To protect Bulk Electric System (BES) Cyber Assets or Systems, NERC mandates a unified patch management process for tracking, evaluating, and installing security patches for applicable Cyber Assets. Under its Reliability Standard documentation, NERC mandates entities to identify sources that track the release of security patches for the entity’s NERC CIP regulated systems.
NERC CIP compliance obligations fall under NERC CIP-007-6 R2 Part 2.1 and portions of NERC CIP-007-6 R2 Part 2.2. We will deliver, no less than once every thirty-five (35) days, a report detailing available patches and update notifications for our client’s systems.
Source: NERC CIP-007-6 Cyber Security - Systems Security Management, Pg 11
Download our NERC CIP Services Data Sheet Here