For detailed instructions, see CIP Evidence Request Tool User Guide
|The Level 1 Evidence Request provides the populations of Cyber Assets, etc., that will be used for generating the Sample Sets used for the Level 2 Evidence Request. In addition, the Level 1 Evidence Request, or Initial Evidence Request, is intended to provide the overall compliance policies, programs, procedures, and processes.
|After submission of the Level 1 evidence, the audit team will perform sampling based on the information and populations provided in response to Level 1. The audit team will issue the Level 2 Evidence Request as soon as possible after receiving the Level 1 response. Level 2 requests additional detail about compliance for specific Cyber Assets, specific personnel, and other individual items that are subject to the Standards.