Project 2022-05 Modifications to CIP-008 Reporting Threshold

​​​​Related Files

Status
The comment and nomination period for the Project 2022-05 Modifications to CIP-008 Reporting Threshold Standard Authorization Request (SAR) concluded at 8 p.m. Eastern, Monday, December 5, 2022. ​

Background
Reliability Standard CIP-008-6 became effective on January 1, 2021, in response to FERC Order No. 8481 directing NERC to develop modifications to the Reliability Standards to require reporting of Cyber Security Incidents and attempt(s) to compromise a responsible entity's Electronic Security Perimeter (ESP) or associated Electronic Access Control or Monitoring Systems (EACMS).

Since the effective date of CIP-008-6, there has not been a material change from CIP-008-5 in the number of Reportable Cyber Security Incidents or Cyber Security Incidents that were determined to be an attempt to compromise an applicable system. This project will address gaps in CIP-008-6 permitting a subjective determination of attempt(s) to compromise. The Standard Drafting Team (SDT) will modify the Reliability Standards and associated definitions as necessary to provide a minimum expectation for thresholds to support the definition of attempt to compromise.

Standard(s) Affected: CIP-008

Purpose/Industry Need
In Q3 2021, the ERO Enterprise initiated a study to better understand how registered entities have implemented Reliability Standard CIP-008-6; specifically, how the registered entities have interpreted Reportable Cyber Security Incidents and defined attempt(s) to compromise. The study concluded that the current language of the Reliability Standard permits the use of subjective criteria to define attempt(s) to compromise, and most programs include a provision allowing a level of staff discretion. The resulting white paper concluded that2​ Reliability Standard CIP-008-6, or definitions, will be modified to provide a minimum expectation for thresholds defining attempt to compromise.

Subscribe to this project's observer mailing list 
Select "NERC Email Distribution Lists" from the "Service" drop-down menu and specify “Project 2022-05 Modifications to CIP-008 Reporting Threshold​​ Observer List” in the Description Box.


1 https://www.nerc.com/FilingsOrders/us/FERCOrdersRules/E-1_Order%20No.%20848.pdf

2 CIP-008-6 Effectiveness Study Summary (nerc.com)


DraftActionsDatesResultsConsideration of Comments
​​Standard Authorization Request
Clean | Redline​​​
The SC accepted the SAR on July 19, 2023​​
Drafting Team Nominations


Supporting Materials

Unofficial Nomination Form (Word)



Nomination Period


Info​

Submit Nominations​​



11/02/2022 – 12/05/2022

Comment Period

Info​

Submit Comments​


11/02/2022 – 12/05/2022




Comments Received​



​​Summary Response to Comments​