The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. To help your entity get started, WECC has identified generic control objectives to mitigate the risks associated with the risks associated with CIP-010-4.
Control Objective 1: Maintain an accurate baseline inventory and prevent unauthorized baseline configuration changes. (Asset System Management and Maintenance)
Control Objective 2: Ensure baseline changes do not negatively affect cybersecurity controls. (Asset System Management and Maintenance)
Control Objective 3: Prevent the introduction of malware or counterfeit software. (Identity Management and Access Control)
Control Objective 4: Identify, assess, and mitigate system or asset security vulnerabilities to prevent them from being exploited. (Identity Management and Access Control)
Control Objective 5: Mitigate software vulnerabilities and prevent the introduction of malicious code through the use of Transient Cyber Assets (TCA) or Removable Media (RM). (Identity Management and Access Control)