What does CIP-002 R1.3 specifically require regarding low impact BES Cyber Systems?

The requirement outlined in CIP-002 R1.3 specifically focuses on the identification of low impact Bulk Electric System (BES) Cyber Systems. This part of the standard emphasizes the importance of knowing which systems are classified as low impact, as they still play a role in the overall security posture of the electricity grid. Identifying these assets is crucial for implementing appropriate security measures and ensuring they are managed as part of the organization’s cybersecurity strategy.

In addition, while documentation, mitigation strategies, and audits are significant aspects of cybersecurity management, they are not the primary focus of CIP-002 R1.3. The standard specifically calls for the identification of low impact systems, which serves as a foundational step for any further actions related to cybersecurity, such as documentation, mitigation, and audits that may be addressed in other standards or requirements. Thus, recognizing low impact BES Cyber Systems is a critical first step in establishing protections and ensuring compliance with the overall NERC CIP standards.