R1 - Ports and Services

R1 defines the processes for identifying, documenting and securing network ports and services used by critical cyber assets, ensuring only authorized ports are open and unnecessary services are disabled to reduce exposure to cyber-threats. It requires periodic review of port configurations, implementation of access controls, and logging of changes in accordance with NERC CIP-007 standards.