What does CIP-005 R1.1 state about Cyber Assets connected to a network?

CIP-005 R1.1 specifically requires that Cyber Assets connected to a network must reside within a defined Electronic Security Perimeter (ESP). This requirement is fundamental as the ESP serves as a protective boundary that helps to ensure security controls are applied effectively to prevent unauthorized access to critical systems and data. The extent of this perimeter is determined by the organization based on the criticality of the systems it protects and the associated risk management strategies.

By establishing a clearly defined perimeter, organizations can better manage the security measures they implement, enforcing appropriate access controls and monitoring practices necessary for safeguarding Cyber Assets against potential threats. This requirement emphasizes the importance of physical and logical boundaries in the protection of essential infrastructure, aligning with the overarching goals of the NERC CIP standards to maintain the reliability and security of the bulk electric system.

The other choices either do not align with what is stated in the standard or represent practices that might be components of a broader security strategy but are not explicitly mandated by CIP-005 R1.1.