*Identify 3rd party vendors who specialize in remediation of security penetrations and forensics. You should identify 2 or 3 external resources who you may place on retainer and who can be brought in, during quickly if something were to occur. (Task ID: R3-9232)

*Maintain access control permissions to log files (Task ID: R3-9112)

*Collect proper approvals before individuals are granted access to tools and data. (Task ID: R3-9797)

*Define authorized staff for specific security tools and data sources (Task ID: R3-9796)

*Develop roles and responsibilities that can be implemented through RBAC and authorization group memberships (Task ID: R3-9800)

*Establish process to provide authorization for tool use and credentials to access tools (Task ID: R3-9789)

*Maintain centralized RBAC Lists for all security tools (Task ID: R3-9790)

*Access an up to date Smart Grid inventory and asset list. (Task ID: R3-9299)

*Attend change management meetings and represent security in the change management process. (Task ID: R3-9529)

*Attend change management to identify systems that have not been authorized. (Task ID: R3-9548)

*Collect change management information to automatically update baseline. (Task ID: R3-9822)

*Collect existing device configurations. (Task ID: R3-9526)

*Develop base scenario and publish results to show what the log files would/should look like without attack or compromise (Task ID: R3-9110)

*Test all security controls or changes that were implemented during a response (Task ID: R3-9702)