Project 2022-05 Modifications to CIP-008 Reporting Threshold

Status
The comment and nomination period for the Project 2022-05 Modifications to CIP-008 Reporting Threshold Standard Authorization Request (SAR) concluded at 8 p.m. Eastern, Monday, December 5, 2022. 

Background
Reliability Standard CIP-008-6 became effective on January 1, 2021, in response to FERC Order No. 848¹ directing NERC to develop modifications to the Reliability Standards to require reporting of Cyber Security Incidents and attempt(s) to compromise a responsible entity's Electronic Security Perimeter (ESP) or associated Electronic Access Control or Monitoring Systems (EACMS).

Since the effective date of CIP-008-6, there has not been a material change from CIP-008-5 in the number of Reportable Cyber Security Incidents or Cyber Security Incidents that were determined to be an attempt to compromise an applicable system. This project will address gaps in CIP-008-6 permitting a subjective determination of attempt(s) to compromise. The Standard Drafting Team (SDT) will modify the Reliability Standards and associated definitions as necessary to provide a minimum expectation for thresholds to support the definition of attempt to compromise.

Standard(s) Affected: CIP-008

Purpose/Industry Need
In Q3 2021, the ERO Enterprise initiated a study to better understand how registered entities have implemented Reliability Standard CIP-008-6; specifically, how the registered entities have interpreted Reportable Cyber Security Incidents and defined attempt(s) to compromise. The study concluded that the current language of the Reliability Standard permits the use of subjective criteria to define attempt(s) to compromise, and most programs include a provision allowing a level of staff discretion. The resulting white paper concluded that² Reliability Standard CIP-008-6, or definitions, will be modified to provide a minimum expectation for thresholds defining attempt to compromise.

Subscribe to this project's observer mailing list
Select "NERC Email Distribution Lists" from the "Service" drop-down menu and specify “Project 2022-05 Modifications to CIP-008 Reporting Threshold Observer List” in the Description Box.

¹ https://www.nerc.com/FilingsOrders/us/FERCOrdersRules/E-1_Order%20No.%20848.pdf

² CIP-008-6 Effectiveness Study Summary (nerc.com)

Draft	Actions	Dates	Results	Consideration of Comments
Standard Authorization Request Clean \| Redline	The SC accepted the SAR on July 19, 2023
Drafting Team Nominations Supporting Materials Unofficial Nomination Form (Word)	Nomination Period Info Submit Nominations	11/02/2022 – 12/05/2022
Standard Authorization Request Supporting Materials Unofficial Comment Form (Word)	Comment Period Info Submit Comments	11/02/2022 – 12/05/2022	Comments Received	Summary Response to Comments

Atlanta Office | 3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560
Washington Office | 1401 H Street NW, Suite 410, Washington, DC 20005| 202-400-3000

Group Health Plan Transparency in Coverage Files*

*This link leads to the machine-readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Project2022-05ModificationstoCIP-008-aspx // <![CDATA[ _spBodyOnLoadFunctionNames.push("setupPageDescriptionCallout"); // ]]>

Project2022-05ModificationstoCIP-008-aspx