R2 - Cyber Security Plans for Low Impact

R2 requires low-impact bulk electric system owners and operators to create and maintain a cyber security plan that outlines the organization's approach to protecting its cyber assets. The plan must identify responsible personnel, describe security controls, and detail procedures for risk assessment, incident response and ongoing maintenance to meet NERC CIP-003 requirements.