CIP-010 - Configuration Change Management and Vulnerability Assessments

CIP-010 sets requirements for North American electric utilities to manage and document all configuration changes to critical cyber assets and to conduct regular vulnerability assessments, ensuring that modifications are authorized, tracked, and evaluated for security impact. It mandates procedures for change control, testing, and remediation of identified weaknesses to maintain the integrity and reliability of the bulk power system.