What must be retained for 90 days as per physical access requirements?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the NERC Critical Infrastructure Protection Exam. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What must be retained for 90 days as per physical access requirements?

Explanation:
The requirement to retain physical access logs for 90 days is rooted in the need for maintaining accountability and oversight within organizations, particularly those that are critical to the reliability of the electric grid and other essential services. These logs serve as an official record of who accessed a physical location, at what time, and potentially for how long they were present. Keeping physical access logs for this duration allows organizations to conduct audits and investigations if needed, providing insight into security breaches, unauthorized access, or other incidents that could affect the security and operation of critical infrastructure. By tracking physical access, organizations can better ensure that only authorized personnel have access to sensitive areas, enhancing the overall security posture in compliance with NERC CIP standards. While access to software systems, vendor contracts, and employee credentials are all important components of a robust security framework, they do not specifically align with the 90-day retention requirement for physical access as stipulated in the physical access control standards of NERC CIP.

The requirement to retain physical access logs for 90 days is rooted in the need for maintaining accountability and oversight within organizations, particularly those that are critical to the reliability of the electric grid and other essential services. These logs serve as an official record of who accessed a physical location, at what time, and potentially for how long they were present.

Keeping physical access logs for this duration allows organizations to conduct audits and investigations if needed, providing insight into security breaches, unauthorized access, or other incidents that could affect the security and operation of critical infrastructure. By tracking physical access, organizations can better ensure that only authorized personnel have access to sensitive areas, enhancing the overall security posture in compliance with NERC CIP standards.

While access to software systems, vendor contracts, and employee credentials are all important components of a robust security framework, they do not specifically align with the 90-day retention requirement for physical access as stipulated in the physical access control standards of NERC CIP.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy