Interpretation 2012-INT-04 CIP-007 for ITC

Status:
A recirculation ballot for the interpretation of CIP-007 closed on September 20, 2013. The quorum was reached at 91.64% with an approval of 98.61%. The interpretation is being presented to the NERC Board of Trustees at its November 2013 meeting.

Purpose/Industry Need:
Asks for clarity on passwords - specifically looking for more clarity on 'technical controls' and 'procedural controls' as they apply to passwords - and clarity on when/if the requirement is to have both technical and procedural controls.

Background:
In May 2011, the Standards Committee appointed a standing CIP Interpretation Drafting Team (IDT) for the development of CIP Interpretations. A project team from the CIP IDT has reviewed ITC's request for interpretation and developed this interpretation pursuant to the NERC Guidelines for IDTs. In its first question, ITC asked for clarification on whether each sub-requirement of CIP-007-3, Requirement R5 requires both "technical and procedural controls." In its second question, ITC asked for clarification on whether technical controls in CIP-007-3, Requirement R5.3 mean that each individual Cyber Asset within the Electronic Security Perimeter (ESP) has to automatically enforce each of the three R5.3 sub-parts.

Interpretation Process:
In accordance with the Reliability Standards Development Procedure, the interpretation must be posted for a 30-day pre-ballot review, and then balloted. There is no public comment period for an interpretation. Balloting will be conducted following the same method used for balloting standards. If the interpretation is approved by its ballot pool, then the interpretation will be appended to the standard and will become effective when adopted by the NERC Board of Trustees and approved by the applicable regulatory authorities. The interpretation will remain appended to the standard until the standard is revised through the normal standards development process. When the standard is revised, the clarifications provided by the interpretation will be incorporated into the revised standard.

Draft	Action	Dates	Results	Consideration of Comments
Interpretation of CIP-007-3 for ITC Interpretation Clean	Final Ballot Info>> Vote>>	09/11/13 - 09-20/13 (closed)	Summary>> Full Record>>
Interpretation of CIP-007-3 for ITC Interpretation Clean Redline to last posted Supporting Materials: Unofficial Comment Form Word Request for Interpretation CIP-007-3	Initial Ballot Updated Info>> Info>> Vote>>	03/13/13 - 03/22/13 (closed)	Summary>> Full Record>>
	Formal Comment Period Info>> Submit Comments>>	02/06/13 - 03/22/13 (closed)	Comments Received>>	Considertation of Comments>>
	Join Ballot Pool>>
ITC Interpretation of CIP-007 Interpretation Request for Interpretation Supporting Document: CIP-007-3 Unofficial Comment Form (Word)	Comment Period Info>> Submit Comments>>	11/9/2012 - 12/10/2012 (closed)	Comments Received>>	Consideration of Comments>>

To download a file click on the file using your right mouse button, then save it to your computer in a directory of your choice.

All comments should be forwarded to sarcomm@nerc.net.

Atlanta Office | 3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560
Washington Office | 1401 H Street NW, Suite 410, Washington, DC 20005| 202-400-3000

Group Health Plan Transparency in Coverage Files*

*This link leads to the machine-readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Interpretation-of-CIP-007-for-ITC // <![CDATA[ _spBodyOnLoadFunctionNames.push("setupPageDescriptionCallout"); // ]]>

Interpretation-of-CIP-007-for-ITC