Dictionary · NERC CIP-005-5 (Electronic Security Perimeters) v5

To take place; occur; happen.

To have or maintain possession of something.

To start something that will last for a long time, or to create or set something in a particular way.

To bring to an end; form a conclusion; close.

To specify as compulsory or obligatory.

To give someone or some process permission to communicate someone or something, use something, or enter some place.

To refuse to give or grant something to someone.

To cause or facilitate the beginning of a process or action.

To keep in possession.

To put into use or make use of.

To be present or inherent as an element or quality in something.

To carry out an action, task, or function.

Authentication using two or more factors to achieve authentication. Factors include: • something you know (e.g. password/PIN); • something you have (e.g., cryptographic identification device, token); or • something you are (e.g., biometric).

The legal entitlement of someone to access something (usually belonging to them).

An individual entry in an audit log related to an audited event.

The verification of the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.

A means or particular procedure for accomplishing or approaching something.

Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.

The failure to achieve performance criteria of a regulation or authority.

A cause, explanation, or justification for an action or event.

A formal statement of a necessary condition; something needed.

Any group or even individual with an organization that has been given a particular responsibility for a particular process.

Give expression to.

A session is an encounter between an end-user interface device (e.g., computer, terminal, process) and an application, including a network logon. One user session is the time between starting the application and quitting.

An interconnected set of information resources under the same direct management control which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.

The Roman numeral of the cardinal number three.

A period of time equal to roughly 365 days.

To instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system or network. Ability to make use of any information system (IS) resource.

The imparting or exchanging of information by speaking, writing, or using some other medium.

The state of being in accordance with laws, regulations, industry codes, organizational standards, or contractual arrangements.

The North American Electric Reliability Corporation (NERC) or the Regional Entity in their respective roles of monitoring and enforcing compliance with the NERC Reliability Standards.

Programmable electronic devices and communication networks including hardware, software and data.

A subset of information in an electronic format that allows it to be retrieved or transmitted. (CNSSI-4009)

The state of being connect through standard phone line and analog modem to access the Internet at data transfer rates (DTR) of up to 56 Kbps.

Discover, investigate, or discern the existence or presence of something.

Make a logical or causal connection.

A Cyber Asset interface on an Electronic Security Perimeter that allows routable communication between Cyber Assets outside an Electronic Security Perimeter and Cyber Assets inside an Electronic Security Perimeter.

The logical border surrounding a network to which Critical Cyber Assets are connected and for which access is controlled.

The process of rendering plaintext unintelligible by converting it to ciphertext that can be read only by those with the knowledge to decode the plaintext from the ciphertext. (SAA: Glossary of Archival and Records Terminology).

Information used to establish facts.

The ability to access a Bulk Electric System Cyber System from a Cyber Asset that is outside of its associated Electronic Security Perimeter via a bi-directional routable protocol connection.

Make part of a whole or set.

Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate System and not located within any of the Responsible Entity’s Electronic Security Perimeter(s) or at a defined Electronic Access Point (EAP). Remote access may be initiated from: 1) Cyber Assets used or owned by the Responsible Entity, 2) Cyber Assets used or owned by employees, and 3) Cyber Assets used or owned by vendors, contractors, or consultants. Interactive remote access does not include system-to-system process communications.

A Cyber Asset or collection of Cyber Assets performing access control to restrict Interactive Remote Access to only authorized users. The Intermediate System must not be located inside the Electronic Security Perimeter.

Activity with a harmful intent, such as fraud, theft, blackmail, vandalism, looting, sabotage, etc.