|
---|
Category:Slides and Viewgraphs
MONTHYEARML23206A2082023-03-14014 March 2023 RIC 2023 W-15 Introductory Presentation: Empowering Advanced Nuclear Deployment with Non-Power Reactors ML22298A0122022-10-20020 October 2022 Official Transcript of Proceeding Stakeholder Outreach Meeting on the NRC Staff'S SECT-22-0076 Regarding Expansion of Current Policy on Potential Common-Cause Failures in Digital Instrumentation and Control Systems, Pages 1-105 ML22082A2432022-03-31031 March 2022 M220331: Staff Slides - Joint Meeting of the Federal Energy Regulatory Commission and the Nuclear Regulatory Commission ML22084A4012022-03-31031 March 2022 M220331: Slides - H. Gugel, NERC - Joint Meeting of the Federal Energy Regulatory Commission and the Nuclear Regulatory Commission ML22084A4022022-03-31031 March 2022 M220331: Slides - D. Huff, H. Polzin, FERC - Joint Meeting of the Federal Energy Regulatory Commission and the Nuclear Regulatory Commission ML22084A4042022-03-31031 March 2022 M220331: Slides - E. Katz, FERC Opp - Joint Meeting of the Federal Energy Regulatory Commission and the Nuclear Regulatory Commission ML22084A4032022-03-31031 March 2022 M220331: Slides - FERC-NRC - Joint Meeting of the Federal Energy Regulatory Commission and the Nuclear Regulatory Commission ML21081A1652021-03-22022 March 2021 David Lochbaum Presentation ML21194A2492021-03-11011 March 2021 Introductory Remarks - Commissioner Jeff Baran: Analytics, Machine Learning, and Artificial Intelligence for Nuclear Power Plant Activities ML21015A1992021-01-21021 January 2021 Presentation - NRC Materials Research for Aging Management of Cables ML20356A2352020-12-0101 December 2020 Day 3 - Program and Presentations of Workshop: Digital Twin Applications for Advanced Nuclear Technologies, December 1 - 4, 2020 - Part 4 of 5 ML20050P1072020-02-25025 February 2020 M200225: Slides - Sena ML20050P1022020-02-25025 February 2020 M200225: Slides - Griffith ML20050P1032020-02-25025 February 2020 M200225: Slides - Lyman ML20050P1242020-02-25025 February 2020 M200225: Slides - Staff ML20050P1312020-02-25025 February 2020 M200225: Slides - Wilmshurst ML12053A2092012-02-22022 February 2012 M120222B - Slides, Briefing on Fort Calhoun ML11228A2312009-08-13013 August 2009 State-of-the-Art Reactor Consequence Analyses (Soarca); Semi-Annual Briefing for Commission Tas ML11228A2302009-04-14014 April 2009 State-of-the-Art Reactor Consequence Analyses; Semi-Annual Briefing for Commission Technical Assistants ML11228A2292008-12-17017 December 2008 Soarca Seismic Issue; Briefing for the Commissioners' Technical Assistants ML11228A2282008-09-10010 September 2008 State-of-the-Art Reactor Consequence Analyses (Soarca); Semi-Annual Briefing for Commission Technical Assistants ML11228A2272008-06-0202 June 2008 State-of-the-Art Reactor Consequence Analyses; Briefing for Commission Technical Assistants ML0425400842004-09-0303 September 2004 2-2 Emergency Preparedness & Exclusion Zone Requirements for Indian NPPs - Bajaj ML0420803352004-07-21021 July 2004 M040721 - Meeting with ACNW (Slides) ML0313605022003-05-15015 May 2003 M030515 - Briefing on Results of Agency Action Review Meeting. Slides ML0300602422002-12-0303 December 2002 Slides - Preliminary Results of Environmental Review St. Lucie, Units 1 & 2, 12/03/2002 ML0227003342002-09-27027 September 2002 Status of NRC Staff Review of Fenoc'S Bulletin 2001-01 Response for Davis-Besse with Handwritten Notes 2023-03-14
[Table view]Some use of "" in your query was not closed by a matching "". |
Text
Highlights of the 2021 Report on Lessons Learned from the FERC-led Cybersecurity Audits 1
Lessons Learned Report - Background
- A staff report derived from the Commission's nonpublic CIP compliance audits conducted over the previous fiscal year.
- Issued publicly on an annual basis to help entities assess cybersecurity risk and compliance with mandatory reliability standards and, more generally, facilitate efforts to improve the security of the nations electric grid.
- Contains recommendations to help users, owners, and operators of the BPS improve their compliance with the CIP Standards and their overall cybersecurity posture.
2
Lessons Learned Report - Background
- The CIP audits are conducted by OER staff, with assistance from OE staff.
- Regional Entity and NERC staff actively participate on the audits and have access to all evidence.
- The Lessons Learned Reports are developed collaboratively by OER and OEIS staff.
- Five (5) annual reports with a total of 64 lessons issued to date:
- 2021 Report (14 lessons learned)
- 2020 Report (12 lessons learned)
- 2019 Report (7 lessons learned)
- 2018 Report (10 lessons learned)
- 2017 Report (21 lessons learned) 3
2021 Lessons Learned Report CIP-002
- Enhance policies and procedures to include evaluation of Cyber Asset misuse and degradation during asset categorization.
CIP-003
- Properly document and implement policies, procedures, and controls for low impact Transient Cyber Assets (TCAs).
CIP-004
- Implement a defined workflow to enhance processes for the verification of electronic access, unescorted physical access, and access to BES Cyber System Information (BCSI).
- Base access to BCSI on need to know.
4
2021 Lessons Learned Report CIP-007
- Enhance physical and logical port protection controls for Cyber Assets.
- Review the system access control program periodically to ensure processes and procedures are implemented as documented.
CIP-009
- Enhance recovery and testing plans to include a sample of any offsite backup images in the representative sample of data used to test the restoration of BES Cyber Systems.
5
2021 Lessons Learned Report CIP-010
- Review configuration change management processes periodically and ensure that they are implemented properly.
- Enhance configuration change management procedures and controls to document and account for differences between test and production environments.
- Improve vulnerability assessments to include credential-based scans of Cyber Assets.
- Properly document and implement policies, procedures, and controls for medium and high impact TCAs.
6
2021 Lessons Learned Report CIP-011
- Enhance policies and procedures to include BCSI spillage investigation and response.
- Enhance policies, procedures, and controls to properly track, document and monitor BCSI storage locations.
Internal Controls
- Enhance internal compliance and controls programs to include control documentation processes and associated procedures pertaining to compliance with the CIP Reliability Standards.
7
8