Dictionary · NERC CIP-004-6 (Personnel & Training) v6

To give official permission or approval for an undertaking; sanction; empower.

To keep in possession.

To make certain or prove that something is true or accurate; confirm; substantiate.

To put a new system into effect.

To make, or become different; alter.

To record something in detail through photography, writing, or other form.

To carry out an action, task, or function.

To have or maintain possession of something.

To assess or form an idea of the nature, quality, ability, amount, number, or value of something.

To manage, control, or organize and carry out.

To make certain that something shall occur or be the case.

To officially cancel or put an end something, such as a decree, decision, promise, operation, or validity.

To give what is requested; approve; allow.

To specify as compulsory or obligatory.

To cause or facilitate the beginning of a process or action.

A documented listing of procedures, schedules, roles and responsibilities, and plans to be performed to identify, control, and reduce or eliminate the risks inherent to visitors.

A documented listing of procedures, schedules, roles and responsibilities, and plans or instructions to be performed to implement access control.

A documented listing of procedures, schedules, roles and responsibilities, and plans to be performed to revoke access privileges.

Give or grant someone (power, status, or recognition).

An individual entry in an audit log related to an audited event.

A document or identifier which provides evidence of authorization.

Any group or even individual with an organization that has been given a particular responsibility for a particular process.

An action taken that addresses an incident and assesses the level of containment and control activity required.

The documented plan and documented activities to create well-informed interest in being free from danger or threat.

The process of educating personnel on critical business processes.

The actions an organization takes to initiate, implement, and maintain organizational security.

A single local account created for a group, with one user name and one password.

A place where things are held for a period of time.

The action or method of keeping something for future use.

Any action which terminates or brings something to an end.

A Cyber Asset that (i) is capable of transmitting or transferring executable code, (ii) is not included in a BES Cyber System, (iii) is not a Protected Cyber Asset (PCA), and (iv) is directly connected (e.g., using Ethernet, serial, Universal Serial Bus, or wireless, including near field or Bluetooth communication) for 30 consecutive calendar days or less to a BES Cyber Asset, a network within an ESP, or a PCA. Examples include, but are not limited to, Cyber Assets used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes.

Organized activity aimed at imparting information and/or instructions to improve the recipient's performance or to help him or her attain a required level of knowledge or skill.

Printed or recorded information used in a training program.

Not having to be escorted to gain access to a facility, area, or system.

Information that tells a computer which files and folders to access for a specific user, which personal preferences to have in place, and what can be accessed by the user.

The ability, right, or permission to approach, enter, speak with someone, or use something.

A principle or standard by which something may be judged or decided.

Information about the BES Cyber System that could be used to gain unauthorized access or pose a security threat to the BES Cyber System. BES Cyber System Information does not include individual pieces of information that by themselves do not pose a threat or could not be used to allow unauthorized access to BES Cyber Systems, such as, but not limited to, device names, individual IP addresses without context, ESP names, or policy statements. Examples of BES Cyber System Information may include, but are not limited to, security procedures or security information about BES Cyber Systems, Physical Access Control Systems, and Electronic Access Control or Monitoring Systems that is not publicly available and could be used to allow unauthorized access or unauthorized distribution; collections of network addresses; and network topology of the BES Cyber System.

One or more Bulk Electric System (BES) Cyber Assets logically grouped by a responsible entity to perform one or more reliability tasks for a functional entity.

The purpose of this task is to determine if a person has been convicted of a crime.

The state of being in accordance with laws, regulations, industry codes, organizational standards, or contractual arrangements.

The action or process of completing or finishing something.

The North American Electric Reliability Corporation (NERC) or the Regional Entity in their respective roles of monitoring and enforcing compliance with the NERC Reliability Standards.

Establish the truth or correctness of something previously believed to be the case.

A person or firm that undertakes a contract to provide materials or labor to perform a service or do a job.

To demonstrate or prove.

Programmable electronic devices and communication networks including hardware, software and data.

Actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein.

A risk to organizational operations, (including mission, functions, image, and reputation), resources, and other organizations due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information, Information Technology, and/or Operations Technology.

A set of criteria for the provision of security services.

A subset of information in an electronic format that allows it to be retrieved or transmitted. (CNSSI-4009)

The right or opportunity to use or retrieve something or enter a place through electronic means.

A cyber asset that performs electronic access control of the Electronic Security Perimeter(s) or BES Cyber Systems.

Information used to establish facts.

Managed a situation or problem; controlled.

The set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager's responsibility, is sufficient to distinguish that entity from any other entity.

The process or act of establishing who or what someone or something is.

Make part of a whole or set.

An account which only has one individual is assigned to it.

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization's IT systems(s).

Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate System and not located within any of the Responsible Entity’s Electronic Security Perimeter(s) or at a defined Electronic Access Point (EAP). Remote access may be initiated from: 1) Cyber Assets used or owned by the Responsible Entity, 2) Cyber Assets used or owned by employees, and 3) Cyber Assets used or owned by vendors, contractors, or consultants. Interactive remote access does not include system-to-system process communications.

The ability of Information Technology (IT) systems to provide services to and accept services from other IT systems and to use the services so exchanged to enable them to operate effectively together.

The state or quality of being connected together. The interaction of a financial institution’s internal and external systems and applications and the entities with which they are linked.

The failure to achieve performance criteria of a regulation or authority.

A user account that is only used by one person or entity.

The condition of something not being necessary.

Not being able to do something.

The act of giving notice of or reporting something formally or officially.

A string of characters that allows access to a computer, interface, or system.

A mechanism, system, or barrier that prevents unauthorized physical access to an area or a facility.

A type of gate, door, wall, or fence system that is intended to restrict and control the physical access or egress of personnel.

The purpose of this task is to determine the risk that personnel pose to the organization.

A documented listing of procedures and instructions to be performed to complete a personnel risk assessment.

A particular series of actions or steps to bring about a certain outcome; series of procedures.

Something that can be done.

Set of access rights permitted by the access control system.

A location where someone was living before where that person is currently living.

This limits a Control or Mandate's secondary verb to be put into play before the event takes place.

A cause, explanation, or justification for an action or event.

Assignment to a different duty.

The written expression of a recovery process which consists of defining rules, processes, and disciplines to ensure that the critical business processes will continue to function if there is a failure of one or more of the information processing or telecommunications resources upon which their operations depends. The following are key elements to a disaster recovery plan: 1) Establish a planning group, 2) Perform risk assessment and audits, 3) Establish priorities for applications and networks, 4) Develop recovery strategies, 5) Prepare inventory and documentation of the plan, 6) Develop verification criteria and procedures, 5) Implement the plan.

Strengthen and support with rewards.

Portable electronic storage media such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device, and that is used to store text, video, audio, and image information. Such devices have no independent processing capabilities. Examples include hard disks, floppy disks, zip drives, compact disks (CDs), thumb drives, pen drives, and similar USB storage devices.

A person’s home; the place where someone lives.

Dismissal from office.

A formal statement of a necessary condition; something needed.