Project 2014-02 Critical Infrastructure Protection Standards Version 5 Revisions

Status:
NERC filed the Reliability Standards developed during Project 2014-02 at the Federal Energy Regulatory Commission, and the Reliability Standards are pending regulatory approval. However, the Project 2014-02 CIP Version 5 Revisions Standard Drafting Team requested additional time to collaborate with the NERC CIP RSAW development team to draft the RSAWs after the standard development process concluded. Therefore, the RSAWs are posted for industry comment, but there is no concurrent comment period or ballot being conducted regarding the Reliability Standards.

Background:
On November 22, 2013, FERC issued Order No. 791, Version 5 Critical Infrastructure Protection Reliability Standards. In this order, FERC approved version 5 of the CIP standards and also directed that NERC make the following modifications to those standards:

Modify or remove the “identify, assess, and correct” language in 17 CIP version 5 requirements.
Develop modifications to the CIP standards to address security controls for Low Impact assets.
Develop requirements that protect transient electronic devices.
Create a definition of “communication networks” and develop new or modified standards that address the protection of communication networks.

FERC directed NERC to submit new or modified standards responding to the directives related to the “identify, assess, and correct” language and communication networks by February 3, 2015, one year from the effective date of Order No. 791. FERC did not place any time frame for NERC to respond to the Low Impact and transient electronic devices directives. The purpose of the proposed project is to address the directives from FERC Order No. 791 to develop or modify the CIP standards.

Draft	Actions	Dates	Results	Consideration of Comments
Draft RSAWs CIP-002-5.1 CIP-002-5.1 - standard CIP-003-6 CIP-003-6 - standard CIP-004-6 CIP-004-6 - standard CIP-005-5 CIP-005-5 - standard CIP-006-6 CIP-006-6 - standard CIP-007-6 CIP-007-6 - standard CIP-008-5 CIP-008-5 - standard CIP-009-6 CIP-009-6 - standard CIP-010-2 CIP-010-2 - standard CIP-011-2 CIP-011-2 - standard	Please send RSAW Feedback to: RSAWfeedback@nerc.net NERC filed the Reliability Standards developed during Project 2014-02 at the Federal Energy Regulatory Commission, and the Reliability Standards are pending regulatory approval. However, the Project 2014-02 CIP Version 5 Revisions Standard Drafting Team requested additional time to collaborate with the NERC CIP RSAW development team to draft the RSAWs after the standard development process concluded. Therefore, the RSAWs are posted for industry comment, but there is no concurrent comment period or ballot being conducted regarding the Reliability Standards.	03/13/15 - 04/14/15
Final Draft CIP-003-7 — Cyber Security — Security Management Controls Clean \| Redline to Last Posted Board Documents Clean CIP-003-6\| Redline to Last Adopted CIP-004-7 — Cyber Security — Personnel & Training Clean \| Redline to Last Posted Board Documents Clean CIP-004-6\| Redline to Last Adopted CIP-007-7 — Cyber Security — Systems Security Management Clean \| Redline to Last Posted Board Documents Clean CIP-007-6\| Redline to Last Adopted CIP-010-3 — Cyber Security — Configuration Change Management & Vulnerability Assessments Clean \| Redline to Last Posted Board Documents Clean CIP-010-2\| Redline to Last Adopted CIP-011-3 — Cyber Security — Information Protection Clean \| Redline to Last Posted Board Documents Clean CIP-011-2\| Redline to Last Adopted Definition of Terms Used in CIP-003-7 Clean \| Redline to Last Posted Board Documents Newly-Defined Definition of Terms Used in CIP-003-6 Definition of Terms Regarding Transient Devices Clean \| Redline to Last Posted Board Documents Newly-Defined Terms Regarding Transient Devices \| Modified Terms Implementation Plan Clean \| Redline to Last Posted Board Documents Clean \| Redline to Last Adopted Supporting Documents: Consideration of Issues and Directives Clean \| Redline to Last Posted Mapping Document Clean \| Redline to Last Posted VRF/VSL Justification Clean \| Board	Final Ballot Info>> Vote>> (Closed)	1/23/15 -02/02/15	Summary>> Ballot Results CIP-003-7>> CIP-004-7>> CIP-007-7>> CIP-010-3>> CIP-011-3>> CIP-003-7 Definition>> CIP-010-3 Definition>> Implementation Plan>>
Draft 3 CIP-003-7 — Cyber Security — Security Management Controls Clean \| Redline to Last Posted CIP-004-7 — Cyber Security — Personnel & Training Clean \| Redline to Last Posted CIP-007-7 — Cyber Security — Systems Security Management Clean \| Redline to Last Posted CIP-010-3 — Cyber Security — Configuration Change Management & Vulnerability Assessments Clean \| Redline to Last Posted CIP-011-3 — Cyber Security — Information Protection Clean \| Redline to Last Posted Definition of Terms Used in CIP-003-7 Clean \| Redline to Last Posted Definition of Terms Regarding Transient Devices Clean \| Redline to Last Posted Implementation Plan Clean \| Redline to Last Posted Supporting Documents: Unofficial Comment Form (Word) Consideration of Issues and Directives Clean \| Redline to Last Posted Mapping Document Clean \| Redline to Last Posted Draft RSAWs CIP-002-5.1 CIP-003-7 CIP-004-7 CIP-005-5 CIP-006-6 CIP-007-7 CIP-008-5 CIP-009-6 CIP-010-3 CIP-011-3	Additional Ballots and Non-Binding Polls Updated Info>> Info>> Vote>> (Closed)	12/30/14 -01/09/15	Summary>> Ballot Results CIP-003-7>> CIP-004-7>> CIP-007-7>> CIP-010-3>> CIP-011-3>> CIP-003-7 Definition>> CIP-010-3 Definition>> Implementation Plan>> Non-Binding Poll Results CIP-003-7>> CIP-004-7>> CIP-007-7>> CIP-010-3>> CIP-011-3>>	Consideration of Comments>>
	Comment Period Info>> (Closed)	11/25/14 –01/09/15	Comments Received>>
	The comment period and additional ballot close dates were extended one day to January 9, 2015 due to a NERC.com maintenance outage that occurred Saturday, December 13, 2014.		Comments Received>>
Please send RSAW Feedback to: RSAWfeedback@nerc.net	12/10/14 - 01/09/15
Final Draft CIP-003-6 — Cyber Security — Security Management Controls Clean \| Redline to Last Posted Redline to CIP-003-5 CIP-004-6 — Cyber Security — Personnel & Training Clean \| Redline to Last Posted Redline to CIP-004-5.1 CIP-006-6 — Cyber Security — Physical Security of BES Cyber Systems Clean \| Redline to Last Posted Redline to CIP-006-5 CIP-007-6 — Cyber Security — Systems Security Management Clean \| Redline to Last Posted Redline to CIP-007-5 CIP-009-6 — Cyber Security — Recovery Plans for BES Cyber Systems Clean \| Redline to Last Posted Redline to CIP-009-5 CIP-010-2 — Cyber Security — Configuration Change Management and Vulnerability Assessments Clean \| Redline to Last Posted Redline to CIP-010-1 CIP-011-2 — Cyber Security — Information Protection Clean \| Redline Redline to CIP-011-1 Implementation Plan Clean \| Redline to Last Posted Consideration of Issues and Directives Clean \| Redline to Last Posted Mapping Document Clean \| Redline to Last Posted Supporting Documents: VRF/VSL Justification	Final Ballots Info>> Vote>> (Closed)	10/28/14 - 11/06/14	Summary>> Ballot Results CIP-003-6>> CIP-004-6>> CIP-006-6>> CIP-007-6>> CIP-009-6>> CIP-010-2>> CIP-011-2>> Implementation Plan>>
Draft 2 CIP-003-6 — Cyber Security — Security Management Controls Clean \| Redline to Last Posted CIP-010-2 — Cyber Security — Configuration Change Management Clean \| Redline to Last Posted CIP-003-X — Cyber Security — Security Management Controls Clean \| Redline CIP-004-X — Cyber Security — Personnel and Training Clean \| Redline CIP-007-X — Cyber Security — Systems Security Management Clean \| Redline CIP-010-X — Cyber Security — Configuration Change Management Clean \| Redline CIP-011-X — Cyber Security — Information Protection Clean \| Redline Definition of Terms Used in CIP-003-6 Definition of Terms Used in CIP-010-2 Clean \| Redline to Last Posted Implementation Plan Clean \| Redline to Last Posted Implementation Plan (-X Posting) Supporting Documents Unofficial Comment Form (Word) IAC Posting - X Explanation Consideration of Issues and Directives Clean \| Redline to Last Posted Mapping Document Clean \| Redline to Last Posted Draft RSAWs CIP-002-5.1 CIP-003-6 CIP-004-6 CIP-005-5 CIP-006-6 CIP-007-6 CIP-008-5 CIP-009-6 CIP-010-2 CIP-011-2	Additional Ballots and Non-Binding Polls Updated Info>> Info>> Vote>> (Closed)	10/08/14 - 10/17/14	Summary>> Ballot Results CIP Version X>> CIP-003-6>> CIP-010-2>> Definition CIP-003-6>> Definition CIP-010-2>> Implementation Plan>> Non-Binding Poll Results CIP-003-X>> CIP-003-6>> CIP-004-X>> CIP-007-X>> CIP-010-X>> CIP-010-2>> CIP-011-X>>
	Comment Period Info>> (Closed)	09/03/14 - 10/17/14	Comments Received>>	Updated Consideration of Comments>> Consideration of Comments>>
	Please send RSAW Feedback to: RSAWfeedback@nerc.net (Closed)	09/17/14 - 10/17/14
CIP-003-6 — Cyber Security — Security Management Controls Clean \| Redline CIP-004-6 — Cyber Security — Personnel and Training Clean \| Redline CIP-006-6 — Cyber Security — Physical Security Clean \| Redline CIP-007-6 — Cyber Security — Systems Security Management Clean \| Redline CIP-009-6 — Cyber Security — Recovery Plans for BES Cyber Systems Clean \| Redline CIP-010-2 — Cyber Security — Configuration Change Management Clean \| Redline CIP-011-2 — Cyber Security — Information Protection Clean \| Redline Definition of Terms Used in Standards Clean \| Redline Implementation Plan Supporting Documents Unofficial Comment Form (Word) Consideration of Issues and Directives Mapping Document "Identify, Assess, and Correct" and Reliability Assurance Initiative FAQs Draft RSAWs CIP-002-5.1 CIP-003-6 CIP-004-6 CIP-005-5 CIP-006-6 CIP-007-6 CIP-008-5 CIP-009-6 CIP-010-2 CIP-011-2	Ballots and Non-Binding Polls Updated Info>> Info>> Vote>> (Closed)	07/07/14 - 07/16/14	Summary>> Ballot Results CIP-003-6>> CIP-004-6>> CIP-006-6>> CIP-007-6>> CIP-009-6>> CIP-010-2>> CIP-011-2>> Definition>> Non-Binding Poll Results CIP-003-6>> CIP-004-6>> CIP-006-6>> CIP-007-6>> CIP-009-6>> CIP-010-2>> CIP-011-2>>
	Comment Period Info>> (Closed)	06/02/14 - 07/16/14	Comments Received>>	Consideration of Comments>>
	Join Ballot Pool>> Please note: To avoid the inconvenience for the industry to join 15 separate ballot pools, we have set up one for the ballots (on the standards and definition) and one for the non-binding polls. Once the ballot pools close, individual ballots will be created by carrying over the members of the ballot pools. There will be a separate ballot for each of the 7 standards, the definition and 7 non-binding polls. (Closed)	06/02/14 - 07/01/14
	Please send RSAW Feedback to: RSAWfeedback@nerc.net (Closed)	06/17/14 - 07/16/14
SAR Clean \| Redline to last posted
Standard Authorization Request Supporting Documents: Unofficial Comment Form (Word)	Comment Period Info>>re (Closed)	01/17/14 - 02/18/14	Comments Received>>

Atlanta Office | 3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560
Washington Office | 1401 H Street NW, Suite 410, Washington, DC 20005| 202-400-3000

Group Health Plan Transparency in Coverage Files*

*This link leads to the machine-readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Project-2014-XX-Critical-Infrastructure-Protection-Version-5-Revisions // <![CDATA[ _spBodyOnLoadFunctionNames.push("setupPageDescriptionCallout"); // ]]>

Project-2014-XX-Critical-Infrastructure-Protection-Version-5-Revisions