Examples of Protected Cyber Asset in a sentence
The approach of defining a plan allows the Responsible Entity to document the processes that are supportable within its organization and in alignment with its change management processes.Transient Cyber Assets and Removable Media are those devices connected temporarily to: (1) a BES Cyber Asset, (2) a network within an ESP, or (3) a Protected Cyber Asset.
There are few requirement differences between those for a BES Cyber Asset and a Protected Cyber Asset.
Figure 10: PMU or PDC operated in substation, without ESP, not for control In this case, the PMU or PDC is neither a BES Cyber Asset, nor a Protected Cyber Asset, and there are no auditable CIP V5 requirements for the PMU or PDC.
The six new or revised definitions proposed for inclusion in the NERC Glossary are: (1) BES Cyber Asset; (2) Protected Cyber Asset; (3) Low Impact Electronic Access Point; (4) Low Impact External Routable Connectivity; (5) Removable Media; and (6) Transient Cyber Asset.
If the PDC at the Control Center is on the same network (i.e., inside of the ESP) containing other medium impact BES Cyber Assets (such as an EMS or SCADA system), it is considered a Protected Cyber Asset, and is subject to essentially the same set of requirements as a medium impact BES Cyber Asset at a Control Center, regardless of the use of the PDC or PMU data that it contains.
However, in this scenario, the PMU or PDC is co-located on the same LAN as BES Cyber Assets, and is therefore characterized as a Protected Cyber Asset, see Figure 11.
As those definitions were originally drafted for use of transient electronic devices at high and medium impact BES Cyber Systems only, they include references to other NERC Glossary terms – Electronic Security Perimeter and Protected Cyber Asset – that specifically relate to concepts or requirements associated with high and medium impact BES Cyber Systems only.
NERC also explains that the proposed implementation plan includes effective dates for the new and modified definitions associated with: (1) Transient devices ( i.e., BES Cyber Asset, Protected Cyber Asset, Removable Media, and Transient Cyber Asset); and(2) Low Impact controls (i.e., Low Impact Electronic Access Point and Low Impact External Routable Connectivity).
If a PMU or PDC is not a BES Cyber Asset (or is not a Protected Cyber Asset on the same network as an other BES Cyber Asset), it is not assessed by these criteria.
The initial step in understanding the manner in which the CIP standards apply to network monitoring deployments is to determine whether the sensor to be deployed is a Cyber Asset, BES Cyber Asset, and then a BES Cyber System or other type of Cyber Asset subject to requirements of the CIP standards, such as a Protected Cyber Asset (PCA) or Electronic Access Control or Monitoring System (EACMS).