Under which requirement is the identification of medium impact BES Cyber Systems detailed?

The identification of medium impact Bulk Electric System (BES) Cyber Systems is detailed in CIP-002 R1.2. This requirement specifically focuses on the categorization of BES Cyber Systems based on their potential impact to the reliability of the grid. In this context, each category—low, medium, and high impact—has distinct criteria and implications for how organizations must approach their security measures.

CIP-002 R1.2 emphasizes the need for a systematic process to determine which Cyber Systems fall into the medium impact category. This classification is essential for ensuring that appropriate security controls and risk management strategies are implemented to protect these systems effectively.

The other requirements under CIP-002 provide context and guidelines for the overall categorization process, but R1.2 is specifically where medium impact systems are addressed in detail, affirming their unique characteristics and the corresponding security measures required.