search
  |    Account Log-In/Register    |    Contact Us
Project 2014-02 Critical Infrastructure Protection Standards Version 5 Revisions
 
Status:
NERC filed the Reliability Standards developed during Project 2014-02 at the Federal Energy Regulatory Commission, and the Reliability Standards are pending regulatory approval. However, the Project 2014-02 CIP Version 5 Revisions Standard Drafting Team requested additional time to collaborate with the NERC CIP RSAW development team to draft the RSAWs after the standard development process concluded. Therefore, the RSAWs are posted for industry comment, but there is no concurrent comment period or ballot being conducted regarding the Reliability Standards.
Background:
On November 22, 2013, FERC issued Order No. 791, Version 5 Critical Infrastructure Protection Reliability Standards. In this order, FERC approved version 5 of the CIP standards and also directed that NERC make the following modifications to those standards:
  1. Modify or remove the “identify, assess, and correct” language in 17 CIP version 5 requirements.
  2. Develop modifications to the CIP standards to address security controls for Low Impact assets.
  3. Develop requirements that protect transient electronic devices.
  4. Create a definition of “communication networks” and develop new or modified standards that address the protection of communication networks.

FERC directed NERC to submit new or modified standards responding to the directives related to the “identify, assess, and correct” language and communication networks by February 3, 2015, one year from the effective date of Order No. 791. FERC did not place any time frame for NERC to respond to the Low Impact and transient electronic devices directives.  The purpose of the proposed project is to address the directives from FERC Order No. 791 to develop or modify the CIP standards.
 

Draft ​Actions ​Dates ​Results ​Consideration of Comments
Draft RSAWs
 
CIP-002-5.1 - standard
CIP-003-6 - standard
CIP-004-6 - standard
CIP-005-5 - standard
CIP-006-6 - standard
CIP-007-6 - standard
CIP-008-5 - standard
CIP-009-6 - standard
CIP-010-2 - standard
CIP-011-2 - standard
 
Please send RSAW Feedback to:
 
 
NERC filed the Reliability Standards developed during
Project 2014-02 at the Federal Energy Regulatory Commission, and the Reliability Standards are pending regulatory approval. However, the Project 2014-02 CIP Version 5 Revisions Standard Drafting Team requested additional time to  collaborate with the NERC CIP RSAW development
team to draft the RSAWs after the standard development process concluded. Therefore, the RSAWs are posted for industry comment, but there is no concurrent comment period or ballot being conducted regarding the Reliability Standards.
03/13/15 - 04/14/15
 
 
Final Draft
 
CIP-003-7 — Cyber Security — Security Management Controls
Clean | Redline​ to Last Posted
 
Board Documents

CIP-004-7 — Cyber Security — Personnel & Training
Clean | Redline​ to Last Posted
 
Board Documents
 
CIP-007-7 — Cyber Security — Systems Security Management
Clean | Redline​ to Last Posted
 
Board Documents

CIP-010-3 — Cyber Security — Configuration Change Management & Vulnerability Assessments
Clean | Redline​ to Last Posted
 
Board Documents
 
CIP-011-3 — Cyber Security — Information Protection
Clean | Redline​ to Last Posted
 
Board Documents
 
Definition of Terms Used in
CIP-003-7
 
Board Documents
 
Board Documents
 
Implementation Plan
Clean | Redline to Last Posted
 
Board Documents
 
Supporting Documents:
 
Consideration of Issues and Directives
Clean | Redline to Last Posted
 
 
 VRF/VSL Justification
Clean | Board

 

Final Ballot
 
 

Vote>>

(Closed)

1/23/15 -02/02/15​
 

Summary>>

 

Ballot Results

CIP-003-7>>

CIP-004-7>>

 CIP-007-7>>

CIP-010-3>>

CIP-011-3>>

CIP-003-7 Definition>>

CIP-010​-3 Definition>>

Implementation Plan>>

 
Draft 3 
 
CIP-003-7 — Cyber Security — Security Management Controls
Clean | Redline​ to Last Posted

CIP-004-7 — Cyber Security — Personnel & Training
Clean | Redline​ to Last Posted

CIP-007-7 — Cyber Security — Systems Security Management
Clean | Redline​ to Last Posted

CIP-010-3 — Cyber Security — Configuration Change Management
& Vulnerability Assessments
Clean | Redline​ to Last Posted
 
CIP-011-3 — Cyber Security — Information Protection
Clean | Redline​ to Last Posted
 
Definition of Terms Used in
CIP-003-7
 
Definition of Terms Regarding Transient Devices
Clean | Redline to Last Posted
Implementation Plan
Clean | Redline to Last Posted
Supporting Documents:
 
 
Consideration of Issues and Directives
Clean | Redline to Last Posted
 
Mapping Document
Clean | Redline to Last Posted
  
Draft RSAWs
 
 
 
 
 
 
 
 
 

 

Additional Ballots and Non-Binding Polls

Updated Info>>
 
 

Vote>>

(Closed)

12/30/14 -01/09/15

Summary>>

 

​Ballot Results

CIP-003-7>>

 CIP-004-7>>

 CIP-007-7>>

 CIP-010-3>>

 CIP-011-3>>

 CIP-003-7 Definition>>

 CIP-010-3 Definition>>

 Implementation Plan>>

 

Non-Binding Poll Results

CIP-003-7>>

 CIP-004-7>>

 CIP-007-7>>

 CIP-010-3>>

 CIP-011-3>>

 

​Consideration of Comments>>
Comment Period
 
 

Submit Comments>>

(Closed)

 

11/25/14 –01/09/15

 

Comments Received>>
The comment period and additional ballot close dates were extended one day to January 9, 2015 due to a NERC.com maintenance outage that occurred Saturday, December 13, 2014.​ ​
Please send RSAW Feedback to:
 
​​
​12/10/14 - 01/09/15

 

Final Draft
 
CIP-003-6 — Cyber Security — Security Management Controls
Clean | Redline​ to Last Posted

Redline to CIP-003-5
 
CIP-004-6 — Cyber Security — Personnel & Training
Clean | Redline to Last Posted

Redline to CIP-004-5.1
 
CIP-006-6 — Cyber Security — Physical Security of BES Cyber Systems
Clean | Redline to Last Posted

Redline to CIP-006-5

CIP-007-6 — Cyber Security — Systems Security Management
Clean | Redline to Last Posted

Redline to CIP-007-5

CIP-009-6 — Cyber Security — Recovery Plans for BES Cyber Systems
Clean | Redline to Last Posted

Redline to CIP-009-5

CIP-010-2 — Cyber Security — Configuration Change
Management and Vulnerability Assessments
Clean | Redline to Last Posted

Redline to CIP-010-1

CIP-011-2 — Cyber Security — Information Protection
Clean | Redline

Redline to CIP-011-1
 
Implementation Plan
Clean | Redline to Last Posted
 
Consideration of Issues and Directives
 
Mapping Document
 
Supporting Documents:
 
 

 

 

​Final Ballots

Info>>

Vote>>

(Closed)

​10/28/14 - 11/06/14

Summary>>

 

Ballot Results

CIP-003-6>>

CIP-004-6>>

CIP-006-6>>

CIP-007-6>>

CIP-009-6>>

CIP-010-2>>

CIP-011-2>>

Implementation Plan>>

Draft 2
 
CIP-003-6 — Cyber Security — Security Management Controls
Clean | Redline​ to Last Posted

CIP-010-2 — Cyber Security — Configuration Change Management
Clean | Redline​ to Last Posted

CIP-003-X — Cyber Security — Security Management Controls
Clean | Redline​

CIP-004-X — Cyber Security — Personnel and Training
Clean | Redline

CIP-007-X — Cyber Security — Systems Security Management
Clean | Redline

CIP-010-X — Cyber Security — Configuration Change Management
Clean | Redline
 
CIP-011-X — Cyber Security — Information Protection
Clean | Redline
 
Definition of Terms Used in CIP-010-2
Clean | Redline to Last Posted


Implementation Plan
Clean | Redline​ to Last Posted 
 
Supporting Documents
Additional Ballots and Non-Binding Polls
Updated Info>>

Info>>

 

Vote​>>

(Closed)

10/08/14 - 10/17/14

Summary>>

Ballot Results

CIP Version X>>

CIP-003-6>>

CIP-010-2>>

Definition CIP-003-6>>

Definition CIP-010-2>>

Implementation Plan>>

 

Non-Binding Poll Results​

CIP-003-X>>

CIP-003-6>>

CIP-004-X>>

CIP-007-X>>

CIP-010-X>>

CIP-010-2>>

CIP-011-X>>

Comment Period

Info>>

Submit Comments>>​

(Closed)

09/03/14 - 10/17/14​​ ​Comments Received>>

Updated Consideration of Comments>>

​Consideration of Comments>>

Please send RSAW Feedback to:
 
 
(Closed)
​09/17/14 - 10/17/14
 
 
CIP-003-6 — Cyber Security — Security Management Controls
Clean | Redline

CIP-004-6 — Cyber Security — Personnel and Training
Clean | Redline

CIP-006-6 — Cyber Security — Physical Security
Clean | Redline

CIP-007-6 — Cyber Security — Systems Security Management
Clean | Redline

CIP-009-6 — Cyber Security — Recovery Plans for BES Cyber Systems
Clean | Redline

CIP-010-2 — Cyber Security — Configuration Change Management
Clean | Redline

CIP-011-2 — Cyber Security — Information Protection
Clean | Redline

Definition of Terms Used in Standards

Clean | Redline
 
 
Supporting Documents
 
 
 
 
Draft RSAWs
 
 
 
 
 
 
 
 
 
 

Ballots and Non-Binding Polls

Updated Info>>

Info>>

 Vote​>>

(Closed)

​07/07/14 - 07/16/14

Summary>>

 

Ballot Results

CIP-003-6>>

CIP-004-6>>

CIP-006-6>>

CIP-007-6>>

CIP-009-6>>

CIP-010-2>>

CIP-011-2>>

Definition>>

 

Non-Binding Poll Results

 

 
 
 
 
 
 

 

 

​Comment Period

Info>>

Submit Comments>>

(Closed)

​06/02/14 - 07/16/14 Comments Received>> Consideration of Comments>>​

​Join Ballot Pool>>

Please note: To avoid the inconvenience for the industry to join
15 separate ballot pools, we have set up one for the ballots (on the standards and definition) and one for the non-binding polls.
Once the ballot pools close, individual ballots will be
created by carrying over the members of the ballot pools.
There will be a separate ballot for each of the 7 standards, the definition
and 7 non-binding polls.

(Closed)

​06/02/14 - 07/01/14
Please send RSAW Feedback to:
 
 
(Closed)
06/17/14 - 07/16/14​

​SAR

Clean | Redline to last posted

 
 
Supporting Documents:
 
 
 
Comment Period
 
 
 
(Closed)
​01/17/14 - 02/18/14 Comments Received>>
 
 
 

home | account log-in/register | legal and privacy/trademark policy | site map | careers | contact us

Atlanta Office | 3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560
Washington Office | 1325 G Street, NW Suite 600, Washington, DC 20005| 202-400-3000

Copyright 2016 North American Electric Reliability Corporation. All rights reserved.