Standard CIP–002–1 — Cyber Security — Critical Cyber Asset Identification
Adopted by Board of Trustees: May 2, 2006
Page 1 of 3
Effective Date: June 1, 2006
Cyber Security — Critical Cyber Asset Identification
NERC Standards CIP-002 through CIP-009 provide a cyber security framework
for the identification and protection of Critical Cyber Assets to support reliable operation of the
Bulk Electric System.
These standards recognize the differing roles of each entity in the operation of the Bulk Electric
System, the criticality and vulnerability of the assets needed to manage Bulk Electric System
reliability, and the risks to which they are exposed. Responsible Entities should interpret and
apply Standards CIP-002 through CIP-009 using reasonable business judgment.
Business and operational demands for managing and maintaining a reliable Bulk Electric
System increasingly rely on Cyber Assets supporting critical reliability functions and processes
to communicate with each other, across functions and organizations, for services and data. This
results in increased risks to these Cyber Assets.
Standard CIP-002 requires the identification and documentation of the Critical Cyber Assets
associated with the Critical Assets that support the reliable operation of the Bulk Electric
System. These Critical Assets are to be identified through the application of a risk-based
4.1. Within the text of Standard CIP-002, “Responsible Entity” shall mean:
4.1.1 Reliability Coordinator.
4.1.2 Balancing Authority.
4.1.4 Transmission Service Provider.
4.1.5 Transmission Owner.
4.1.6 Transmission Operator.
4.1.7 Generator Owner.
4.1.8 Generator Operator.
4.1.9 Load Serving Entity.
4.1.11 Regional Reliability Organizations.
4.2. The following are exempt from Standard CIP-002:
4.2.1 Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian