What action does CIP-004 R5.5 require regarding shared accounts after a termination?

CIP-004 R5.5 specifically requires that passwords for shared accounts be changed within 30 calendar days following the termination of an individual’s employment or access. This requirement is in place to ensure that any access previously granted to the terminated individual does not pose a risk to the security and integrity of critical infrastructure.

By enforcing a 30-day period, the standard allows organizations adequate time to implement changes while still maintaining a strong security posture. This step is crucial to prevent unauthorized access that might occur if a terminated individual's credentials were left unchanged for an extended period.

The framework of the NERC CIP standards emphasizes risk management and the need to protect critical assets from potential security breaches, making timely updates to shared account credentials essential following a termination event. This requirement is part of a broader strategy to manage access controls effectively and ensures that organizations remain vigilant against insider threats.