Loading...
Templates Inspections SEO page

Run: NERC CIP-015 Internal Network Security Monitoring Review

Use this NERC CIP-015 internal network security monitoring review template to document sensor coverage, alert handling, retention controls, and corrective ac...

Fill this out, get a PDF emailed to you. No account required. Want to run it with your team and track results? Sign up free →

Inspection Scope and Review Details

Record the inspection period, sites, and BES Cyber Systems included in the review.
Confirm the scope includes high impact and/or medium impact BES Cyber Systems.
Identify the governing monitoring, review, and escalation procedure used for this inspection.
Confirm the inspector is authorized and trained to perform the review.

Monitoring Coverage and Data Collection

Verify monitoring coverage exists on in-scope internal communication paths supporting BES Cyber Systems.
Confirm monitoring data collection is active and aligned to the documented review cadence.
Confirm logs and monitoring sources use consistent time settings to support event correlation and review.
Verify there are no known gaps in telemetry, log forwarding, or sensor health affecting review completeness.
Select any observed issues affecting monitoring data quality.

Review of Alerts and Anomalous Activity

Confirm alerts and monitoring events were reviewed for the full inspection period.
Verify anomalous events were investigated, documented, and closed or escalated appropriately.
Check for unexpected internal connections, lateral movement indicators, or policy violations.
Record when the latest sample alert was detected and when it was reviewed.
Classify the most significant observed event during the review.
Determine whether the same anomalous condition has recurred without effective remediation.

Retention, Storage, and Access Controls

Verify monitoring data, alerts, and review records are retained per the applicable retention requirement and procedure.
Confirm stored monitoring records are protected from unauthorized access, alteration, or deletion.
Verify backup or archive copies exist for the monitoring records reviewed.
Enter the approximate time required to retrieve a sampled monitoring record.
Select any deficiencies observed in retention, storage, or access control.

Response, Escalation, and Corrective Action

Confirm significant findings were escalated to the appropriate cybersecurity, operations, or compliance owner.
Identify the person or team responsible for remediation of any deficiency or non-conformance.
Record the target completion date and time for remediation.
Enter the number of open deficiencies or non-conformances identified during the review.
Indicate whether a follow-up review is needed after corrective actions are completed.

Inspector Sign-Off

Select the final result of the inspection.
Summarize key observations, deficiencies, and any compensating controls.
Inspector attestation for the completed review.

Get your results

Enter your email — we'll send you a PDF of your filled-out template, plus the occasional MangoScoop newsletter (templates, workflow tips, product updates). Unsubscribe anytime — link is in every email.

Generated with MangoApps Templates — browse 250+ free
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate