December 20, 2019
The “NATF Transient Cyber Asset Guidance” and “NATF Vendor Remote Access Guidance” documents have been posted to the NATF public website for industry use.
“NATF Transient Cyber Asset Guidance” describes practices and provides examples of approaches for using transient cyber assets in compliance with CIP-010 R4. “NATF Vendor Remote Access Guidance” describes practices and provides examples for determining and disabling active vendor remote access sessions, which can serve as considerations and potential approaches for implementing the requirements in CIP-005-6 R2 parts 2.4 and 2.5.
Both documents have been submitted to NERC for consideration as Implementation Guidance as approaches to comply with the related standards.