Related Files
Status
A 45-day comment period is open through 8 p.m. Eastern, Monday, May 10, 2021 for the following:
-CIP-004-X - Cyber Security - Personnel & Training
-CIP-011-X - Cyber Security - Information Protection
-Implementation Plan
Due to projects 2019-02 BES Cyber System Information Access Management (BCSI) and 2016-02 Modification to CIP Standards (2016-02) both modifying CIP-004 and CIP-011, an “-X" has been added in place of the version numbers for the BCSI and a “-Y" for the 2016-02 standards. Once both projects are completed, they will be combined together with one version, prior to submission to the NERC Board.
The standard drafting team's considerations of the responses received from the previous comment period are reflected in these drafts of the standards. An additional ballot
and associated Violation Risk Factors (VRFs) and Violation Severity Levels
(VSLs) non-binding poll will be conducted April 30 – May 10, 2021.
Background
This initiative enhances BES reliability by creating increased choice, greater flexibility, higher availability, and reduced‐cost options for entities to manage their BES Cyber System Information, by providing a secure path towards utilization of modern third‐party data storage and analysis systems. In addition, the proposed project would clarify the protections expected when utilizing third‐party solutions (e.g., cloud services).
Standard(s) Affected – CIP-004-6 - Cyber Security - Personnel & Training | CIP-011-2 - Cyber Security - Information Protection
Purpose/Industry Need
The purpose of this project is to clarify the CIP requirements related to BES
Cyber System Information (BCSI) access, to allow for alternative methods, such
as encryption, to be utilized in the protection of BCSI.
