search
  |    Account Log-In/Register    |    Contact Us
Project 2016-03 Cyber Security Supply Chain Risk Management

Related Files

Status
Final ballots concluded on July 20, 2017 for the following standards:
 
·        CIP-005-6 - Cyber Security - Electronic Security Perimeter(s);
·        CIP-010-3 - Cyber Security - Configuration Change Management and Vulnerability Assessments; and
·        CIP-013-1 - Cyber Security - Supply Chain Risk Management.
 
The voting results can be accessed via the links below.  The standards will be submitted to the Board of Trustees for adoption and then filed with the appropriate regulatory authorities.
 
Background
The project will address directives from
Federal Energy Regulatory Commission (FERC) Order No. 829 to develop a new or modified standard to address “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.” See Order No. 829, at P 1.

Standard(s) Affected: The project will propose a new standard or revisions to approved Critical Infrastructure Protection (CIP) standards.
Purpose/Industry Need
On July 21, 2016 FERC issued Order No. 829, Revised Critical Infrastructure Protection Reliability Standards. In this order, FERC directed that NERC either develop a new standard or develop modifications to an existing standard to address the following reliability objective:
 
[FERC] directs] NERC to develop a develop a forward-looking, objective-based Reliability Standard to require each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations. The new or modified Reliability Standard should address the following security objectives, discussed in detail below: (1) software integrity and authenticity; (2) vendor remote access; (3) information system planning; and (4) vendor risk management and procurement controls”. See Order 829, at P 3.
 

The new standard or modified standard(s) are designed tomitigate the risk of a cybersecurity incident affecting the reliable operation of the Bulk-Power System” (See Order No. 829, at P 1) and must be filed with regulatory authorities within one year of the Order No 829 effective date.

<><><><><><><><><><><><><><><><><>
Draft Actions Dates Results Consideration of Comments
Final Draft
 
CIP-005-6
 
CIP-010-3
 
CIP-013-1
 
Implementation Plan
 
Supporting Materials
 
VRF/VSL Justification
 
 
Consideration of Directives
 
Final Ballot
 
 
07/11/17 – 07/20/17

​Ballot Results

CIP-005-6

CIP-010-3

CIP-013-1

Draft 1
CIP-005-6
 
CIP-010-3
 
Draft 2
 
 
Supporting Materials
 VRF/VSL Justification
 
 
Consideration of Directives
 
 
 
Draft RSAWs
 
CIP-005-6
 
CIP-010-3
 
CIP-013-1
 
Initial / Additional Ballots
and Non-binding Polls

Info

Vote

06/06/17 – 06/15/17

The non-binding polls were extended an additional day to reach quorum and closed June 16, 2017

Ballot Results
 
 
 
Non-binding Poll Results
 
 
CIP-005-6

CIP-010-3

CIP-013-1
Comment Period
 
 
05/02/17 – 06/15/17
​Comments Received
​Consideration of Comments
Join Ballot Pools 05/02/17 – 05/31/17
 
Send RSAW feedback to:
RSAWfeedback@nerc.net
05/25/17 - 06/15/17
 
 
Draft 1
 
Supporting Materials
 
 
 
 
Initial Ballot and Non-binding Poll
 
 
02/24/17 - 03/06/17​

​Ballot Results

Non-binding Poll Results

Comment Period
 
 
01/19/17 - 03/06/17​

 

 

Comments Received

Consideration of Comments
Join Ballot Pools 01/19/17 - 02/17/17​
Info
 
Send RSAW feedback to:

02/03/17 - 03/06/17

The Standards Committee accepted the Standards Authorization Request on December 14, 2016.

 
Supporting Materials
 
 
Comment Period
 
 
10/20/16 – 11/18/16 ​Comments Received Consideration of Comments
 
Drafting Team Nominations
 
Supporting Materials
 
 
 
Nomination Period
 
07/29/16 – 08/18/16
 

 

 
 

home | account log-in/register | legal and privacy/trademark policy | site map | careers | contact us

Atlanta Office | 3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560
Washington Office | 1325 G Street, NW Suite 600, Washington, DC 20005| 202-400-3000

Copyright 2016 North American Electric Reliability Corporation. All rights reserved.