The assessment should include information security guidance that is aligned with industry standards, best practices and methodologies outlined in National Institute for Standards and Technology (NIST), Cyber Security Framework (CSF), ISO/IEC, IEEE, IEC, CIGRE etc. b. The following shall be performed as a part of the risk assessment: i. Preliminary Network Mapping 1. Contractor shall perform their own mapping of the network and OT infrastructure prior to the start of penetration and perimeter testing. 2. This shall include on-site visits for discussions with the various stakeholders, collection of pertinent data whether it be drawings or in field data collection. 3. All testing and reporting shall be done referencing this network document. 4. At the end of the project this document should be finalized and issued to Owner as a .DWG CADD file as well as a PDF.
