Newsroom  •  Site Map  •  Contact NERC

  
Advanced Search
 
About NERC Standards Compliance Assessments Events Analysis Programs  


Project 2008-06
Cyber Security Order 706
Related Files

Purpose/Industry Need:
This set of revisions in this project includes:

  • Modifying the standards so they conform to the latest approved versions of the ERO Rules of Procedure as outlined in the Standard Review Guidelines identified in Attachment 1.
  • Addressing the directives issued by FERC, in Order 706 relative to the approved Cyber Security Standards CIP-002-1 through CIP-009-1. Refer to http://www.ferc.gov/whats-new/comm-meet/2008/011708/E-2.pdf the complete text of the final order. Specific requirements from the Order are identified in Attachment 2.
    –  Emphasis on Order 706 directive for NERC to address revisions to the CIP standards considering applicable feature of the NIST Security Risk Management Framework among other resources.
  • Incorporating clarifications from the Interpretation of CIP-006-1 Requirement 1.1.

 

  Activity Description Status

5
 Version 5 CIP Standards Continue to address remaining Order 706 directives. Posted for parallel formal comment period and initial ballot through January 6, 2012.  See Related Files for Meeting Minutes and Meeting Summaries.
4 Update to Version 4 CIP Standards (Phase II) Represents a shift towards identifying and categorizing the BES Cyber Systems that support the functions critical to the reliable operation of the Bulk Electric System (BES) as a basis for applying security controls commensurate with the potential impact those BES Cyber Systems have on the reliability of the BES. Approved by NERC Board of Trustees on January 24, 2011.
3 Violation Risk Factors and Violation Severity Levels for CIP Version 2 (Phase I)

Violation Risk Factors (for CIP-003-2 and CIP-006-2) and Violation Severity Levels (CIP-002-2 through CIP-009-2

 Approved by NERC Board of Trustees and filed with regulatory authorities.
2

Update from CIP Version 1 to Version 2 Standards (Phase I)

 Revision of CIP-002-1 through CIP-009-1 to CIP-002-2 through CIP-009-2.  This part of the project included the “Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities.”  Violation Risk Factors and Violation Severity Levels were done separately (see item 3 in list). Approved by FERC.  CIP Version 2 standards enforceable on April 1, 2010.
1 Standard Authorization Request (SAR) and Drafting Team Nominations   Complete 

Related or Supplemental Activities Pertaining to CIP Standards,
but not specifically part of Project 2008-06
Activity Description Status
Project 2009-21 Cyber Security 90-day Response Not originally part of Project 2008-06, but resulted from FERC approval of CIP Version 2 standards.  FERC issued directives due within 90 days. Approved by the NERC Board of Trustees and filed with regulatory authorities.
Project 2010-09 Cyber Security Order 706B Nuclear Plant Implementation Plan Special project to define implementation of CIP standards relative to nuclear power plants.

Implementation plan for CIP version 1 standards approved by FERC.

Plan for Version 2 and Version 3 is underway.


All comments should be forwarded to sarcomm@nerc.com.
 Questions?  Contact Monica Benson at monica.benson@nerc.net or 404-446-2560.


Legal and Privacy
404.446.2560 voice : 404.446.2595 fax
Atlanta Office: 3353 Peachtree Road, N.E. : Suite 600, North Tower : Atlanta, GA 30326
Washington Office: 1325 G Street, N.W. : Suite 600 : Washington, DC 20005-3801





Copyright © 2012 by the North American Electric Reliability Corporation.  :  All rights reserved.
A New Jersey Nonprofit Corporation