Project 2016-02 Modifications to CIP Standards

Related Files

Status
Informal comment periods are open through 8 p.m. Eastern, Friday, July 13, 2018, for stakeholders to provide feedback on the FERC Order No. 843 (Malicious Code Example) and IROL Modifications to CIP-002 Standards Authorization Requests.

A 45-day formal comment period for CIP-012-1 – Cyber Security – Communications between Control Centers is open through 8 p.m. Eastern, Monday, July 2, 2018. An additional ballot for the standard and a non-binding poll of the associated Violation Risk Factors and Violation Severity Levels will be conducted June 22 - July 2, 2018.

The CIP standard drafting team (SDT) proposed a revised Control Center definition during the March 16 – April 30, 2018 comment and ballot period. Based on feedback received from industry, the SDT decided to draft exemption language within the applicability section of CIP-012 instead of revising the Control Center definition. Please see the Control Center definition consideration of comments report for additional SDT responses on the new path taken by the SDT.


Background
The Version 5 Transition Advisory Group (V5 TAG) transferred issues to the Version 5 SDT that were identified during the industry transition to implementation of the Version 5 CIP Standards. Specifically, the issues that the SDT will address are:
 

·         Cyber Asset and BES Cyber Asset Definitions
·         Network and Externally Accessible Devices
·         Transmission Owner (TO) Control Centers Performing Transmission Operator (TOP) Obligations
·         Virtualization
 
On January 21, 2016, FERC issued Order No. 822 Revised Critical Infrastructure Protection Reliability Standards. In this order, FERC approved revisions to version 5 of the CIP standards and also directed that NERC address each of the Order 822 directives by developing modifications to requirements in CIP standards and the definition of Low Impact External Routable Connectivity (LERC), or the SDT shall develop an equally efficient and effective alternative. To address concerns identified in Order 822, the Commission directed the following:
·        Develop modifications to the CIP Reliability Standards to provide mandatory protection for transient devices used at Low Impact BES Cyber Systems based on the risk posed to bulk electric system reliability.
·        Develop modifications to the CIP Reliability Standards to require responsible entities to implement controls to protect, at a minimum, communication links and sensitive bulk electric system data communicated between bulk electric system Control Centers in a manner that is appropriately tailored to address the risks posed to the bulk electric system by the assets being protected (i.e., high, medium, or low impact).
·        Develop a modification to provide the needed clarity, within one year of the effective date of this Final Rule, to the LERC definition consistent with the commentary in the Guidelines and Technical Basis section of CIP-003-6.
 

Standard(s) Affected CIP-002-5.1, CIP-003-6, CIP-004-6, CIP-005-5, CIP-006-6, CIP-007-6, CIP-008-5, CIP-009-6, CIP-010-2, CIP-011-2, CIP-012-1

Purpose/Industry Need
The SDT will modify the CIP family of standards (or develop an equally efficient and effective alternative) to:

        Address issues identified by the CIP V5 TAG;
        Address FERC directives contained in Order 822; and
        Address requests for interpretations as directed by the NERC Standards
 
 

Draft

Actions

Dates

Results
Consideration of Comments


Standards Authorization Requests

FERC Order No. 843 (Malicious Code Example)

IROL Modifications to CIP-002

Supporting Materials

Unofficial Comment Forms (Word)

FERC Order No. 843

IROL Modifications to CIP-002

 

 

 

Comment Periods

Info

Submit Comments​






06/​14/18 - 07/13/18


Draft 4

CIP-012-1
Clean | Redline to Last Posted

Implementation Plan

Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justification
Clean | Redline to Last Posted

Technical Rationale
Clean | Redline to Last Posted

Implementation Guidance
Clean | Redline to Last Posted





Draft Reliability Standard Audit Worksheet (RSAW)
Coming Soon

 

​Comment Period

Info

Submit Comments




05/18/18 - 07/02/18

Additional Ballot and Non-binding Poll

Info

Vote




​06/22/18 - 07/02/18

Send RSAW feedback to:
RSAWfeedback@nerc.net


Coming Soon


Standard Drafting Team Nominations

Supporting Materials

Unofficial Nomination Form (Word)


Nomination Period

Info

Submit Nominations


04/24/18 - 05/23/18

 
 
 
 
 

 
Initial Ballots for the Definition and Implementation Plan

 
 
 
04/20/18 - 04/30/18

Definition Ballot Results

 

Implementation Plan Ballot Results

 

Comment Period
 

 
03/16/18 - 04/30/18

Comments Received



Consideration of Comments​


03/16/18 - 04/16/18

Draft 2

CIP-002-6
Clean | Redline to Last Approved

Implementation Plan
Clean | Redline to Last Approved


Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justification
Clean | Redline to Last Posted

Consideration of Issues and Directives
Clean | Redline to Last Posted





Draft Reliability Standard Audit Worksheet (RSAW)
Clean | Redline to CIP-002-5.1a

 
Additional Ballot and Non-binding Poll
 
 
 
 
 
 
04/20/18 - 04/30/18

 

 

Ballot Results

 

Non-binding Poll Results​

Comment Period
 
 
 
03/16/18 - 04/30/18
 




Comments Received

Send RSAW feedback to:
RSAWfeedback@nerc.net

 
Draft 3

CIP-012-1
Clean | Redline to Last Posted

Implementation Plan

Supporting Materials

Unofficial Comment Form (Word)


Consideration of Issues and Directives
Clean | Redline to Last Posted

VRF/VSL Justification
Clean | Redline to Last Posted

Implementation Guidance
Clean | Redline to Last Posted

Technical Raionale
Clean | Redline to Last Posted


Draft Reliability Standard Audit Worksheet (RSAW)
Clean | Redline to Draft 2

 
Additional Ballot and Non-binding Poll
 
 
 
 
 
 
 
04/20/18 - 04/30/18

 

 

Ballot Results

 

Non-binding Poll Results

 

 

 


 Comments Received
















Comment Period
 
03/16/18 - 04/30/18

 
Send RSAW feedback to:
RSAWfeedback@nerc.net
 
 

 
 
Supporting Materials
 
Comment Period
 
 
11/20/17 - 12/11/17

 

 

Comments Received

 

 
 
 
 
Draft 2
CIP-012-1
 
Implementation Plan
 
Supporting Materials
 
 
Consideration of Issues and Directives
 
VRF/VSL Justification


Draft Reliability Standard Audit Worksheet (RSAW)


Additional Ballot and Non-binding Poll
 
 
 

 
 
12/01/17 - 12/11/17
(The Non-binding Poll was extended to 12/12/17 to reach quorum)

 
 

 
 
 
 
 
 
 
 
 
 
 
Comment Period

 
10/27/17 - 12/11/17

 
Info

Send RSAW feedback to:
RSAWfeedback@nerc.net


 
12/01/17 - 12/11/17
 
 

Comment Period


 

1​0/06/17 - 11/02/17

 
Draft 1
 
CIP-002-6
 
Supporting Materials

 

 
 




 
 
 
 
 
 
Draft Reliability Standard Audit Worksheet (RSAW)
Initial Ballot and Non-binding Poll


 
 
 
10/20/17 - 10/30/17
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Comment Period


 

09/14/17 - 10/30/17

 
 


09/14/17 - 10/13/17
Info

Send RSAW feedback to:
RSAWfeedback@nerc.net


10/04/17 - 10/30/17
 
 
Supporting Materials

 

 

 
 
Comment Periods
 
 

 

 
 
 
 
08/14/17 - 09/12/17

 
 
Comments Received
 
 
Draft 1

 

 
Supporting Materials

 

 

 





 

 



 

 




​Initial Ballot and Non-binding Poll
 
 
 

 
 
 
09/01/17 - 09/11/17
 
 
 
Comment Period
 
 

 
 
07/27/17 - 09/11/17

 
 

 

 

Consideration of Comments​


07/27/17 - 08/25/17

Send RSAW feedback to:
RSAWfeedback@nerc.net

 
 
 
08/17/17 - 09/11/17


Comment Period

 

 

​03/14/17 - 04/11/17

 
 

 

Comment Period

 

 

​03/14/17 - 04/11/17

 
 
 
 


Comment Period


Info

Submit Comments

 
 
02/10/17 - 03/13/17
 

 

 

Comments Received​

 
 
 

Comment Period


Info

Submit Comments


 

 
 
 
02/10/17 - 03/13/17


 

 

Comments Received​

Final Draft
 
CIP-003-7(i)
 
Implementation Plan
 
Definition of Terms Used in Standards (TCA and Removable Media)
 
 
 
 
​Final Ballots

 

 

 

 

​01/30/17 - 02/08/17


Ballot Results
 
 
 


Draft 1

CIP-003-7(i)
Clean | Redline to Last Approved | Redline to CIP-003-7

Implementation Plan

Definition of Terms Used in Standards (TCA and Removable Media)



Supporting Documents

Unofficial Comment Form (Word)


VRF/VSL Justification


Consideration of Issues and Directives



















CIP-003-7(i)

Draft Reliability Standard Audit Worksheet (RSAW)
Updated Clean | Redline to CIP-003-6


 

 

Initial Ballots and Non-binding Poll

Updated Info

Info

Vote

 
 
 
 
​01/16/17 - 01/25/17
(The Non-binding Poll was extended to 01/26/17
to reach quorum) 

Ballot Results​
 
 

Comment Period

Info

Submit Comments


 

​12/12/16 - 01/25/17​


​Comments Received

Join Ballot Pools

The existing CIP-003-7 (LERC) ballot pool was used for all of the ballots associated with this portion of the project. The ballot pools have been re-opened to allow stakeholders to join if they are not existing members.

 

 

 

​12/12/16 - 01/10/17


Updated Info

Send RSAW feedback to:


RSAWfeedback@nerc.net


 
 
12/27/16 - 01/25/17
Updated RSAW posted January 20, 2017
Final Draft

CIP-003-7
Implentation Plan


Final Ballots
Vote


 

 

12/09/16 - 12/19/16​


​Ballot Results
 


 
 
 
 
Informal Comment Period
 
 


 

 

 

 

​11/01/16 - 11/18/16

 

 

 

 

Comments Received​

Draft 2
 
 
Implementation Plan
Clean | Redline to Last Posted
 
 
 
Supporting Documents
 
 
Unofficial Comment Form (Word)

VRF and VSL Justification
Clean | Redline to Last Posted


Consideration of Issues and Directives
Clean | Redline to Last Posted



CIP-003-7
Draft Reliability Standard Audit Worksheet (RSAW)
Clean | Redline


Additional Ballots and Non-binding Poll

Updated Info

Info

Vote


 

 

 

11/23/16 - 12/05/16​​

 
 
​Ballot Results
 

Comment Period

Info

Submit Comments

 

 

10/21/16 - 12/05/16​

 

 

​Comments Received

 

 

​Consideration of Comments



Info

Send RSAW feedback to:


RSAWfeedback@nerc.net


 

 

11/04/16 - 12/05/16

Draft 1
 

Definition of Term(s) Used in Standards

CleanRedline
 
 
 
 
 
 
Supporting Documents
 
 
 
 


  
 
 
 


Draft CIP-003-7 Reliability Standard Audit Worksheet (RSAW)
  Clean | ​Redline




 

Initial Ballots and Non-binding Poll


Updated Info

Info


Vote

 


 

 

 

​08/26/16 - 09/06/16


 
 
​Ballot Results
 
Comment Period

Info

Vote


 

 

​07/21/16 - 09/06/16


 

 

Comments Received​​


 

 

Consideration of Comments​


Join Ballot Pools

07/21/16 - 08/19/16

Info

Send RSAW Feedback to:

RSAWfeedback@nerc.net



 

 

08/10/16 - 09/06/16


The Standards Committee accepted the Standards Authorization Request on July 20, 2016


 
 
Comment Period


 

 

 

​06/01/16 - 06/30/16

 

 

 

 

​Comments Received

 
Supporting Materials

 

 

 

 


​Comment Period

 

 

 

​03/23/16 - 04/21/16

 

 

 

​Comments Received

 
 
Supplemental Standard Drafting Team Nominations

Supporting Materials

Unofficial Nomination Form (Word)
 
 

 

Nomination Period

Info

Submit Nominations

 

 

03/10/16 - 03/23/16