Search

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with PRC-023-6. You may want to consider these three objectives: 

Control Objective 1: Track data associated with applicable circuits and equipment. (Asset/System Management and Maintenance)
Control Objective 2: Determine protection system settings. (System Protection) 
Control Objective 3: Coordinate protection system settings with external entities. (System Protection)
 

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with MOD-026-1 You may want to consider these three objectives: 

Control Objective 1: Periodically verify that the generator excitation control system or plant volt/var control function model and the model parameters used in dynamic simulations accurately represent system behavior.
Control Objective 2: Ensure all received data is technically sound and usable. 
Control Objective 3: Inform connected entities of verification activities.

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help entities get started, WECC has identified generic control objectives to mitigate the risks associated with the risk categories mentioned above and CIP-007-6. You may want to consider these five objectives:

Control Objective 1: Reduce the attack surface by preventing any unnecessary accessibility to the BES Cyber System and associated cyber assets. (Identity Management and Access Control)

Control Objective 2: Identify, analyze, and mitigate known software and firmware vulnerabilities. (Identity Management and Access Control, Asset/System Management and Maintenance)

Control Objective 3: Take measures to protect against harm from malicious code. (Identity Management and Access Control)

Control Objective 4: Monitor security events to aid in the identification of Cyber Security Incidents. (Identity Management and Access Control)

Control Objective 5: Prevent electronic access by unauthorized individuals. (Identity Management and Access Control)

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with CIP-010-4.

Control Objective 1: Maintain an accurate baseline inventory and prevent unauthorized baseline configuration changes. (Asset System Management and Maintenance)

Control Objective 2: Ensure baseline changes do not negatively affect cybersecurity controls. (Asset System Management and Maintenance) 

Control Objective 3: Prevent the introduction of malware or counterfeit software. (Identity Management and Access Control) 

Control Objective 4: Identify, assess, and mitigate system or asset security vulnerabilities to prevent them from being exploited. (Identity Management and Access Control) 

Control Objective 5: Mitigate software vulnerabilities and prevent the introduction of malicious code through the use of Transient Cyber Assets (TCA) or Removable Media (RM). (Identity Management and Access Control)

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with FAC-014-3. You may want to consider these three objectives: 

Control Objective 1: Ensure SOLs, including IROLs, are determined for all applicable Facilities based on an established SOL method. (Long-term Studies/Assessments, Operational Studies/Assessments)
Control Objective 2: Provide SOLs and Planning Assessment data to responsible entities. (Entity Coordination, Modeling Data) 
Control Objective 3: Ensure Planning Assessment performance criteria are equally limiting or more limiting than the RC SOL method. (Long-term Studies/Assessments)
 

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with FAC-002-4. You may want to consider these two objectives: 

Control Objective 1: Study the impact of interconnecting new or changed Facilities on the Bulk Electric System. (Long-term Studies/Assessments)

Control Objective 2: Coordinate data required to conduct reliability impact studies. (Entity Coordination, Long-term Studies/Assessments)

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. WECC has identified generic control objectives to mitigate the risks associated with the associated risk categories and CIP-012-2. You may want to consider these three objectives: 

Control Objective 1: Identify applicable data used in RTA and RTM. (Relates to Entity Coordination) 

Control Objective 2: Define protections for RTA and RTM data transmitted between Control Centers. (Relates to Identity Management and Access Control) 

Control Objective 3: Establish protocols or procedures for use in case of a loss of timely availability of RTA or RTM data transmitted between Control Centers. (Relates to Entity Coordination, Identity Management and Access Control)

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help entities get started, WECC has identified generic control objectives to mitigate the risks associated with the risk categories mentioned above and PRC-025-2. You may want to consider these two objectives: 

Control Objective 1: Track applicable Protection Systems and settings.

Control Objective 2: Determine Protection System settings.

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. WECC has identified generic control objectives to mitigate the risks associated with the risk categories mentioned above and TPL-007-4. You may want to consider these six objectives: 

Control Objective 1: Identify and obtain data necessary to support the System models, GIC System models, and vulnerability assessments.

Control Objective 2: Maintain accurate System models and GIC System models of the planning area.

Control Objective 3: Complete GMD Vulnerability Assessments of the Near-Term Transmission Planning Horizon.

Control Objective 4: Provide data and assessments in support of GMD planning.

Control Objective 5: Develop Corrective Action Plans (CAP) addressing how your system will meet performance requirements for the steady state planning GMD event.

Control Objective 6: Prepare to manage operations during a GMD event.