Newsroom  •  Site Map  •  Contact NERC

  
Advanced Search
 
About NERC Standards Compliance Assessments Events Analysis Programs  


Cyber Security (Project 2008-06)

Registered Ballot Body | Related Files | Drafting Team Rosters

All Critical Infrastructure Protection Standards Activities

Status — VRFs and VSLs 
 The Cyber Security Standard Drafting Team has posted its Version 2 Violation Severity Levels for CIP-002-2 through CIP-009-2 and the Violation Risk Factors for CIP-003-2 and CIP-006-2.

Status — Draft Standards
The ballot pool approved the standards revisions.  The revised standards will be submitted to the NERC Board of Trustees for adoption.

 

Purpose/Industry Need
This set of revisions in this project includes:

  • Modifying the standards so they conform to the latest approved versions of the ERO Rules of Procedure as outlined in the Standard Review Guidelines identified in Attachment 1.
  • Addressing the directives issued by FERC, in Order 706 relative to the approved Cyber Security Standards CIP-002-1 through CIP-009-1. Refer to http://www.ferc.gov/whats-new/comm-meet/2008/011708/E-2.pdf the complete text of the final order. Specific requirements from the Order are identified in Attachment 2.
    –  Emphasis on Order 706 directive for NERC to address revisions to the CIP standards considering applicable feature of the NIST Security Risk Management Framework among other resources.
  • Incorporating clarifications from the Interpretation of CIP-006-1 Requirement 1.1.

NOTE: Additional issues identified by stakeholders during the posting of this SAR are listed in a supplementary SAR.  The supplementary SAR will be posted for industry comment, and if supported by stakeholders, will be appended to this SAR.
Proposed Standard Supporting Materials Comment 
Period		 Comments
Received

Response
to Comments
Announcement

Second Draft of Revised Cyber Security Standards CIP-002-2 through CIP-009-2 Posted for a 10-day Recirculation Ballot Window

Clean and Redline Versions to last posting (zip file)

Redline Versions to last approval (zip file)
 Version 2 Implementation Plan
clean | redline to last posting

Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities

clean | redline to last posting		 04/17/09 - 04/27/09
(closed)


Recirculation Ballot		   Announcement

Ballot Results
Announcement

Second Draft of Revised Cyber Security Standards CIP-002-2 through CIP-009-2 Posted for a 10-day Ballot Window

Clean and Redline Versions to last posting (zip file)

Redline Versions to last approval (zip file)		 Version 2 Implementation Plan
clean | redline to last posting

Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities

clean | redline to last posting		 04/01/09 - 04/10/09
(closed)

Ballot		   Announcement

Ballot Results

Additional Ballot Comments

Consideration of Comment
Announcement
Version 2 VSLs for CIP-002-2 through CIP-009-2 and Version 2 VRFs for CIP-003-2 and CIP-006-2

Version 2 Violation Severity Levels (for CIP-002-2 through CIP-009-2)

Version 2 Violation Risk Factors
(for CIP-003-2 and CIP-006-2)

Complete set of materials for commenting on Project 2008-06 and Project 2008-14 (zip) 03/16/09 - 04/20/09
(closed)

Comment Form

*Please submit only one comment form.  The form covers Project 2008-06 and Project 2008-14. 		Comments Recieved  
Announcement

Second Draft of Revised Cyber Security Standards CIP-002-2 through CIP-009-2 Posted for a  30-day Pre-ballot Review

Clean and Redline Versions to last posting (zip file)

Redline Versions to last approval (zip file)		 Version 2 Implementation Plan
clean | redline to last posting

Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities

clean | redline to last posting		 03/03/09 - 04/01/09
(closed)

 Join Ballot Pool		    
Announcement

First Draft of Revised Cyber Security Standards CIP-002-1 through CIP-009-1 Posted for 45-day Comment Period

 CIP-002-1 through CIP-009-1 Clean and Redline Versions (zip file)
 Implementation Plan

Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities

 11/21/08 – 01/05/09

Electronic Comment Form

Word Version		 Comments Received
(Please select icon in the left hand column to see individual response.)		 Consideration of Comments

 

   Announcement

 

07/15/08 - 07/28/08

(closed)

Electronic Nomination Form

Nomination Form (Word version)

    

Draft SAR Version 2
Cyber Security Standards

Draft SAR Version 2
 Clean | Redline

Attachment 2 ― Excerpts from FERC Order 706

Cyber Standards ― Last approved

Letter from NERC President and CEO on Cyber Security    

Announcement

Draft SAR Version 1
Cyber Security Standards
Posted for 30-day Comment Period

Draft SAR Version 1

Cyber Standards ― Last approved

  03/20/08 – 04/19/08
(closed)

Comment Form

Questions

Announcement

03/20/08 – 04/04/08
(closed)

Nomination Form

Comments

 Consideration of Comments

To download a file click on the file using your right mouse button, then save it to your computer in a directory of your choice.

Documents in the PDF format require use of the Adobe Reader® software.  Free Adobe Reader® software allows anyone view and print Adobe Portable Document Format (PDF) files.   For more information download the Adobe Reader User Guide.


All comments should be forwarded to sarcomm@nerc.net.  
 Questions?  Contact Lauren Koller - lauren.koller@nerc.net or 609-452-8060.


Legal and Privacy  :  609.452.8060 voice  :  609.452.9550 fax  :  116-390 Village Boulevard  :  Princeton, NJ 08540-5721
Washington Office: 1120 G Street, N.W. : Suite 990 : Washington, DC 20005-3801





Copyright © 2008 by the North American Electric Reliability Corporation.  :  All rights reserved.
A New Jersey Nonprofit Corporation