Search

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with PRC-023-6. You may want to consider these three objectives: 

Control Objective 1: Track data associated with applicable circuits and equipment. (Asset/System Management and Maintenance)
Control Objective 2: Determine protection system settings. (System Protection) 
Control Objective 3: Coordinate protection system settings with external entities. (System Protection)
 

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with MOD-026-1 You may want to consider these three objectives: 

Control Objective 1: Periodically verify that the generator excitation control system or plant volt/var control function model and the model parameters used in dynamic simulations accurately represent system behavior.
Control Objective 2: Ensure all received data is technically sound and usable. 
Control Objective 3: Inform connected entities of verification activities.

The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help entities get started, WECC has identified generic control objectives to mitigate the risks associated with the risk categories mentioned above and CIP-007-6. You may want to consider these five objectives:

Control Objective 1: Reduce the attack surface by preventing any unnecessary accessibility to the BES Cyber System and associated cyber assets. (Identity Management and Access Control)

Control Objective 2: Identify, analyze, and mitigate known software and firmware vulnerabilities. (Identity Management and Access Control, Asset/System Management and Maintenance)

Control Objective 3: Take measures to protect against harm from malicious code. (Identity Management and Access Control)

Control Objective 4: Monitor security events to aid in the identification of Cyber Security Incidents. (Identity Management and Access Control)

Control Objective 5: Prevent electronic access by unauthorized individuals. (Identity Management and Access Control)