R4 - Security Event Monitoring

The CIP-007 R4 requirement mandates that owners of critical cyber assets implement continuous security event monitoring, maintain detailed logs of identified incidents, and retain those records for the period specified by the standard. It also calls for documented procedures to analyze, respond to, and report security events to appropriate authorities.