Market Participant Comment and Rationale Form AESO AUTHORITATIVE DOCUMENT PROCESS
by user
Comments
Transcript
Market Participant Comment and Rationale Form AESO AUTHORITATIVE DOCUMENT PROCESS
Market Participant Comment and Rationale Form AESO AUTHORITATIVE DOCUMENT PROCESS Market Participant Consultation Draft 2013-12-12 Consultation on Proposed New Critical Infrastructure Protection (“CIP”) Alberta Reliability Standard: CIP-007-AB-5 Systems Security Management (“CIP-007-AB-5”) Date of Request for Comment [yyyy/mm/dd]: Period of Consultation [yyyy/mm/dd]: Comments From: AltaLink Date [yyyy/mm/dd]: 2014/02/07 2014/02/07 2013/12/12 through 2014/02/07 Contact: Rick Spyker Phone: 403-267-3433 E-mail: [email protected] Listed below is the summary description for the proposed new sections of the Alberta reliability standards. Please refer back to the Consultation Letter under the “Attachments” section to view the actual proposed content to the Alberta reliability standards. Please place your comments/reasons for position underneath (if any). 1. CIP-007-AB-5 a) New The AESO is seeking comments from market participants with regard to the following matters: 1. Are there any requirements contained in CIP-007-AB-5 that are not clearly articulated? If yes, please indicate the specific section of CIP-007-AB-5, describe the concern and suggest alternative language. 2. Do market participants have any concerns that CIP-007-AB-5 is not capable of being applied in Alberta? If appropriate, please indicate the specific section of CIP-007-AB-5 and describe the concern. 3. Do market participants disagree with any CIP-007-AB-5 Alberta variances that are contained in CIP-007-AB-5? If appropriate, please indicate the specific section of CIP-007-AB-5, describe the concern and suggest alternative language. Issued for Market Participant Consultation: 2013-12-12 Market Participant Comments and/or Alternative Proposal Comment # 1: AESO Replies AESO Reply # 1: AESO to provide Regarding R1.1 Where technically feasible, enable only logical network accessible ports that have been determined to be needed by the Responsible Entity, including port ranges or services where needed to handle dynamic ports. If a device has no provision for disabling or restricting logical ports on the device then those ports that are open are deemed needed. Where should the disabling of unused ports and services occur? Are we okay if we do it at the access point to the electronic security perimeter? Page 1 of 2 b) Other [Note to Market Participants: please copy and paste the section of CIP-007-AB-5 being commented on here] Issued for Market Participant Consultation: 2013-12-12 Comment # 1: Insert Comments / Reason for Position (if any) AESO Reply # 1: AESO to provide Page 2 of 2