Search

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with PRC-023-6. You may want to consider these three objectives: 

Control Objective 1: Track data associated with applicable circuits and equipment. (Asset/System Management and Maintenance)
Control Objective 2: Determine protection system settings. (System Protection) 
Control Objective 3: Coordinate protection system settings with external entities. (System Protection)
 

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with MOD-026-1 You may want to consider these three objectives: 

Control Objective 1: Periodically verify that the generator excitation control system or plant volt/var control function model and the model parameters used in dynamic simulations accurately represent system behavior.
Control Objective 2: Ensure all received data is technically sound and usable. 
Control Objective 3: Inform connected entities of verification activities.

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help entities get started, WECC has identified generic control objectives to mitigate the risks associated with the risk categories mentioned above and CIP-007-6. You may want to consider these five objectives:

Control Objective 1: Reduce the attack surface by preventing any unnecessary accessibility to the BES Cyber System and associated cyber assets. (Identity Management and Access Control)

Control Objective 2: Identify, analyze, and mitigate known software and firmware vulnerabilities. (Identity Management and Access Control, Asset/System Management and Maintenance)

Control Objective 3: Take measures to protect against harm from malicious code. (Identity Management and Access Control)

Control Objective 4: Monitor security events to aid in the identification of Cyber Security Incidents. (Identity Management and Access Control)

Control Objective 5: Prevent electronic access by unauthorized individuals. (Identity Management and Access Control)

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. WECC has identified generic control objectives to mitigate the risks associated with the risk categories mentioned above and TPL-007-4. You may want to consider these six objectives: 

Control Objective 1: Identify and obtain data necessary to support the System models, GIC System models, and vulnerability assessments.

Control Objective 2: Maintain accurate System models and GIC System models of the planning area.

Control Objective 3: Complete GMD Vulnerability Assessments of the Near-Term Transmission Planning Horizon.

Control Objective 4: Provide data and assessments in support of GMD planning.

Control Objective 5: Develop Corrective Action Plans (CAP) addressing how your system will meet performance requirements for the steady state planning GMD event.

Control Objective 6: Prepare to manage operations during a GMD event.

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. WECC has identified generic control objectives to mitigate the risks associated with the risk categories mentioned above and EOP-012-2. You may want to consider these six objectives: 

Control Objective 1: Ensure risks associated with operating during cold weather emergencies are identified and analyzed. (Relates to Emergency Operations Planning)

Control Objective 2: Ensure processes are in place to prepare for and mitigate cold weather operating emergencies. (Relates to Emergency Operations Planning) 

Control Objective 3: Ensure processes are in place to operate during cold weather emergencies (resiliency plans). (Relates to Operating During Emergencies/Backup & Recovery and Training)

Control Objective 4: Coordinate during cold weather emergencies. (Relates to Entity Coordination)

Control Objective 5: Ensure processes are in place to return to normal operations. (Relates to Operating During Emergencies/Backup & Recovery) 

Control Objective 6: Review and update cold weather preparedness plan(s). (Relates to Emergency Operations Planning)

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with FAC-002-4. You may want to consider these two objectives: 

Control Objective 1: Study the impact of interconnecting new or changed Facilities on the Bulk Electric System. (Long-term Studies/Assessments)

Control Objective 2: Coordinate data required to conduct reliability impact studies. (Entity Coordination, Long-term Studies/Assessments)

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with CIP-010-4.

Control Objective 1: Maintain an accurate baseline inventory and prevent unauthorized baseline configuration changes. (Asset System Management and Maintenance)

Control Objective 2: Ensure baseline changes do not negatively affect cybersecurity controls. (Asset System Management and Maintenance) 

Control Objective 3: Prevent the introduction of malware or counterfeit software. (Identity Management and Access Control) 

Control Objective 4: Identify, assess, and mitigate system or asset security vulnerabilities to prevent them from being exploited. (Identity Management and Access Control) 

Control Objective 5: Mitigate software vulnerabilities and prevent the introduction of malicious code through the use of Transient Cyber Assets (TCA) or Removable Media (RM). (Identity Management and Access Control)