Physical Security: CIP-014-3

By Chris Mejia
CIP Cyber & Physical Security Analyst

Theft, ballistic damage, vandalism, and tampering all continue to be major areas of physical security risk to grid reliability. Therefore, CIP-014-3 R4 and R5 have been included in the 2026 CMEP IP as an area of focus associated with the physical security risk element.

CIP-014-3 R4 mandates Responsible Entities evaluate potential threats and vulnerabilities related to physical attacks for applicable Facilities. Additionally, CIP-014-3 R5 requires Responsible Entities to develop and implement a documented physical security plan(s) for applicable Facilities that include security measures to address physical security threats and vulnerabilities among other things. While CIP-014-3 R4 and R5 are effective, Responsible Entities may want to consider the following internal controls  and best practices:

  • Coordinate response activities with internal and external parties such as local law enforcement.
  • Conduct period exercises of physical security plans.
  • Leverage public resources such as CISA.gov for alerts on real world physical security events to develop comprehensive threat assessments.

For more information and further guidance on implementing best practices related to physical security controls, Texas RE encourages registered entities to review the physical and environmental (PE) protection family of security controls documented in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev. 5.

Helpful Links

Texas RE Info Sheet
Acronym Guide
Mailing Lists
Texas RE Welcome Packet
Ethics Hotline
OATI webPortal
Visit Texas RE

Follow Us

Contact Us

Email Us
  8000 Metropolis Drive, Building A, Suite 300 Austin, Texas 78744
512-583-4900

©2023 Texas Reliability Entity. All rights reserved.
Privacy Policy | Terms of Use