Security Perimeter) can or should be accomplished.   This expedited action will provide a (set of) mandatory and auditable requirement(s) for configuring secure remote access to Cyber Assets and electronic access control points (and other non-critical Cyber Assets within a defined Electronic Security Perimeter).  A supplementary guidance document recommends actions and best practice use-cases of in-place implementations to show how secure remote access may be implemented by a Responsible Entity.