Related Files
Status Final ballots concluded on July 20, 2017 for the following standards:
· CIP-005-6 - Cyber Security - Electronic Security Perimeter(s);
· CIP-010-3 - Cyber Security - Configuration Change Management and Vulnerability Assessments; and
· CIP-013-1 - Cyber Security - Supply Chain Risk Management.
The voting results can be accessed via the links below. The standards will be submitted to the Board of Trustees for adoption and then filed with the appropriate regulatory authorities.
Background
The project will address directives from Federal Energy Regulatory Commission (FERC) Order No. 829 to develop a new or modified standard to address “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.” See Order No. 829, at P 1.
Standard(s) Affected: The project will propose a new standard or revisions to approved Critical Infrastructure Protection (CIP) standards.
Purpose/Industry Need
On July 21, 2016 FERC issued Order No. 829, Revised Critical Infrastructure Protection Reliability Standards. In this order, FERC directed that NERC either develop a new standard or develop modifications to an existing standard to address the following reliability objective:
[FERC] directs] NERC to develop a develop a forward-looking, objective-based Reliability Standard to require each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations. The new or modified Reliability Standard should address the following security objectives, discussed in detail below: (1) software integrity and authenticity; (2) vendor remote access; (3) information system planning; and (4) vendor risk management and procurement controls”. See Order 829, at P 3.
The new standard or modified standard(s) are designed to “mitigate the risk of a cybersecurity incident affecting the reliable operation of the Bulk-Power System” (See Order No. 829, at P 1) and must be filed with regulatory authorities within one year of the Order No 829 effective date.
<>
Cost Effectiveness
The SDT sought stakeholder input on the cost effectiveness of the proposed standards during commenting. The majority of stakeholders indicated that the proposed standards provide entities with flexibility to meet the reliability objectives in a cost effective manner. However, some stakeholders, particularly smaller entities, expressed concerns about the potential impact of the compliance obligations on their staff and budgets. Some stakeholders believe that the requirements will not be effective because, consistent with Order No. 829, the standards do not impose requirements on vendors directly. Additionally, some stakeholders predict that costs for obtaining vendor products and services will rise as a result of the new standards.
<>
<><><><><><><><><><>
| Draft |
Actions |
Dates |
Results |
Consideration of Comments |
| Final Draft
CIP-005-6
CIP-010-3
CIP-013-1
Implementation Plan
Supporting Materials
VRF/VSL Justification
Consideration of Directives
|
Final Ballot
|
07/11/17 – 07/20/17 |
Ballot Results
CIP-005-6
CIP-010-3
CIP-013-1 |
|
| Draft 1
CIP-005-6
CIP-010-3
Draft 2
Supporting Materials
VRF/VSL Justification
Consideration of Directives
Draft RSAWs
CIP-005-6
CIP-010-3
CIP-013-1
|
Initial / Additional Ballots
and Non-binding Polls
Info
Vote |
06/06/17 – 06/15/17
The non-binding polls were extended an additional day to reach quorum and closed June 16, 2017 |
Ballot Results
Non-binding Poll Results
CIP-005-6
CIP-010-3
CIP-013-1
|
|
Comment Period
|
05/02/17 – 06/15/17 |
Comments Received
|
Consideration of Comments |
| Join Ballot Pools |
05/02/17 – 05/31/17 |
|
|
|
Send RSAW feedback to:
RSAWfeedback@nerc.net |
05/25/17 - 06/15/17 |
Draft 1
Supporting Materials
|
Initial Ballot and Non-binding Poll
|
02/24/17 - 03/06/17 |
Ballot Results
Non-binding Poll Results |
|
Comment Period
|
01/19/17 - 03/06/17 |
Comments Received |
Consideration of Comments |
| Join Ballot Pools |
01/19/17 - 02/17/17 |
|
|
| Info
Send RSAW feedback to:
|
02/03/17 - 03/06/17
|
|
|
The Standards Committee accepted the Standards Authorization Request on December 14, 2016. |
|
Supporting Materials
|
Comment Period
|
10/20/16 – 11/18/16 |
Comments Received |
Consideration of Comments |
Drafting Team Nominations
Supporting Materials
|
Nomination Period
|
07/29/16 – 08/18/16 |
|
|
