Status — VRFs and VSLs The Cyber Security Standard
Drafting Team has posted its Version 2 Violation Severity Levels for
CIP-002-2 through CIP-009-2 and the Violation Risk Factors for CIP-003-2
and CIP-006-2.
Status — Draft Standards The ballot pool
approved the standards revisions. The revised standards will be
submitted to the NERC Board of Trustees for adoption.
Purpose/Industry Need
This set of revisions in this project includes:
Modifying the standards so they conform to the latest
approved versions of the ERO Rules of Procedure as outlined in the
Standard Review Guidelines identified in Attachment 1.
Addressing the directives issued by FERC, in
Order 706 relative to the approved Cyber Security Standards
CIP-002-1 through CIP-009-1. Refer to
http://www.ferc.gov/whats-new/comm-meet/2008/011708/E-2.pdf
the complete text of the final order.
Specific requirements
from the Order are identified in Attachment 2.
– Emphasis on Order 706 directive for NERC to
address revisions to the CIP standards considering applicable
feature of the NIST Security
Risk Management Framework among other resources.
Incorporating clarifications from the Interpretation of CIP-006-1
Requirement 1.1.
NOTE: Additional issues identified by stakeholders during the posting of
this SAR are listed in a supplementary SAR.The supplementary SAR will be posted for industry comment, and if
supported by stakeholders, will be appended to this SAR.