CIP-004 R5.5 outlines a timeline for changing passwords after what type of action?

CIP-004 R5.5 specifically addresses the requirement for changing passwords following termination actions. This is essential for maintaining the security of critical infrastructure by ensuring that access credentials are promptly deactivated when a user leaves the organization. If passwords are not changed after an employee is terminated, there may be a risk of unauthorized access to sensitive systems and information, making this a crucial aspect of the security protocol.

By establishing a clear requirement for updating passwords following termination, organizations can help prevent potential security breaches and protect their critical assets. This measure reinforces the overall intent of the CIP standards, which is to mitigate risks associated with unauthorized access and enhance the protection of critical infrastructure.

While there are other important actions regarding personnel changes, such as hiring new employees or reassignment of duties, they do not carry the same immediate risk for unauthorized access as termination actions do, since terminated employees should no longer have any access rights.