On July 8, 2015, FoxGuard Solutions submitted a request for Interpretation of the terms “source or sources” as used in Table 2 of both CIP-007-5. Requirement R2 of CIP-007-5 references Table 2 as follows:
The NERC Standards Committee accepted the request for Interpretation at the September 23, 2015 meeting.
Standard Affected: CIP-007-5 - Cyber Security - System Security Management
Purpose/Need FoxGuard Solutions stated that the lack of clarity on what constitutes a “source” could cause Responsible Entities to spend unrecoverable person-hours attempting to monitor individual sources of cyber security patches for hundreds (if not thousands) of operating systems, software applications, network devices and field devices. The possibility of overlooking an available cyber security patch released from the vendor is increased due to the sheer number increased systems / devices now under scope of CIP-007-5. The greatest impact on the Responsible Entity would be for their High and Medium Impact assets.
home | account log-in/register | legal and privacy/trademark policy | site map | careers | contact us
Atlanta Office | 3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560 Washington Office | 1325 G Street, NW Suite 600, Washington, DC 20005| 202-400-3000
Copyright 2017 North American Electric Reliability Corporation. All rights reserved.