Newsroom  •  Site Map  •  Contact NERC

  
Advanced Search
 
About NERC Standards Compliance Assessments Events Analysis Programs  


Project 2008-06
Cyber Security Order 706
Related Files

  Activity Description Status
4 Update to Version 4 CIP Standards (Phase II) Represents a shift towards identifying and categorizing the BES Cyber Systems that support the functions critical to the reliable operation of the Bulk Electric System (BES) as a basis for applying security controls commensurate with the potential impact those BES Cyber Systems have on the reliability of the BES. The drafting team is reviewing comments received from the informal comment period.
3 Violation Risk Factors and Violation Severity Levels for CIP Version 2 (Phase I)

Violation Risk Factors (for CIP-003-2 and CIP-006-2) and Violation Severity Levels (CIP-002-2 through CIP-009-2

 Approved by NERC Board of Trustees and filed with regulatory authorities.
2

Update from CIP Version 1 to Version 2 Standards (Phase I)

 Revision of CIP-002-1 through CIP-009-1 to CIP-002-2 through CIP-009-2.  This part of the project included the “Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities.”  Violation Risk Factors and Violation Severity Levels were done separately (see item 3 in list). Approved by FERC.  CIP Version 2 standards enforceable on April 1, 2010.
1 Standard Authorization Request (SAR) and Drafting Team Nominations   Complete 

Related or Supplemental Activities Pertaining to CIP Standards,
but not specifically part of Project 2008-06
Activity Description Status
Project 2009-21 Cyber Security 90-day Response Not originally part of Project 2008-06, but resulted from FERC approval of CIP Version 2 standards.  FERC issued directives due within 90 days. Approved by the NERC Board of Trustees and filed with regulatory authorities.
Project 2010-09 Cyber Security Order 706B Nuclear Plant Implementation Plan Special project to define implementation of CIP standards relative to nuclear power plants.

Implementation plan for CIP version 1 standards approved by FERC.

Plan for Version 2 and Version 3 is underway.

Purpose/Industry Need:
This set of revisions in this project includes:

  • Modifying the standards so they conform to the latest approved versions of the ERO Rules of Procedure as outlined in the Standard Review Guidelines identified in Attachment 1.
  • Addressing the directives issued by FERC, in Order 706 relative to the approved Cyber Security Standards CIP-002-1 through CIP-009-1. Refer to http://www.ferc.gov/whats-new/comm-meet/2008/011708/E-2.pdf the complete text of the final order. Specific requirements from the Order are identified in Attachment 2.
    –  Emphasis on Order 706 directive for NERC to address revisions to the CIP standards considering applicable feature of the NIST Security Risk Management Framework among other resources.
  • Incorporating clarifications from the Interpretation of CIP-006-1 Requirement 1.1.

NOTE: Additional issues identified by stakeholders during the posting of this SAR are listed in a supplementary SAR.  The supplementary SAR will be posted for industry comment, and if supported by stakeholders, will be appended to this SAR.


All comments should be forwarded to sarcomm@nerc.net.  
 Questions?  Contact Lauren Koller - lauren.koller@nerc.net or 609-452-8060.


Legal and Privacy  :  609.452.8060 voice  :  609.452.9550 fax  :  116-390 Village Boulevard  :  Princeton, NJ 08540-5721
Washington Office: 1120 G Street, N.W. : Suite 990 : Washington, DC 20005-3801





Copyright © 2008 by the North American Electric Reliability Corporation.  :  All rights reserved.
A New Jersey Nonprofit Corporation