According to CIP-006 R1, what must each Responsible Entity implement?

The requirement outlined in CIP-006 R1 mandates that each Responsible Entity implement a documented physical security plan. This requirement is essential because it ensures that all entities have a structured approach to physical security measures protecting critical assets. A documented physical security plan helps to identify potential risks and vulnerabilities, establish and implement protective measures, and outline procedures for responding to security incidents.

This plan is crucial for maintaining the integrity and reliability of the physical security infrastructure and is a prerequisite for demonstrating compliance with the standards set forth by NERC. The plan should be reviewed and updated regularly to reflect any changes in the organization’s physical security environment or operational conditions.

While the other options such as having a documented training program, a single physical security policy, or an annual security audit process contribute to an overall security posture, they are not the specific requirement outlined in CIP-006 R1. The focus of this particular requirement is explicitly on the necessity of having a comprehensive and actionable physical security plan documented for reference and implementation.