NERC FFT Reports: Reliability Standard CIP-007-3a | White & Case LLP International Law Firm, Global Law Practice
NERC FFT Reports: Reliability Standard CIP-007-3a

NERC FFT Reports: Reliability Standard CIP-007-3a

White & Case NERC Database

This page contains the FFT (Find, Fix and Track) summaries. Click here to read the NOP (Notice of Penalty)/ACP (Administrative Citation of Penalty) summaries.

Unidentified Registered Entity 3 (WECC_URE3), Docket No. RC13-9-000 (May 30, 2013)

Reliability Standard: CIP-007-3a

Requirement: 6

Region: WECC

Issue: WECC_URE3 self-reported that it did not implement required protective measures for a single Cyber Asset. The Cyber Asset lacked automated tools or organizational process controls to monitor system events. WECC_URE3 failed to timely file a technical feasibility exception (TFE) request.

Finding: WECC found that this issue posed a minimal, but not a serious or substantial risk to BPS reliability. The violation only impacted a single Cyber Asset that was located within an Electronic Security Perimeter that monitored system events and controlled electronic access.

Unidentified Registered Entity 4 (WECC_URE4), Docket No. RC13-9-000 (December 31, 2013)

Reliability Standard: CIP-007-3a

Requirement: 5

Region: WECC

Issue: Following a compliance audit, WECC found that for one year WECC_URE4 could not show that it changed its passwords for its admin/shared/services accounts.

Finding: WECC found that this issue posed a minimal, but not a serious or substantial, risk to BPS reliability, as there was no access to the accounts outside of a PSP or ESP. Only authorized personnel could gain access.