Dictionary · NERC CIP-006-6 (Physical Security of BES Cyber Systems) v6

A warning that something has changed, a threshold has been reached, or a failure has occurred.

To accompany someone or something somewhere, especially for protection, guidance, or as a mark of rank.

To put into use or make use of.

To give official permission or approval for an undertaking; sanction; empower.

To confine or put a limit on; keep under control; restrain.

To state or describe exactly the nature, scope, or meaning of something.

To keep in possession.

To manage, control, or organize and carry out.

To have or maintain possession of something.

To put a plan, policy, decision, agreement, etc. into action or effect.

The time during which someone's life continues.

The cardinal number that is the sum of one and one or a numeral representing this number.

Not having to be escorted to gain access to a facility, area, or system.

This Triggering Event takes place when a person, legitimate or unauthorized, accesses a resource that the person is not permitted to use or enters a facility or area the person is not permitted to enter

Occurs when a user, legitimate or unauthorized, accesses a resource that the user is not permitted to use.

Access to a building, room, site, etc that is not permitted.

The processes and mechanisms of ensuring visitors are allowed in specific areas and with specific permissions. Mechanisms such as guarded entries, logged entry, badges, and escorting of visitors are common.

A documented listing of procedures, schedules, roles and responsibilities, and plans to be performed to identify, control, and reduce or eliminate the risks inherent to visitors.

A paper or electronic record of any non-employee entering a facility, construction site, structure or website.

The given name of an individual who is visiting.

A warning of danger.

Let someone have or do something.

An individual entry in an audit log related to an audited event.

A wire or group of wires covered in a protective casing used for transmitting electricity or telecommunication signals.

The state of being in accordance with laws, regulations, industry codes, organizational standards, or contractual arrangements.

The North American Electric Reliability Corporation (NERC) or the Regional Entity in their respective roles of monitoring and enforcing compliance with the NERC Reliability Standards.

Programmable electronic devices and communication networks including hardware, software and data.

The series of actions and processes associated with a security event associated with 'cyberspace' (i.e. the Internet, corporate networks, etc.).

A subset of information in an electronic format that allows it to be retrieved or transmitted. (CNSSI-4009)

The combination of both the date and the time that something occurred.

A period of time that consists of twenty-four hours.

The identifying the existence of malicious content (by signature or heuristic).

The logical border surrounding a network to which Critical Cyber Assets are connected and for which access is controlled.

This Triggering Event takes place when a visitor enters the organization's facility.

A reference to an item in a list, register, or catalog.

An entry point is a memory address, corresponding to a point in the code of a computer program which is intended as destination of a long jump, be it internal or external.

Information used to establish facts.

A way out.

A human being.

Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

To give or send out; distribute; supply.

Hardware installed inside the perimeter of a defined location. This includes but is not limited to motion sensors, electronic lock control mechanisms, and badge readers.

To record an event or transaction in an organized record-keeping system, usually sequenced in the order they occurred.

The process of making repairs and keeping components of an asset in good condition so that the asset may remain in operating condition and last its entire useful life.

To watch and check the progress or quality of something over a period of time; keep under regular surveillance.

The word or phrase by which an individual, family, organization, or thing is known or referred to.

The cardinal number that is the product of ten and nine.

The failure to achieve performance criteria of a regulation or authority.

An element of a communication system that is not programmable.

The day-to-day security procedures and mechanisms to protect operational systems. The operational controls consist of the physical, environmental and personnel security controls. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.

The ability of people to physically gain access to a computer system or facility.

A mechanism, system, or barrier that prevents unauthorized physical access to an area or a facility.

A formal document that provides an overview of the security requirements for a physical security program and describes the security controls in place or planned for meeting those requirements.

Physical access control enables an authority to control admission to areas and resources in a physical facility. A physical access control system may restrict access via swipe cards, Personal Identity Verification (PIV) 'Smart' cards, and biometric (i.e. fingerprint) readers. Physical access control systems are generally seen as the second layer in the security of a physical facility after fences, doors and barriers.

A documented listing of procedures, schedules, roles and responsibilities, and plans to be performed to ensure continued maintenance and testing of the Physical Access Control System.

A record of who has accessed something.

A type of gate, door, wall, or fence system that is intended to restrict and control the physical access or egress of personnel.

This role is focused on being a representative of a group who facilitates communications between two or more groups, organizations, etc. on certain issues. Any individual who coordinates communications between groups, organizations, etc. on certain issues that they work on should be assigned to this role.

A formal statement of a necessary condition; something needed.

Any group or even individual with an organization that has been given a particular responsibility for a particular process.

To demonstrate or prove.

The steps taken during an incident. An incident response plan brings together and organizes the resources for dealing with any event that harms or threatens the security of information assets. Such an event may be a malicious code attack, an unauthorized access to information or systems, the unauthorized use of services, a denial of service attack, or a hoax.

The purpose of this task is to determine if and how well something works.

The Roman numeral of the cardinal number three.