Project 2019-03 Cyber Security Supply Chain Risks

Related Files

Status
​Board Adopted: November 5, 2020

Filed with FERC: December 14, 2020

Background
This project will address the directives issued by FERC in Order No. 850 to modify the Supply Chain Standards. FERC directed NERC to submit modifications to address EACMSs, specifically those systems that provide electronic access control to high and medium impact BES Cyber Systems. FERC directed NERC to submit the modified Reliability Standard including the directed revisions for approval within 24 months from the effective date of Order No. 850. In addition, NERC also recommends revising the Supply Chain Standards to address Physical Access Control Systems (PACS) that provide physical access control (excluding alarming and logging) to high and medium impact BES Cyber Systems.  The modifications to address PACS do not have a regulatory deadline, but will be addressed by this project. 

Standard(s) Affected –  CIP-005-6 - Cyber Security - Electronic Security Perimeter(s) | CIP-010-3 - Cyber Security - Configuration Change Management and Vulnerability Assessments | CIP-013-1 - Cyber Security - Supply Chain Risk Management.

Purpose/Industry Need
This project will address the directives issued by FERC in Order No. 850. This project will also address NERC staff recommendation from the Supply Chain Report.


Draft

Actions

Dates

Results
Consideration of Comments


Final Draft

CIP-005-7
Clean | Redline to Last Posted | Redline to Last Approved

CIP-010-4
Clean | Redline to Last Posted | Redline to Last Approved

CIP-013-2
Clean | Redline to Last Posted | Redline to Last Approved


Implementation Plan
Clean | Redline
  

Supporting Materials 

VRF/VSL Justifications

Consideration of Issues and Directives
Clean | Redline to Last Posted 

Summary of Changes
CIP-005-7

CIP-010-4

CIP-013-2

Technical Rationale
CIP-005-7 

CIP-010-4

CIP-013-2

Implementation Guidance
CIP-005-7
Clean | Redline to Last Posted

CIP-010-4 

CIP-013-2

 

 

 

 

 

 

 

 

 

 

 

Final Ballot

Info

Vote

 

 

 

 

 

 

 

 

 

 

 

 

10/07/20 - 10/16/20​

 

 

 

 

 

 

 

 

 

 

 

Ballot Results

Draft 3

CIP-005-7
Clean | Redline to Last Posted | Redline to Last Approved

CIP-010-4
Clean | Redline to Last Posted

CIP-013-2
Clean | Redline to Last Posted

Implementation Plan
Clean | Redline to Last Posted

 

Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justifications
Clean | Redline to Last Posted

Consideration of Issues and Directives
Clean | Redline to Last Posted

CIP-005-7 Summary of Changes

CIP-010-4 Summary of Changes 

CIP-013-2 Summary of Changes


Technical Rationale
CIP-005-7
Clean | Redline to Last Posted

CIP-010-4
Clean | Redline to Last Posted

CIP-013-2
Clean | Redline to Last Posted


Implementation Guidance
CIP-005-7
Clean | Redline to Last Posted

CIP-010-4
Clean | Redline to Last Posted

CIP-013-2
Clean | Redline to Last Posted

 

 

 

 

 

 

Additional Ballot and Non-binding Poll

Updated Info

Info

Vote

 

 

 

 

 

 

 

09/01/20 - 09/10/20

 

 

 

 

 

 

Ballot Results

 

Non-binding Poll Results

 

 

Comment Period

Info

Submit Comments

 

 

 

 

07/28/20 - 09/10/20​

 

 

 

 

Comments Received​

 

 

 


Consideration of Comments​

Draft 2

CIP-005-7

Clean | Redline to Last Posted

CIP-010-4

Clean | Redline to Last Posted

CIP-013-2

Clean | Redline to Last Posted

Implementation Plan
Clean | Redline to Last Posted

 

Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justifications

Consideration of Issues and Directives
Clean | Redline to Last Posted

CIP-005-7 Summary of Changes

Technical Rationale

CIP-005-7

CIP-010-4

CIP-013-2

Implementation Guidance

CIP-005-7

CIP-010-4

CIP-013-2

 

 

 

Additional Ballot and Non-binding Poll

Updated Info

Info

Vote

 

 

 



06/12/20 - 06/22/20

 

 

 


Ballot Results

 

Non-binding Poll Results

 

 

Comment Period

Info

Submit Comments

 

 


05/07/20 - 06/22/20

 



Comments Received






Consideration of Comments​


Draft 1 

CIP-005-7
Clean | Redline

CIP-010-4
Clean | Redline

CIP-013-2
Clean | Redline

Implementation Plan

Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justifications 

Consideration of Issues and Directives

Initial Ballot

Updated Info

Info

Vote

 

 

03/02/20 - 03/11/20​


Ballot Results

Non-binding Poll Results

Comment Period

Info

Submit Comments

 

01/27/20 - 03/11/20


Comments Received


Consideration of Comments

 

Join Ballot Pools


01/27/20 - 02/25/20​



Standard Authorization Request (SAR)
Clean | Redline


The Standards Committee accepted the SAR on October 23, 2019


Drafting Team Nominations

Supporting Materials

Unofficial Nomination Form (Word)

Nomination Period

Info

Submit Nominations
 

 


07/02/19 - 08/01/19

 


Comment Period

Info 

Submit Comments

 

 


07/02/19 - 08/01/19​

 


 

​Comments Received