Project 2019-03 Cyber Security Supply Chain Risks

Related Files

Status
The comment period, additional ballot, and non-binding poll concluded 8 p.m. Eastern, Monday, June 22, 2020 for the following:

*CIP-005-7 – Cyber Security - Electronic Security Perimeter(s)

*CIP-010-4 – Cyber Security - Configuration Change Management and Vulnerability Assessments

*CIP-013-2 – Cyber Security - Supply Chain Risk Management

*Implementation Plan

The ballot results and comments received can be accessed via the links below. The drafting team will review all of the responses and determine the next steps of the project.

Background
This project will address the directives issued by FERC in Order No. 850 to modify the Supply Chain Standards. FERC directed NERC to submit modifications to address EACMSs, specifically those systems that provide electronic access control to high and medium impact BES Cyber Systems. FERC directed NERC to submit the modified Reliability Standard including the directed revisions for approval within 24 months from the effective date of Order No. 850. In addition, NERC also recommends revising the Supply Chain Standards to address Physical Access Control Systems (PACS) that provide physical access control (excluding alarming and logging) to high and medium impact BES Cyber Systems.  The modifications to address PACS do not have a regulatory deadline, but will be addressed by this project. 

Standard(s) Affected –  CIP-005-6 - Cyber Security - Electronic Security Perimeter(s) | CIP-010-3 - Cyber Security - Configuration Change Management and Vulnerability Assessments | CIP-013-1 - Cyber Security - Supply Chain Risk Management.

Purpose/Industry Need
This project will address the directives issued by FERC in Order No. 850. This project will also address NERC staff recommendation from the Supply Chain Report.

Subscribe to this project's observer distribution list
Select "NERC Email Distribution Lists" from the "Service" drop-down menu and specify “Project 2019-03 Cyber Security Supply Chain Risks Observer List” in the Description Box.


Draft

Actions

Dates

Results
Consideration of Comments

Draft 2

CIP-005-7

Clean | Redline to Last Posted

CIP-010-4

Clean | Redline to Last Posted

CIP-013-2

Clean | Redline to Last Posted

Implementation Plan
Clean | Redline to Last Posted

 

Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justifications

Consideration of Issues and Directives
Clean | Redline to Last Posted

CIP-005-7 Summary of Changes

Technical Rationale

CIP-005-7

CIP-010-4

CIP-013-2

Implementation Guidance

CIP-005-7

CIP-010-4

CIP-013-2

 

 

 

Additional Ballot and Non-binding Poll

Updated Info

Info

Vote

 

 

 



06/12/20 - 06/22/20

 

 

 


Ballot Results

 

Non-binding Poll Results

 

 

Comment Period

Info

Submit Comments

 

 


05/07/20 - 06/22/20

 



Comments Received


Draft 1 

CIP-005-7
Clean | Redline

CIP-010-4
Clean | Redline

CIP-013-2
Clean | Redline

Implementation Plan

Supporting Materials

Unofficial Comment Form (Word)

VRF/VSL Justifications 

Consideration of Issues and Directives

Initial Ballot

Updated Info

Info

Vote

 

 

03/02/20 - 03/11/20​


Ballot Results

Non-binding Poll Results

Comment Period

Info

Submit Comments

 

01/27/20 - 03/11/20


Comments Received


Consideration of Comments

 

Join Ballot Pools


01/27/20 - 02/25/20​



Standard Authorization Request (SAR)
Clean | Redline


The Standards Committee accepted the SAR on October 23, 2019


Drafting Team Nominations

Supporting Materials

Unofficial Nomination Form (Word)

Nomination Period

Info

Submit Nominations
 

 


07/02/19 - 08/01/19

 


Comment Period

Info 

Submit Comments

 

 


07/02/19 - 08/01/19​

 


 

​Comments Received