Job Title: CDA Assessor (Cyber Security)
Location: Multiple Locations:
Duration: 3 months (W2 contract)
Compensation: Pay + Per diem + Mob/Demob (upto $500 each way; mileage only)
The roles and responsibilities of the CSAT (CDA Assessor) include such
· Performing or overseeing stages of the Cyber Security Assessment
· Documenting key observations, analysis, and findings during the
· Evaluating assumptions and conclusions concerning Cyber Security
threats; risk levels, defensive strategies, attack mitigation methods,
potential vulnerabilities to and consequences associated with a cyber
· Evaluating the effectiveness of existing Cyber Security controls, Cyber
Security awareness and training of those working with or responsible for
CDAs. Including Cyber Security controls throughout their system life
· Confirming information acquired during tabletop reviews by conducting
walkdowns or electronic validation of CDAs and connected digital assets,
and associated Cyber Security controls.
· Identifying potential new Cyber Security controls.
· Documenting the required Cyber Security control application per Section
3.1.6 of the Cyber Security Plan.
· Transmitting assessment documentation, including supporting information,
to Records Management in accordance with 10 CFR 73.54(h) and the
record retention requirements specified in Section 4.13 of the Cyber
Additional Responsibilities :
(a) Identification of Critical Systems (CSs) and associated Critical Digital Assets
(b) Classification of CDAs as Direct, Indirect, or EP-ONLY utilizing guidance
provided in NEI 13-10.
(c) Walkdown of the CDA (Table Top and Physical) to determine CDA capabilities
AND as found configuration.
(d) Evaluation of the applicable Cyber Security controls (listed in NEI 08-09,
Appendices D and E) for each “Direct” CDA and identification of control gaps
determined when comparing the Cyber Security control objectives and the
current CDA configuration.
(e) Analysis of identified control gaps and determine remediation or mitigation
actions to close the gap.
(f) Evaluate CDA wireless capability for inclusion into wireless rogue periodic
activity. Refer to EN-IT-103-02, Cyber Security Periodic Activities.
(g) Utilization of normal site administrative processes for modifying, replacing or
working on plant components for gap remediation and mitigation actions. These
actions will be tracked through existing processes (Engineering Change,
Condition Reporting, Work Management, etc.) to close identified gaps.
(h) Issuance of corrective actions to satisfy Cyber Security control gaps.
(i) Application of the Cyber Security controls per NEI 13-10 for each “13-10 Direct”,
“BOP Indirect”, “and Indirect Only” or “EP-ONLY” CDA and identification of
control gaps determined when comparing the Cyber Security control objectives
and current CDA configuration.