Critical Infrastructure Protection Standards Activities

Item	Description	Approximate Posting Dates	Seeking Feedback From
Version 2 CIP Standards	The SDT for Project 2008-06 Cyber Security Order 706 posted proposed version 2 of CIP-002 thru CIP-009 standards for an initial ballot ending on April 10, 2009. The ballot pool approved the standards revisions. The revised standards will be submitted to the NERC Board of Trustees for adoption.	Pre-ballot Review (closed) 03/03 - 04/01 Initial Ballot (closed) 04/01 - 04/10 Recirculation Ballot (closed) 04/17 - 04/27 View now >>	Registered Ballot Body
Violation Severity Levels	The drafting team for Project 2008-14 Cyber Security Violation Severity Levels is responsible for proposing VSLs for industry comment. Proposed version 1 and version 2 VSLs will be posted simultaneously for industry comment. The Version 1 VSLs are a comprehensive set of initial VSLs for all the requirements of the version 1 CIP-002 thru CIP-009 standards as directed in FERC Order 706. Version 2 VSLs will only include proposed modifications to the Version 1 VSLs needed for consistency with the Version 2 CIP-002 through CIP-009 standards discussed above. It is very important to note: the industry is being asked to comment on the version 1 VSLs in their entirety. The industry is then asked to comment only on the proposed modifications to the version 1 VSLs to create the version 2 VSLs. Any comments that are supplied relative to the version 1 VSLs will automatically apply to the version 2 VSLs and therefore will not need to be repeated.	Industry Comment (closed) 03/16 - 04/20 View Version 1 VSL's >> View Version 2 VSL's >> Pre-ballot Review 05/01 - 06/01 Initial Ballot 06/01 - 06/10 Recirculation Ballot 06/16 - 06/26
Violation Risk Factors for Version 2 CIP Standards	The standard drafting team for Project 2008-06 is responsible for proposing changes to the Violation Risk Factors (VRFs) for the version 2 CIP-002 thru CIP-009 standards consistent with any proposed changes to the standards as posted for industry ballot noted above (see Version 2 CIP standards above). CIP-003-2 and CIP-006-2 are the only standards whose VRF’s have been affected by the proposed Version 2 changes.	Industry Comment (closed) 03/16 - 04/20 View now >> Pre-ballot Review 05/01 - 06/01 Initial Ballot 06/01 - 06/10 Recirculation Ballot 06/16 - 06/26
Technical Feasibility Exception Procedure	A modification of NERC’s Rules of Procedure, the technical feasibility exception (TFE) procedure was drafted as a result of recommendations from the SDT for Project 2008-06 Cyber Security Order 706. The formal process for modifying NERC’s Rules of Procedure involves, among other things, posting the TFE procedure for a 45-day comment period. NERC staff will consider all comments received in developing a recommendation for NERC Board of Trustee approval before submitting the revision to the appropriate governmental authorities for final approval.	Industry Comment (closed) 3/16 - 4/30 View now >>	All interested parties
Critical Cyber Asset Identification Guidelines	The Critical Infrastructure Protection Committee will be issuing a guideline in reference to the identification of critical cyber assets.	Industry Comment (closed) 4/1 - 5/15 View now >>