Related Files
Status
A 45-day formal comment period for the Project 2019-02 BES Cyber System Information Access Management is open through 8 p.m. Eastern, Monday, February 3, 2020 for the following Standards and Implementation Plan:
CIP-004-7 - Cyber Security - Personnel & Training
CIP-011-3 - Cyber Security - Information Protection
Implementation Plan
Ballot pools are being formed through 8 p.m. Eastern, Monday, January 20, 2020.
Initial ballots for the Standards and Implementation Plan, along with non-binding polls for each associated Violation Risk Factors and Violation Severity Levels, will be conducted January 24 - February 3, 2020.
Background
This initiative enhances BES reliability by creating increased choice, greater flexibility, higher availability, and reduced‐cost options for entities to manage their BES Cyber System Information, by providing a secure path towards utilization of modern third‐party data storage and analysis systems. In addition, the proposed project would clarify the protections expected when utilizing third‐party solutions (e.g., cloud services).
Standard(s) Affected – CIP-004-6 - Cyber Security - Personnel & Training | CIP-011-2 - Cyber Security - Information Protection
Purpose/Industry Need
The purpose of this project is to clarify the CIP requirements related to BES
Cyber System Information (BCSI) access, to allow for alternative methods, such
as encryption, to be utilized in the protection of BCSI.
