Security Guidelines
The Critical Infrastructure Protection Committee (CIPC) is tasked, by its Charter, to "Develop, periodically review, and revise (as appropriate) security guidelines. Issue guidelines in accordance with the process described in Appendix 1."
 
The Security Guidelines page offers you the opportunity to keep track of all proposed new and updated security guidelines being developed by the CIPC. The development process was approved by CIPC in June 2008 and incorporates the procedures adopted by all the NERC technical committees. Click here to see a diagram of the overall process and the how other NERC committees and the public can participate.
 
Listed below are the drafts of (new or being updated) guidelines currently available for comments.  The listings below includes the formatted draft and a redline comparison.  The working documents can be found in the ESISAC library
The Security Guideline Process includes two key steps in the process which are:
  1. 30-day comment period (Step 9) within the sponsoring committee (CIPC).
  2. 45-day public comment period (Step 12).  
 
Critical Infrastructure Protection Security Guideline Development
Guideline Process
Step
Comment
Period
Comments
Received
Physical Security - Final Approved

CIPC Approved
June 20, 2012
- -
Protecting Sensitive Information Guideline - Final Approved CIPC Approved
June 20, 2012
- -
Communications

CIPC Review - Step 12
12/3 CIPC Meeting

- -
Emergency Preparedness CIPC Review - Step 12
12/3 CIPC Meeting
- -
Vulnerability and Risk Assessment CIPC Review - Step 12
12/3 CIPC Meeting
- -
Continuity of Business and Operational Functions - FINAL Approved

Business Processes and Operations Continuity - Draft

Business Processes and Operations Continuity - Redline

Business Processes and Operations Continuity - Original Document
CIPC Approved
September 2011 Meeting
- -
Identifying Critical Cyber Assets - FINAL Approved

CIPC Approved
June 2010 Meeting

- -
Identifying Critical Assets - FINAL Approved

CIPC Approved 
September 2009 Meeting

-

-

Time Stamping of Operational Data Logs - Final Redline
Time Stamping of Operational Data Logs - Final Clean

4/15/2009 - 5/29/2009

Comments received during Step 12

Information Protection - Draft
Information Protection - Redline
CIPC Review - Step 9 12/2/2008 - 1/31/2009 -
Employment Background Screening - Draft
Employment Background Screening - Redline
CIPC Review - Step 9 12/2/2008 - 1/31/2009 -