Which type of systems does Requirement R1.3 pertain to?

Requirement R1.3 specifically applies to Low Impact Bulk Electric System (BES) Cyber Systems. This requirement is part of the NERC CIP v7 standards, which aim to protect the reliability of the electric grid by establishing security controls for various types of systems classified based on their impact on the grid.

Low Impact BES Cyber Systems are those that, if compromised, would have a limited effect on the operation of the Bulk Electric System. Therefore, the requirements outlined for these systems are tailored to manage the specific risks associated with them, including addressing issues like access control and monitoring. By focusing on Low Impact systems, Requirement R1.3 encourages compliance with security measures that are appropriate for the potential impact of security incidents involving these systems.

In contrast, High and Medium Impact BES Cyber Systems are subject to more stringent requirements due to their greater potential impact on the Bulk Electric System if compromised, and non-critical systems fall outside the purview of the NERC CIP standards altogether. Thus, Requirement R1.3 is specifically designed with the unique considerations and risks of Low Impact systems in mind.