Project 2016-02 Modifications to CIP Standards

Related Files

Status
An informal comment period for Virtualization Updates for CIP-004, CIP-005, CIP-006, CIP-007, CIP-010, and Associated Definitions is open through 8 p.m. Eastern, Tuesday, December 18, 2018.

The formal comment period and ballots for CIP-002-6 - Cyber Security – BES Cyber System Categorization and CIP-003-8 - Cyber Security – Security Management Controls concluded 8 p.m. Eastern, Tuesday, October 9, 2018. The non-binding poll of the associated Violation Risk Factors and Violation Severity Levels for CIP-002-6 was extended an additional day to reach quorum and concluded 8 p.m. Eastern, Wednesday, October 10, 2018. The standard drafting team will review all responses received from the comment period and determine the next steps of the project.

Background
The Version 5 Transition Advisory Group (V5 TAG) transferred issues to the Version 5 SDT that were identified during the industry transition to implementation of the Version 5 CIP Standards. Specifically, the issues that the SDT will address are: 

·         Cyber Asset and BES Cyber Asset Definitions
·         Network and Externally Accessible Devices
·         Transmission Owner (TO) Control Centers Performing Transmission Operator (TOP) Obligations
·         Virtualization
 
On January 21, 2016, FERC issued Order No. 822 Revised Critical Infrastructure Protection Reliability Standards. In this order, FERC approved revisions to version 5 of the CIP standards and also directed that NERC address each of the Order 822 directives by developing modifications to requirements in CIP standards and the definition of Low Impact External Routable Connectivity (LERC), or the SDT shall develop an equally efficient and effective alternative. To address concerns identified in Order 822, the Commission directed the following:
·        Develop modifications to the CIP Reliability Standards to provide mandatory protection for transient devices used at Low Impact BES Cyber Systems based on the risk posed to bulk electric system reliability.
·        Develop modifications to the CIP Reliability Standards to require responsible entities to implement controls to protect, at a minimum, communication links and sensitive bulk electric system data communicated between bulk electric system Control Centers in a manner that is appropriately tailored to address the risks posed to the bulk electric system by the assets being protected (i.e., high, medium, or low impact).
·        Develop a modification to provide the needed clarity, within one year of the effective date of this Final Rule, to the LERC definition consistent with the commentary in the Guidelines and Technical Basis section of CIP-003-6.
 

Standard(s) Affected CIP-002-5.1, CIP-003-6, CIP-004-6, CIP-005-5, CIP-006-6, CIP-007-6, CIP-008-5, CIP-009-6, CIP-010-2, CIP-011-2, CIP-012-1

Purpose/Industry Need
The SDT will modify the CIP family of standards (or develop an equally efficient and effective alternative) to:

        Address issues identified by the CIP V5 TAG;
        Address FERC directives contained in Order 822; and
        Address requests for interpretations as directed by the NERC Standards
 
 

Draft

Actions

Dates

Results
Consideration of Comments

CIP Virtualization Updates
CIP-004-7
Clean | Redline

CIP-005-7
Clean | Redline

CIP-006-7 (Updated documents posted 11/14/18)
Clean | Redline

CIP-007-7
Clean | Redline

CIP-010-4
Clean | Redline

Definitions (Redline)

Supporting Materials

Unofficial Comment Form

Technical Rationales

CIP-005-7

CIP-007-7

CIP-010-4 

 

 


 



Comment Period

Info

Submit Comments

 

 

 


 




11/02/18 - 12/18/18





​Draft 1

CIP-002-6
Clean | Redline to Last Posted

Implementation Plan
Clean | Redline to Last Posted

Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justification
Clean | Redline to Last Posted









Draft Reliability Standard Audit Worksheet (RSAW)




Initial Ballot and Non-binding Poll

Info

Vote








09/28/18 - 10/09/18

 

 


Ballot Results

Non-binding Poll Results​


Comment Period

Info

Submit Comments



08/23/18 - 10/09/18


Comments Received


Join Ballot Pools


08/23/18 - 09/21/18

Send RSAW feedback to:
RSAWfeedback@nerc.net




First Draft


CIP-003-8
Clean | Redline to Last Approved

Implementation Plan

Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justification









Draft Reliability Standard Audit Worksheet (RSAW)
Coming Soon


Initial Ballot and Non-binding Poll

Info

Vote



​09/28/18 - 10/09/18

Ballot Results

Non-binding Poll Results


​​Comment Period

Info

Submit Comments



​08/23/18 - 10/09/18

Comments Received


Join Ballot Pools

​08/23/18 - 09/21/18

Send RSAW feedback to:
RSAWfeedback@nerc.net

Coming Soon


Final Draft

CIP-012-1
Clean | Redline to Last Posted

Implementation Plan

Supporting Materials

VRF/VSL Justification
Clean | Redline to Last Posted

Technical Rationale
Clean | Redline to Last Posted

Implementation Guidance
Clean | Redline to Last Posted

Draft Reliability Standard Audit Worksheet (RSAW)
Clean | Redline







Final Ballot

Info

Vote​








08/03/18 - 08/13/18








Ballot Results


Standards Authorization Requests

FERC Order No. 843 (Malicious Code Example)

IROL Modifications to CIP-002

Supporting Materials

Unofficial Comment Forms (Word)

FERC Order No. 843

IROL Modifications to CIP-002

 

 

 

Comment Periods

Info

Submit Comments​






06/​14/18 - 07/13/18


Comments Received

FERC Order No. 843 (Malicious Code)

IROL Modifications to CIP-002


Draft 4

CIP-012-1
Clean | Redline to Last Posted

Implementation Plan

Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justification
Clean | Redline to Last Posted

Technical Rationale
Clean | Redline to Last Posted

Implementation Guidance
Clean | Redline to Last Posted





Draft Reliability Standard Audit Worksheet (RSAW)
Clean | Redline to Draft 3

 

​Comment Period

Info

Submit Comments




05/18/18 - 07/03/18

 

Comments Received




Consideration of Comments​


Additional Ballot and Non-binding Poll

Updated Info

Info

Vote



Additional Ballot

​06/22/18 - 07/03/18

 

Non-binding Poll

6/22/18 - 7/5/18

Extended to reach quorum

 

Ballot Results

 

Non-binding Poll Results


Info

Send RSAW feedback to:
RSAWfeedback@nerc.net



Standard Drafting Team Nominations

Supporting Materials

Unofficial Nomination Form (Word)


Nomination Period

Info

Submit Nominations


04/24/18 - 05/23/18

 
 
 
 
 

 
Initial Ballots for the Definition and Implementation Plan

 
 
 
04/20/18 - 04/30/18

Definition Ballot Results

 

Implementation Plan Ballot Results

 

Comment Period
 

 
03/16/18 - 04/30/18

Comments Received



Consideration of Comments​


03/16/18 - 04/16/18

Draft 2

CIP-002-6
Clean | Redline to Last Approved

Implementation Plan
Clean | Redline to Last Approved


Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justification
Clean | Redline to Last Posted

Consideration of Issues and Directives
Clean | Redline to Last Posted





Draft Reliability Standard Audit Worksheet (RSAW)
Clean | Redline to CIP-002-5.1a

 
Additional Ballot and Non-binding Poll
 
 
 
 
 
 
04/20/18 - 04/30/18

 

 

Ballot Results

 

Non-binding Poll Results​

Comment Period
 
 
 
03/16/18 - 04/30/18
 




Comments Received

Send RSAW feedback to:
RSAWfeedback@nerc.net

 
Draft 3

CIP-012-1
Clean | Redline to Last Posted

Implementation Plan

Supporting Materials

Unofficial Comment Form (Word)


Consideration of Issues and Directives
Clean | Redline to Last Posted

VRF/VSL Justification
Clean | Redline to Last Posted

Implementation Guidance
Clean | Redline to Last Posted

Technical Raionale
Clean | Redline to Last Posted


Draft Reliability Standard Audit Worksheet (RSAW)
Clean | Redline to Draft 2

 
Additional Ballot and Non-binding Poll
 
 
 
 
 
 
 
04/20/18 - 04/30/18

 

 

Ballot Results

 

Non-binding Poll Results

 

 

 


 Comments Received
















Comment Period
 
03/16/18 - 04/30/18

 
Send RSAW feedback to:
RSAWfeedback@nerc.net
 
 

 
 
Supporting Materials
 
Comment Period
 
 
11/20/17 - 12/11/17

 

 

Comments Received

 

 
 
 
 
Draft 2
CIP-012-1
 
Implementation Plan
 
Supporting Materials
 
 
Consideration of Issues and Directives
 
VRF/VSL Justification


Draft Reliability Standard Audit Worksheet (RSAW)


Additional Ballot and Non-binding Poll
 
 
 

 
 
12/01/17 - 12/11/17
(The Non-binding Poll was extended to 12/12/17 to reach quorum)

 
 

 
 
 
 
 
 
 
 
 
 
 
Comment Period

 
10/27/17 - 12/11/17

 
Info

Send RSAW feedback to:
RSAWfeedback@nerc.net


 
12/01/17 - 12/11/17
 
 

Comment Period


 

1​0/06/17 - 11/02/17

 
Draft 1
 
CIP-002-6
 
Supporting Materials

 

 
 




 
 
 
 
 
 
Draft Reliability Standard Audit Worksheet (RSAW)
Initial Ballot and Non-binding Poll


 
 
 
10/20/17 - 10/30/17
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Comment Period


 

09/14/17 - 10/30/17

 
 


09/14/17 - 10/13/17
Info

Send RSAW feedback to:
RSAWfeedback@nerc.net


10/04/17 - 10/30/17
 
 
Supporting Materials

 

 

 
 
Comment Periods
 
 

 

 
 
 
 
08/14/17 - 09/12/17

 
 
Comments Received
 
 
Draft 1

 

 
Supporting Materials

 

 

 





 

 



 

 




​Initial Ballot and Non-binding Poll
 
 
 

 
 
 
09/01/17 - 09/11/17
 
 
 
Comment Period
 
 

 
 
07/27/17 - 09/11/17

 
 

 

 

Consideration of Comments​


07/27/17 - 08/25/17

Send RSAW feedback to:
RSAWfeedback@nerc.net

 
 
 
08/17/17 - 09/11/17


Comment Period

 

 

​03/14/17 - 04/11/17

 
 

 

Comment Period

 

 

​03/14/17 - 04/11/17

 
 
 
 


Comment Period


Info

Submit Comments

 
 
02/10/17 - 03/13/17
 

 

 

Comments Received​

 
 
 

Comment Period


Info

Submit Comments


 

 
 
 
02/10/17 - 03/13/17


 

 

Comments Received​

Final Draft
 
CIP-003-7(i)
 
Implementation Plan
 
Definition of Terms Used in Standards (TCA and Removable Media)
 
 
 
 
​Final Ballots

 

 

 

 

​01/30/17 - 02/08/17


Ballot Results
 
 
 


Draft 1

CIP-003-7(i)
Clean | Redline to Last Approved | Redline to CIP-003-7

Implementation Plan

Definition of Terms Used in Standards (TCA and Removable Media)



Supporting Documents

Unofficial Comment Form (Word)


VRF/VSL Justification


Consideration of Issues and Directives



















CIP-003-7(i)

Draft Reliability Standard Audit Worksheet (RSAW)
Updated Clean | Redline to CIP-003-6


 

 

Initial Ballots and Non-binding Poll

Updated Info

Info

Vote

 
 
 
 
​01/16/17 - 01/25/17
(The Non-binding Poll was extended to 01/26/17
to reach quorum) 

Ballot Results​
 
 

Comment Period

Info

Submit Comments


 

​12/12/16 - 01/25/17​


​Comments Received

Join Ballot Pools

The existing CIP-003-7 (LERC) ballot pool was used for all of the ballots associated with this portion of the project. The ballot pools have been re-opened to allow stakeholders to join if they are not existing members.

 

 

 

​12/12/16 - 01/10/17


Updated Info

Send RSAW feedback to:


RSAWfeedback@nerc.net


 
 
12/27/16 - 01/25/17
Updated RSAW posted January 20, 2017
Final Draft

CIP-003-7
Implentation Plan


Final Ballots
Vote


 

 

12/09/16 - 12/19/16​


​Ballot Results
 


 
 
 
 
Informal Comment Period
 
 


 

 

 

 

​11/01/16 - 11/18/16

 

 

 

 

Comments Received​

Draft 2
 
 
Implementation Plan
Clean | Redline to Last Posted
 
 
 
Supporting Documents
 
 
Unofficial Comment Form (Word)

VRF and VSL Justification
Clean | Redline to Last Posted


Consideration of Issues and Directives
Clean | Redline to Last Posted



CIP-003-7
Draft Reliability Standard Audit Worksheet (RSAW)
Clean | Redline


Additional Ballots and Non-binding Poll

Updated Info

Info

Vote


 

 

 

11/23/16 - 12/05/16​​

 
 
​Ballot Results
 

Comment Period

Info

Submit Comments

 

 

10/21/16 - 12/05/16​

 

 

​Comments Received

 

 

​Consideration of Comments



Info

Send RSAW feedback to:


RSAWfeedback@nerc.net


 

 

11/04/16 - 12/05/16

Draft 1
 

Definition of Term(s) Used in Standards

CleanRedline
 
 
 
 
 
 
Supporting Documents
 
 
 
 


  
 
 
 


Draft CIP-003-7 Reliability Standard Audit Worksheet (RSAW)
  Clean | ​Redline




 

Initial Ballots and Non-binding Poll


Updated Info

Info


Vote

 


 

 

 

​08/26/16 - 09/06/16


 
 
​Ballot Results
 
Comment Period

Info

Vote


 

 

​07/21/16 - 09/06/16


 

 

Comments Received​​


 

 

Consideration of Comments​


Join Ballot Pools

07/21/16 - 08/19/16

Info

Send RSAW Feedback to:

RSAWfeedback@nerc.net



 

 

08/10/16 - 09/06/16


The Standards Committee accepted the Standards Authorization Request on July 20, 2016


 
 
Comment Period


 

 

 

​06/01/16 - 06/30/16

 

 

 

 

​Comments Received

 
Supporting Materials

 

 

 

 


​Comment Period

 

 

 

​03/23/16 - 04/21/16

 

 

 

​Comments Received

 
 
Supplemental Standard Drafting Team Nominations

Supporting Materials

Unofficial Nomination Form (Word)
 
 

 

Nomination Period

Info

Submit Nominations

 

 

03/10/16 - 03/23/16