NERC version 1.0
| Scorecard | Audience | Description |
|---|---|---|
Asset Portfolio Profile
|
Operational |
Asset Portfolio Profile provides an overview of an organization s asset landscape for analysis and risk assessment. This scorecard presents asset trends by user definable classifications. The classifications may be used as filters in metrics and scorecards to focus in on areas determined to be of high value or high risk. The default asset categorization is by information sensitivity level, asset type, and division. |
|
CIP-000-7
|
Operational |
CIP-007 illustrates the effectiveness of controls in place to monitor systems security management. This scorecard presents metrics results for patch management and vulnerability scanning. |
|
CIP-001
|
Operational |
CIP-001 illustrates the effectiveness of controls in place to monitor sabotage reporting for critical cyber assets. This scorecard presents metrics results compared to user-defined policy goals for incident exposure and incident response time. |
|
CIP-002
|
Operational |
CIP-002 illustrates the effectiveness of controls in place for critical cyber asset identification. This scorecard presents metrics results for asset risk, and asset risk score assessment. |
|
CIP-003
|
Operational |
CIP-003 illustrates the effectiveness of controls in place for security management. This scorecard presents metrics results compared to user-defined policy goals for account request processing and password management. |
|
CIP-004
|
Operational |
CIP-004 illustrates the effectiveness of controls in place to monitor personnel and training. This scorecard presents metrics results compared to user-defined policy goals for account provision time and account deprovision time. |
|
CIP-005
|
Operational |
CIP-005 illustrates the effectiveness of controls in place to monitor electronic security perimeters. This scorecard presents metrics results compared to user-defined policy goals for account logins, account support activity, and firewall coverage. |
|
CIP-006
|
Operational |
CIP-006 illustrates the effectiveness of controls in place to monitor physical security of cyber assets. This scorecard presents metrics results for location and security levels of critical cyber assets. |
|
CIP-008
|
Operational |
CIP-008 illustrates the effectiveness of controls in place to monitor incident reporting and response planning. This scorecard presents metrics results compared to user-defined policy goals for scanned hosts, patch activity, and vulnerability remediation. |
|
CIP-009
|
Operational |
CIP-009 illustrates effectiveness of controls in place to monitor Recovery Plans for Critical Cyber Assets. This scorecard presents metrics results compared to user-defined policy goals for incident downtime and disaster recovery. |
|
User Community Profile
|
Operational |
User Community Profile communicates the composition of the user community across the organization. This scorecard presents trends for active users, classified by type, access privileges, division, and sensitivity of information. The classifications may be used as filters in metrics and scorecards to focus in on areas determined to be of high value or high risk. |