Audit of Federal Energy Regulatory Commission’s Monitoring of Power Grid Cyber Security Finds Missing “Essential Security Requirements and Effective Practices”

Posted on February 10, 2011 by shane.29

A new report by the Department of Energy’s inspector general finds that critical infrastructure protection cybersecurity standards promulgated by the Federal Energy Regulatory Commission do “not always include controls commonly recommended for protecting critical information systems.”  For example, the “standards did not include essential security requirements and effective practices such as defining what constituted critical assets and implementation of strong logical access controls,” and, “the Commission approved an implementation approach and schedule for the CIP standards that did not adequately consider risks to information systems.”

This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>