NERC Petition RM13-8 (2-28-2013)

NERC Petition RM13-8 2-28-13.pdf

RM13-8 Proposed Rule: Mandatory Reliability Standards for Critical Infrastructure Protection

NERC Petition RM13-8 (2-28-2013)

OMB: 1902-0248

⚠️ Notice: This form may be outdated. More recent filings and information on OMB 1902-0248 can be found here:

Document [pdf]

Download: pdf | pdf

UNITED STATES OF AMERICA
BEFORE THE
FEDERAL ENERGY REGULATORY COMMISSION

NORTH AMERICAN ELECTRIC
RELIABILITY CORPORATION

)
)

Docket No. RM13-_____

PETITION OF THE
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
FOR APPROVAL OF RETIREMENT OF REQUIREMENTS IN
RELIABILITY STANDARDS

Gerald W. Cauley
President and Chief Executive Officer
North American Electric Reliability Corporation
3353 Peachtree Road, N.E.
Suite 600, North Tower
Atlanta, GA 30326
(404) 446-2560
(404) 446-2595– facsimile

Charles A. Berardesco
Senior Vice President and General Counsel
Holly A. Hawkins
Assistant General Counsel
Stacey Tyrewala
Attorney
North American Electric Reliability Corporation
1325 G Street, N.W., Suite 600
Washington, D.C. 20005
(202) 400-3000
(202) 644-8099– facsimile
[email protected]
[email protected]
[email protected]
Counsel for the North American Electric
Reliability Corporation

February 28, 2013

TABLE OF CONTENTS
I. EXECUTIVE SUMMARY………………………………………………………………………. 1
A. Background………………………………………………………………………………. . 2
B. Paragraph 81 – Requirements Proposed for Retirement……………………………..... 4
II. NOTICES AND COMMUNICATIONS……………...…………………………………............. 8
III. REGULATORY BACKGROUND………………………………………………...……............. 9
IV. REQUIREMENTS PROPOSED FOR RETIREMENT……………………………………...... 10
A. Resources and Demand Balancing Reliability Standards……………………………… 10
1. BAL-005-0.2b, Requirement R2 – Automatic Generation Control
B. Critical Infrastructure and Protection Reliability Standards………………………..… 13
1. CIP-003-3, -4, Requirement R1.2 – Cyber Security – Security Management
Controls
2. CIP-003-3,-4, Requirements R3, R3.1, R3.2, R3.3 – Cyber Security – Security
Management Controls
3. CIP-003-3, -4, Requirement R4.2 – Cyber Security – Security Management Controls
4. CIP-005-3a, -4a, Requirement R2.6 - Cyber Security – Electronic Security
Perimeter(s)
5. CIP-007-3, -4, Requirement R7.3 – Cyber Security – Systems Security Management
C. Emergency Preparedness and Operations Reliability Standards…………………..….. 21
1. EOP-005-2 Requirement R3.1 – System Restoration from Blackstart Resources
D. Facilities Design, Connections, and Maintenance Reliability Standards……………… 23
1. FAC-002-1, Requirement R2 – Coordination of Plans for New Facilities
2.FAC-008-3 Requirements R4, R5 – Facility Ratings
3.FAC-010-2.1, Requirement R5 – System Operating Limits Methodology for the
Planning Horizon
4.FAC-011-2, Requirement R5 – System Operating Limits Methodology for the
Operations Horizon
5.FAC-013-2, Requirement R3 – Assessment of Transfer Capability for the Near-term
Transmission Planning Horizon
E. Interchange Scheduling and Coordination Reliability Standards……………………... 25
1. INT-007-1, Requirement R1.2 – Interchange Confirmation
F. Interconnection Reliability Operations and Coordination Reliability Standards…….. 27
1. IRO-016-1 Requirement R2 – Coordination of Real-Time Activities between
Reliability Coordinators

G. Nuclear Reliability Standards………………………………………………………...... 29
1. NUC-001-2, Requirement R9.1, 9.1.1, R9.1.2, R9.1.3, R9.1.4 – Nuclear Plant
Interface Coordination
H. Protection and Control Reliability Standards………………………………………… 30
1. PRC-010-0, Requirement R2 – Assessment of the Design and Effectiveness of
UVLS Program
2. PRC-022-1, Requirement R2 – Under-Voltage Load Shedding Program
Performance
I. Voltage and Reactive Reliability Standards……………………………...……………. 33
1. VAR-001-2, Requirement R5 – Voltage and Reactive Control

V. CONCLUSION…………………………………….…………………………………..….......... 38

EXHIBITS
Exhibit A — Paragraph 81 Criteria
Exhibit B — Redlined Version of Reliability Standards with Proposed Retirements
Exhibit C — Implementation Plan for Project 2013-02
Exhibit D — Consideration of Comments
Exhibit E — Paragraph 81 Technical Whitepaper
Exhibit F — Summary of the Standard Development Proceedings and Record of Development of
Proposed Reliability Standard
Exhibit G —Team Roster for NERC Standards Development Project 2013-02

UNITED STATES OF AMERICA
BEFORE THE
FEDERAL ENERGY REGULATORY COMMISSION

NORTH AMERICAN ELECTRIC
RELIABILITY CORPORATION

)
)

Docket No. RM13-_____

PETITION OF THE
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
FOR APPROVAL OF RETIREMENT OF REQUIREMENTS
The North American Electric Reliability Corporation (“NERC”) 1 respectfully requests
the Federal Energy Regulatory Commission (“FERC” or the “Commission”) approve, in
accordance with Section 215(d)(1) of the Federal Power Act (“FPA”) 2 and Section 39.5 of the
Commission’s Regulations, 18 C.F.R. § 39.5 (2012), the retirement of 34 requirements within 19
currently effective Reliability Standards as set forth in Exhibit B, 3 concurrent with the effective
day of Commission approval. 4
The following Regional Entities and organizations have authorized NERC to state that
they support the filing of this petition: American Public Power Association, Canadian Electricity
Association, Edison Electric Institute, Electricity Consumers Resource Council, Florida
Reliability Coordinating Council, Large Public Power Coordinating Council, Midwest
Reliability Organization, National Rural Electric Cooperative Association, Northeast Power
1

NERC has been certified by the Commission as the electric reliability organization (“ERO”) in accordance
with Section 215 of the Federal Power Act. The Commission certified NERC as the ERO in its order issued July 20,
2006 in Docket No. RR06-1-000. North American Electric Reliability Corp., 116 FERC ¶ 61,062 (2006) (“ERO
Certification Order”).
2
16 U.S.C. § 824o (2012).
3
Unless otherwise designated herein, all capitalized terms shall have the meaning set forth in the Glossary of
Terms Used in NERC Reliability Standards, available here: http://www.nerc.com/files/Glossary_of_Terms.pdf.
4
Note, for the purposes of this petition, the term “requirement” encompasses sub-requirements. The
Violation Risk Factors (“VRFs) and Violation Severity Levels (“VSLs”) for the requirements proposed for
retirement would also be retired. Conforming changes were also made to VSLs of other requirements in these
Reliability Standards that reference the requirements proposed for retirement. Note that upon Commission approval
of the retirement of these requirements, the version numbers of the standards will not be incremented, but the retired
requirements and associated elements will be clearly marked as “retired.”

Coordinating Council, ReliabilityFirst Corporation, SERC Reliability Corporation, Southwest
Power Pool Regional Entity, Texas Reliability Entity, Inc., Transmission Access Policy Study
Group, and the Western Electricity Coordinating Council.

EXECUTIVE SUMMARY
Consistent with the Commission’s order approving NERC’s Compliance Enforcement

Initiative (“CEI”), including the Find, Fix, Track and Report (“FFT”) program, NERC is
requesting retirement of 34 requirements within 19 Reliability Standards that are redundant or
otherwise unnecessary, and where violations of these requirements (currently included in
Reliability Standards) pose a lesser risk to the reliability of the Bulk-Power System. No
Reliability Standard is being proposed for retirement in its entirety, and all other requirements in
each of the affected Reliability Standards will remain in continuous effect.
NERC’s mission is to ensure and improve the reliability of the Bulk-Power System.
Reliability excellence is achieved through the ongoing identification, correction and prevention
of reliability risks, both big and small. Yet, accountability for reliability excellence is broader
than just penalizing violations. NERC’s CEI and, in particular the FFT program, represent a
significant change in the paradigm for monitoring and enforcing compliance with Reliability
Standards. The FFT program allows NERC and the Regional Entities flexibility to process and
track lesser risk violations more efficiently in order to focus their resources on issues that pose
the greatest risk to reliability. Consistent with this approach, NERC is proposing to retire
requirements in Reliability Standards that can be removed with little to no effect on reliability.
The retirement of these requirements will allow industry stakeholders to focus their resources
appropriately on reliability risks and will increase the efficiency of the ERO compliance
program.

A. Background
On March 15, 2012, the Commission issued an order 5 on the NERC FFT program that
stated in paragraph 81 (“P 81”):
The Commission notes that NERC’s FFT initiative is predicated on the view that
many violations of requirements currently included in Reliability Standards pose
lesser risk to the Bulk-Power System. If so, some current requirements likely
provide little protection for Bulk-Power System reliability or may be redundant.
The Commission is interested in obtaining views on whether such requirements
could be removed from the Reliability Standards with little effect on reliability
and an increase in efficiency of the ERO compliance program. If NERC believes
that specific Reliability Standards or specific requirements within certain
Standards should be revised or removed, we invite NERC to make specific
proposals to the Commission identifying the Standards or requirements and
setting forth in detail the technical basis for its belief. In addition, or in the
alternative, we invite NERC, the Regional Entities and other interested entities to
propose appropriate mechanisms to identify and remove from the Commissionapproved Reliability Standards unnecessary or redundant requirements. We will
not impose a deadline on when these comments should be submitted, but ask that
to the extent such comments are submitted NERC, the Regional Entities, and
interested entities coordinate to submit their respective comments concurrently.
In response to the Commission’s FFT Order and, specifically, the language in P 81, a joint
collaborative effort was formed among various industry stakeholders, trade associations, 6 NERC
Staff, and Staff from the Regional Entities; this effort became known as “P 81. 7” The trade
associations, NERC Staff, and Staff from the Regional Entities each independently developed a
list of possible Reliability Standard requirements appropriate for retirement, consisting only of
currently active and enforceable standards. Working together, and through a series of
discussions, the P 81 Team developed a list of requirements that were presented to the Standards
Committee in the form of a Standards Authorization Request (“SAR”). The P 81 project was a

North American Electric Reliability Corporation, 138 FERC ¶ 61,193 at P 81 (2012)(emphasis
added)(“FFT Order”).
6
Edison Electric Institute, American Public Power Association, National Rural Electric Cooperative
Association, Large Public Power Council, Electricity Consumers Resource Council, The Electric Power Supply
Association and Transmission Access Policy Study Group.
7
Exhibit G contains a list of the Project 2013-02 team members (“P 81 Team”).

collaborative effort in recognition of the Commission’s request that NERC, the Regional
Entities, and interested parties coordinate to submit any comments in response to the FFT Order
concurrently.
The scope of the P 81 project was limited solely to the removal of requirements in their
entirety that would not otherwise compromise the integrity of the specific Reliability Standard or
impact the reliability of the BES. The criteria developed by the P 81 Team were designed so that
no rewriting or consolidation of requirements would be necessary and are provided herein as
Exhibit A, for informational purposes only. The P 81 Team developed three criteria: (1)
Criteria A: an overarching criteria designed to determine that there is no reliability gap created
by the proposed retirement; (2) Criteria B: consists of seven separate identifying criteria
designed to recognize requirements appropriate for retirement (administrative; data
collection/data retention; documentation; reporting; periodic updates; commercial or business
practice; and redundant); and (3) Criteria C: consists of seven separate questions designed to
assist the P 81 Team in making an informed decision regarding whether requirements are
appropriate to propose for retirement. 8
B. Paragraph 81 – Requirements Proposed for Retirement
NERC has over 150 mandatory and enforceable Reliability Standards that contain over
1,300 requirements. There are fourteen separate bodies of NERC Reliability Standards:

C1: Was the Reliability Standard requirement part of a FFT filing?
C2: Is the Reliability Standard requirement being reviewed in an on-going Standards Development
Project?
C3: What is the VRF of the Reliability Standard requirement?
C4: In which tier of the 2013 AML does the Reliability Standard requirement fall?
C5: Is there a possible negative impact on NERC’s published and posted reliability principles?
C6: Is there any negative impact on the defense in depth protection of the Bulk Electric System?
C7: Does the retirement promote results or performance based Reliability Standards?

(1) Resource and Demand Balancing (“BAL”);
(2) Communications (“COM”);
(3) Critical Infrastructure Protection (“CIP”);
(4) Emergency Preparedness and Operations (“EOP”);
(5) Facilities Design, Connections, and Maintenance (“FAC”);
(6) Interchange Scheduling and Coordination (“INT”);
(7) Interconnection Reliability Operations and Coordination (“IRO”);
(8) Modeling, Data, and Analysis (“MOD”);
(9) Nuclear (“NUC”);
(10) Personnel Performance, Training, and Qualifications (“PER”);
(11) Protection and Control (“PRC”);
(12) Transmission Operations (“TOP”);
(13) Transmission Planning (“TPL”); and
(14) Voltage and Reactive (“VAR”).
Requirements from nine of these bodies of Reliability Standards are proposed for
retirement; no requirements from COM, MOD, PER, TOP, or TPL Reliability Standards are
included. Consistent with the Commission’s guidance in the FFT Order, NERC proposes to
retire the following “unnecessary or redundant requirements.” 9

FFT Order at P 81.

Requirements Proposed for Retirement 10
BAL-005-0.2b R2

CIP-003-4 R4.2

INT-007-1 R1.2

CIP-003-3 R1.2

CIP-005-3a R2.6

IRO-016-1 R2

CIP-003-3 R3

CIP-005-4a R2.6

NUC-001-2 R9.1

CIP-003-3 R3.1

CIP-007-3 R7.3

NUC-001-2 R9.1.1

CIP-003-3 R3.2

CIP-007-4 R7.3

NUC-001-2 R9.1.2

CIP-003-3 R3.3

EOP-005-2 R3.1

NUC-001-2 R9.1.3

CIP-003-3 R4.2

FAC-002-1 R2

NUC-001-2 R9.1.4

CIP-003-4 R1.2

FAC-008-3 R4

PRC-010-0 R2

CIP-003-4 R3

FAC-008-3 R5

PRC-022-1 R2

CIP-003-4 R3.1

FAC-010-2.1 R5

VAR-001-2 R5

CIP-003-4 R3.2

FAC-011-2 R5

CIP-003-4 R3.3

FAC-013-2 R3

Just as the Commission regularly reviews its regulations to ensure that they achieve their
intended purpose and do not impose an undue burden or unnecessary costs, 11 it is appropriate for
NERC to evaluate its Reliability Standards in the same light. It is important to recognize that the
regime of mandatory Reliability Standards is only seven years old. On April 4, 2006, as
modified on August 28, 2006, NERC submitted to the Commission a petition seeking approval
10

FAC-008-1 Requirements R2 and R3 are not included herein as they are no longer in effect. FAC-008-1
was superseded by FAC-008-3 on December 31, 2012.
11
Written Testimony of Chairman Jon Wellinghoff before the U.S. House of Representatives Committee on
Energy and Commerce, Subcommittee on Oversight and Investigations, July 7, 2011, at p. 2 (“The Commission
regularly reviews its regulations to ensure that they achieve their intended purpose and do not impose undue burdens
on regulated entities or unnecessary costs on those entities or their customers.”). Subsequently, on July 11, 2011,
President Barack Obama issued an Executive Order to independent agencies, such as FERC, to develop and release
a plan to review rules that may be outmoded, ineffective, insufficient, or excessively burdensome, and to modify,
streamline, expand, or repeal them in accordance with what has been learned. President Barack Obama’s Executive
Order 13579, Regulation and Independent Regulatory Agencies at Section 2 (July 11, 2011). Chairman Jon
Wellinghoff announced that same day that the Commission would implement President Barack Obama’s Executive
Order. FERC News Release, “FERC To Institute Public Review of Regulations” (July 11, 2011).

of 107 proposed Reliability Standards. Since that time, both NERC and the Commission have
evolved and refined their respective approaches to what constitutes a Reliability Standard, and
the P 81 project is illustrative of this maturation.
The ERO compliance program and stakeholders will benefit from the proposed
retirement of the requirements included herein as efforts will appropriately be directed towards
activities with a greater potential impact on reliability – these benefits translate into time and
resources saved, which helps ensure that the costs of reliability are proportionate to the benefits.
The recent Petition for Approval of the CIP Version 5 Reliability Standards in Docket
No. RM13-5-000, proposes to “eliminate unnecessary documentation requirements to allow
entities to focus on the reliability and security of the Bulk Power System” 12 and is consistent
with the principles of the P 81 Project and the Commission’s language in Paragraph 81.
The primary focus of the P 81 Team was on retiring those lower-level facilitating
requirements that are either redundant with other requirements or where evidence retention is
burdensome and the requirement is unnecessary (e.g., the same performance is addressed
through other enforceable standards or mechanisms). NERC has authority to enforce reporting
obligations pursuant to the Rules of Procedure. 13 Section 400 and Appendix 4C of the Rules of
Procedure also set forth how failure to comply with a reporting obligation will be addressed. In
the event a registered entity does not submit requested data, information, or a report, the
registered entity is afforded several opportunities to respond or cure a request or requirement

Petition of the North American Electric Reliability Corporation for Approval of Critical Infrastructure
Protection Reliability Standards Version 5, Docket No. RM13-5-000 at 5 (January 31, 2013).
13
Section 401.3 of the NERC Rules of Procedure provides that NERC and the Regional Entities can require
“[a]ll Bulk Power System owners, operators and users” to provide “such information as is necessary to monitor
compliance with the reliability standards.” Appendix 4C to the NERC Rules of Procedure states that the
Compliance Enforcement Authority will “monitor, assess, and enforce compliance with Reliability Standards using
the compliance monitoring processes. . .to collect information in order to make assessments of compliance.”
Section 3.0 (emphasis added).

pursuant to Attachment 1 to Appendix 4C. 14 In December 2012, the Commission found that
Attachment 1 to Appendix 4C “provides reasonable, measured and lawful responses to entities
that are non-responsive to requests for data.” 15
Commission regulations further provide that all users, owners and operators of the BulkPower System “subject to the Commission’s reliability jurisdiction. . .shall comply with
applicable Reliability Standards, the Commission’s regulations, and applicable Electric
Reliability Organization. . .Rules made effective under this part.” 16 The regulations also provide
that “[e]ach user, owner or operator of the Bulk-Power System within the United States. . .shall
provide the Commission, the Electric Reliability Organization and the applicable Regional Entity
such information as is necessary to implement section 215 of the Federal Power Act as
determined by the Commission and set out in the Rules of the Electric Reliability Organization. .
. .” 17
Therefore, the proposed retirement of the documentation requirements included herein
does not create a gap in reliability as NERC and the Regional Entities can enforce reporting
obligations pursuant to section 400 of NERC’s Rules of Procedure and Appendix 4C to ensure
that necessary data continues to be submitted for compliance and enforcement purposes.
Further, data necessary for NERC to implement Section 215 of the FPA can be obtained pursuant
to Section 1600 of the NERC Rules of Procedure. 18

Attachment 1 to Appendix 4C to the CMEP: Process for Non-Submittal of Requested Data, Steps 1-3.
ROP Order at P 82.
16
18 C.F.R. 39.2(b) (2012).
17
18 C.F.R. 39.2(d) (2012); see also Attachment 1 to Appendix 4C to the NERC Rules of Procedure.
18
In Order No. 672, the Commission set forth the legal basis for Section 1600 of the NERC Rules of
Procedure in creating Section 39.2 of the Commission’s regulations. 18 C.F.R. § 39.2 provides:
(d) Each user, owner or operator of the Bulk-Power System within the United States (other than Alaska and
Hawaii) shall provide the Commission, the Electric Reliability Organization and the applicable Regional
Entity such information as is necessary to implement section 215 of the Federal Power Act as determined
by the Commission and set out in the Rules of the Electric Reliability Organization and each applicable
15

While the P 81 Project proposes to retire several requirements related to data retention or
documentation, NERC notes that the simple fact that a requirement includes a data retention or
documentation element does not signify that it should be considered for retirement or is
otherwise inappropriately designated as a requirement. Indeed, certain data retention and/or
documentation requirements are essential to reliability.
As explained in the 2013-2015 NERC Reliability Standards Development Plan, 19
concepts from the P 81 Project will be carried forward into improving the future drafting of
Reliability Standards. Projects will involve stronger examination for duplication of requirements
across the NERC body of Reliability Standards and the technical basis and necessity for each and
every requirement will continue to be evaluated. Specifically, the 2013-2015 NERC Reliability
Standards Development Plan sets forth an aggressive schedule for 2013 to review Reliability
Standards while applying P 81 and results-based concepts across the following three major work
areas:
•

Existing Projects/Emerging Issues ‐ Current projects must be completed and new
projects that either support high risk reliability issues or emerging issues must be
conducted in a timely and efficient manner.

•

Reviews ‐ Five‐year reviews must be conducted on standards that are due for

assessment and have not been revised in recent standards development projects.
•

Directives ‐ Commission directives must be addressed and the resulting revised
standards filed.

Regional Entity. The Electric Reliability Organization and each Regional Entity shall provide the
Commission such information as is necessary to implement section 215 of the Federal Power Act.
19

Submitted in Docket Nos. RM05-17-000 et al. (December 31, 2012), available at:
http://www.nerc.com/files/2013-2015_RSDP_2012.12.31_complete.pdf.

Requirements that were proposed and ultimately not included in Phase 1 of the P 81 Project will
be mapped for consideration as Reliability Standards are evaluated as part of these major work
areas. It is expected that as a result of these projects, NERC will enhance the quality of its
Reliability Standards.

II.

NOTICES AND COMMUNICATIONS
Notices and communications with respect to this filing may be addressed to the

following: 20
Gerald W. Cauley
President and Chief Executive Officer
North American Electric Reliability Corporation
3353 Peachtree Road, N.E.
Suite 600, North Tower
Atlanta, GA 30326
(404) 446-2560
(404) 446-2595– facsimile

III.

Charles A. Berardesco*
Senior Vice President and General Counsel
Holly A. Hawkins*
Assistant General Counsel
Stacey Tyrewala*
Attorney
North American Electric Reliability Corporation
1325 G Street, N.W., Suite 600
Washington, D.C. 20005
(202) 400-3000
(202) 644-8099– facsimile
[email protected]
[email protected]
[email protected]

REGULATORY BACKGROUND
By enacting the Energy Policy Act of 2005, 21 Congress entrusted the Commission with

the duties of approving and enforcing rules to ensure the reliability of the Nation’s Bulk-Power
System, and with the duty of certifying an ERO that would be charged with developing and
enforcing mandatory Reliability Standards, subject to Commission approval. Section 215 of the

Persons to be included on the Commission’s service list are indicated with an asterisk. NERC requests
waiver of 18 C.F.R. § 385.203(b) to permit the inclusion of more than two people on the service list.
21
16 U.S.C. § 824o (2012).

FPA states that all users, owners, and operators of the Bulk-Power System in the United States
will be subject to Commission-approved Reliability Standards. 22
Section 215(d)(5) of the FPA authorizes the Commission to order the ERO to submit a
new or modified Reliability Standard. Pursuant to Section 215(d)(2) of the FPA and Section
39.5(c)(1) of the Commission’s regulations, the Commission will give due weight to the
technical expertise of the ERO with respect to the content of a Reliability Standard. In Order
No. 693, the Commission noted that it would defer to the “technical expertise” of the ERO with
respect to the content of a Reliability Standard and explained that, through the use of directives,
it provides guidance but does not dictate an outcome. Rather, the Commission will consider an
equivalent alternative approach provided that the ERO demonstrates that the alternative will
address the Commission’s underlying concern or goal as efficiently and effectively as the
Commission’s proposal, example, or directive. 23
Section 39.5(a) of the Commission’s regulations requires the ERO to file with the
Commission for its approval each Reliability Standard that the ERO proposes to become
mandatory and enforceable in the United States, and each modification to a Reliability Standard
that the ERO proposes to be made effective. The Commission has the regulatory responsibility
to approve standards that protect the reliability of the Bulk-Power System and to ensure that such
standards are just, reasonable, not unduly discriminatory or preferential, and in the public
interest.

See Section 215(b)(1)(“All users, owners and operators of the bulk-power system shall comply with
reliability standards that take effect under this section.”).
23
See Mandatory Reliability Standards for the Bulk-Power System, Order No. 693, FERC Stats. & Regs. ¶
31,242 at PP 31, 186-187, order on reh’g, Order No. 693-A, 120 FERC ¶ 61,053 (2007).

IV.

REQUIREMENTS PROPOSED FOR RETIREMENT
Listed below are the requirements proposed for retirement, organized by each of the nine

relevant bodies of Reliability Standards. Each requirement proposed for retirement includes the
following: (a) the text of the requirement proposed for retirement; (b) the complete procedural
history of the Reliability Standard; and (c) the technical justification to support the proposed
retirement.
A. Resource and Demand Balancing Reliability Standards
One standard from the BAL body of Reliability Standards, BAL-005, contains a
requirement proposed for retirement. Collectively, the six BAL Reliability Standards address
balancing resources and demand to maintain interconnection frequency within prescribed limits.
1. BAL-005-0.2b, Requirement R2 – Automatic Generation Control
R2.

Each Balancing Authority shall maintain Regulating Reserve that can be controlled by
AGC to meet the Control Performance Standard.
a. Procedural History
BAL-005-0 was filed for Commission approval on April 4, 2006 in Docket No. RM06-

16-000 and was approved on March 16, 2007 in Order No. 693. 24 Also, the Commission
accepted an errata filing to BAL-005-0.1b, which replaced Appendix 1 with a corrected version
of a Commission-approved interpretation, and made an internal reference correction in the
interpretation, thus resulting in BAL-005-0.2b. 25
b. Technical Justification for Retirement
The stated reliability purpose of BAL-005-0.2b is to establish requirements for Balancing
Authority Automatic Generation Control (“AGC”) necessary to calculate Area Control Error

Order No. 693 at P 420.
Letter Order, Petition of the North American Electric Reliability Corporation for Approval of Errata
Changes to Seven Reliability Standards, Docket No. RD12-4-000 (September 13, 2012).

(“ACE”) and to routinely deploy the Regulating Reserve. The standard also ensures that all
facilities and load electrically synchronized to the Interconnection are included within the
metered boundary of a Balancing Area so that balancing of resources and demand can be
achieved. The reliability purpose and objectives of BAL-005-0.2b are unaffected by the
proposed retirement of Requirement R2.
BAL-005-0.2b Requirement R2 involves two important concepts- AGC and Regulating
Reserve. AGC is defined in the NERC Glossary of Terms Used in Reliability Standards as
follows: “Equipment that automatically adjusts generation in a Balancing Authority Area from a
central location to maintain the Balancing Authority’s interchange schedule plus Frequency Bias.
AGC may also accommodate automatic inadvertent payback and time error correction.”
Regulating Reserve is defined as: “An amount of reserve responsive to Automatic Generation
Control, which is sufficient to provide normal regulating margin.” Regulating Reserve provides
the margin that allows generation to respond to changing load conditions based on its calculated
Area Control Error provided by its Energy Management System. It is not intended to provide
response for frequency excursions or generation unit trips.
BAL-005 is related to BAL-001 – Real Power Balancing Control Performance. A
Balancing Authority must use AGC to control its Regulating Reserves to meet the Control
Performance Standards (“CPS”) as set forth in BAL-001-0.1a Requirements R1 and R2. 26 The
primary purpose of Requirement R2 is to specify how a Balancing Authority must meet CPS, i.e.
through the use of AGC.

Note, (i) if a BA does not have an adequate amount of regulating margin (Regulating Reserve) it will not
meet CPS consistently; (ii) the fact that a BA does not meet CPS does not mean it has inadequate regulating margin,
but may be an indication of poor control or some other influence. A BA may have more than an adequate amount of
regulating margin, but may not be utilizing it to optimize the CPS measures; and (iii) if a BA does not meet CPS, it
also does not necessarily mean the BA is operating unreliably. CPS is a consistent measure within the industry, to
achieve a uniformity of practice and provide equity amongst the BAs operating within a common electric system.

NERC acknowledges that an argument regarding the redundancy of BAL-005
Requirement R2 was previously rejected by the Commission, 27 however, NERC maintains that
this Requirement is redundant in an operational sense. Although for a short period of time (as
the Commission stated during an AGC malfunction) 28 a Balancing Authority may be able to
meet its CPS obligations without AGC, it cannot do so for any extended period of time, and,
therefore, Balancing Authorities must use AGC to control Regulating Reserves to satisfy
obligations under BAL-001-0.1a Requirements R1 and R2. Given this fact, BAL-005-0.2b
Requirement R2 is redundant and having two requirements requiring the same activity means
that there is no reliability gap created by the proposed retirement of BAL-005-0.2b Requirement
R2. In other words, without the existence of BAL-005-0.2b Requirement R2, Balancing
Authorities must still have Regulating Reserves that can be controlled by AGC to satisfy the CPS
in BAL-001-0.1a Requirements R1 and R2.
B. Critical Infrastructure Protection Reliability Standards
Eight requirements in the CIP body of Reliability Standards are proposed for retirement,
however, two versions of these requirements are proposed to be retired, bringing the total to
sixteen. The recently filed petition for approval of Version 5 of the CIP Reliability Standards is
consistent with the proposed retirement of these requirements as explained below.

1. CIP-003-3, -4, Requirement R1.2 – Cyber Security – Security
Management Controls
R1.2. The cyber security policy is readily available to all personnel who have access to, or
are responsible for, Critical Cyber Assets.

North American Electric Reliability Corp., 121 FERC ¶ 61,179 at PP 48-51 (2007).
Id. at P 50 (“While theoretically, CPS can be met without the use of AGC, for example, when
the AGC system is malfunctioning…”).
28

a. Procedural History
CIP-003-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 29 CIP-003-2 was filed for
Commission approval on May 22, 2009 in Docket Nos. RM06-22-000 and RD09-7-000 and was
approved on September 30, 2009. 30 CIP-003-3 was filed for Commission approval on December
29, 2009 in Docket No. RD09-7-002 and was approved on March 31, 2010. 31 CIP-003-4 was
submitted for Commission approval on February 10, 2011 in Docket No. RM11-11-000 and was
approved on April 19, 2012. 32
b. Technical Justification for Retirement
CIP-003 requires that Responsible Entities have minimum security management controls
in place to protect Critical Cyber Assets. The reliability purpose and objectives of CIP-003 are
unaffected by the proposed retirement of Requirement R1.2.
CIP-003 Requirement R1.2 is an administrative task that requires Responsible Entities to
ensure that their cyber security policy is readily available to personnel. To implement CIP-0033, -4 R1.2 entities have undertaken a variety of administrative solutions including: kiosks
dedicated to computers with the cyber security policy; posting the policy on the company
intranet; and having copies available in work stations, at common area desks in generating
stations and substations, etc. The proposed retirement of CIP-003, Requirement R1.2 is
consistent with reliability principles and will not create a gap in reliability. Further, this

Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008) (“Order
No. 706”), order on reh’g, Order No. 706-A, 123 FERC ¶ 61,174 (2008), order on clarification, Order No. 706-B,
126 FERC ¶ 61,229, order on clarification, Order No. 706-C, 127 FERC ¶ 61,273 (2009).
30
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC ¶ 61,236
(2009) (approving Version 2 of the CIP Reliability Standards)).
31
Order on Compliance 130 FERC ¶ 61,271 (2010).
32
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058 (2012).

requirement has been removed from CIP Version 5, and, therefore, CIP Version 5 supports, and
is consistent with, the proposed retirement of this requirement.

2. CIP-003-3, -4 Requirements R3, R3.1, R3.2, R3.3 – Cyber Security –
Security Management Controls
R3. Exceptions – Instances where the Responsible Entity cannot conform to its cyber
security policy must be documented as exceptions and authorized by the senior
manager or delegate(s).
R3.1. Exceptions to the Responsible Entity’s cyber security policy must be
documented within thirty days of being approved by the senior manager or
delegate(s).
R3.2. Documented exceptions to the cyber security policy must include an explanation
as to why the exception is necessary and any compensating measures.
R3.3. Authorized exceptions to the cyber security policy must be reviewed and
approved annually by the senior manager or delegate(s) to ensure the exceptions
are still required and valid. Such review and approval shall be documented.
a. Procedural History
CIP-003-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 33 CIP-003-2 was filed for
Commission approval on May 22, 2009 in Docket Nos. RM06-22-000 and RD09-7-000 and was
approved on September 30, 2009. 34 CIP-003-3 was filed for Commission approval on December
29, 2009 in Docket No. RD09-7-002 and was approved on March 31, 2010. 35 CIP-003-4 was
submitted for Commission approval on February 10, 2011 in Docket No. RM11-11-000 and was
approved on April 19, 2012. 36

Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008) (“Order
No. 706”), order on reh’g, Order No. 706-A, 123 FERC ¶ 61,174 (2008), order on clarification, Order No. 706-B,
126 FERC ¶ 61,229, order on clarification, Order No. 706-C, 127 FERC ¶ 61,273 (2009).
34
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC ¶ 61,236
(2009) (approving Version 2 of the CIP Reliability Standards)).
35
Order on Compliance 130 FERC ¶ 61,271 (2010).
36
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058 (2012).

b. Technical Justification for Retirement
CIP-003 requires that Responsible Entities have minimum security management controls
in place to protect Critical Cyber Assets. The reliability purpose and objectives of CIP-003 are
unaffected by the proposed retirement of Requirements R3, and R3.1 through R3.3.
CIP-003-3, -4 Requirements R3, R3.1, R3.2, and R3.3 (collectively “CIP Exception
Requirements”) are administrative tasks and the proposed retirement of these requirements
presents no reliability gap. The CIP Exception Requirements only apply to exceptions to internal
corporate policy, and only in cases where the policy exceeds a Reliability Standard requirement
or addresses an issue that is not covered in a Reliability Standard. For example, if an internal
corporate policy statement requires that all passwords be a minimum of eight characters in
length, and be changed every 30 days, (which is beyond the minimum requirements in CIP-007-3
Requirement R5.3), the CIP Exception Requirements could be invoked for internal governance
purposes to lessen the corporate requirement back to the password requirements in CIP-007-3
R5.3. However, under no circumstances do the CIP Exception Requirements authorize the
implementation of security measures that are less than what is required in CIP-007-3
Requirement R5.3.
The proposed retirement of the CIP Exception Requirements would not impact an entity’s
ability to maintain such an exception process within its corporate policy governance procedures,
if it so desired. Fundamentally, the CIP Exception Requirements are an administrative tool for
internal corporate governance procedures, and, therefore the proposed retirement of these
requirements presents no reliability gap. The CIP Exception Requirements have been removed
from CIP Version 5, therefore, Version 5 is consistent with, and supports, the proposed
retirement of these requirements.

3. CIP-003-3 -4, Requirement R4.2 – Cyber Security – Security
Management Controls
R4.2. The Responsible Entity shall classify information to be protected under this program
based on the sensitivity of the Critical Cyber Asset information.
a. Procedural History
CIP-003-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 37 CIP-003-2 was filed for
Commission approval on May 22, 2009 in Docket Nos. RM06-22-000 and RD09-7-000 and was
approved on September 30, 2009. 38 CIP-003-3 was filed for Commission approval on December
29, 2009 in Docket No. RD09-7-002 and was approved on March 31, 2010. 39 CIP-003-4 was
submitted for Commission approval on February 10, 2011 in Docket No. RM11-11-000 and was
approved on April 19, 2012. 40

b. Technical Justification for Retirement
Both Versions 3 and 4 of CIP-003 Requirement R4.2 require Responsible Entities to
classify information based on “sensitivity.” The proposed retirement of this requirement is
consistent with CIP Version 5. While CIP-003-4 Requirement R4.2 has been incorporated into
CIP-011-5 Requirement R1.1, the obligation to classify information based on sensitivity has been
removed, which does not prevent companies from having multiple levels of classification, but
allows more flexibility to incorporate the CIP information protection program into the normal

Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008) (“Order
No. 706”).
38
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC ¶ 61,236
(2009) (approving Version 2 of the CIP Reliability Standards)).
39
Order on Compliance 130 FERC ¶ 61,271 (2010).
40
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058, (2012).

course of business. Therefore, Version 5 supports, and is consistent with, the proposed
retirement of this requirement.
The task of classifying Critical Cyber Information “based on the sensitivity” is an
administrative task that is redundant with CIP-003-3, -4 Requirement R4. Specifically, CIP-0033, -4 Requirement R4 already requires the classification of information associated with Critical
Cyber Assets. The only difference between Requirement R4 and R4.2 is that the subjective term
“based on the sensitivity” has been added, thus, making it essentially redundant. Further, CIP003-3, -4 Requirement R4 requires the entity to develop classifications based on a subjective
understanding of sensitivity (i.e., no clear connection to serving reliability), therefore the
proposed retirement of this requirement presents no reliability gap.

4. CIP-005-3a, -4a, Requirement R2.6 – Cyber Security -- Electronic
Security Perimeter(s)
R2.6. Appropriate Use Banner -- Where technically feasible, electronic access control devices
shall display an appropriate use banner on the user screen upon all interactive access
attempts. The Responsible Entity shall maintain a document identifying the content of the
banner.
a. Procedural History
CIP-005-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 41 CIP-005-2 was filed for
Commission approval on May 22, 2009 in Docket Nos. RD09-7-000 and RM06-22-000 and was
approved on September 30, 2009. 42 CIP-005-2a was filed for Commission approval on April 21,
2010 in Docket No. RD10-12-000 and was approved by unpublished letter order on February 2,
41

Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008) (“Order
No. 706”).
42
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC ¶ 61,236
(2009) (approving Version 2 of the CIP Reliability Standards)).

2011. 43 CIP-005-3 was filed for Commission approval on December 29, 2009 in Docket No.
RD09-7-002 and was approved on March 31, 2010. 44 CIP-005-3a was filed for Commission
approval on April 21, 2010 in Docket No. RD10-12-000 and was approved by an unpublished
letter order on February 2, 2011. 45 CIP-005-4 was filed for Commission approval on February
10, 2011 in Docket No. RM11-11-000 and was approved on April 19, 2012 in Order No. 761. 46
CIP-005-4a was filed for Commission approval as errata to the CIP Version 4 Petition on April
12, 2011 in Docket No. RM11-11-000 and was approved on April 19, 2012 in Order No 761, the
Final Rule on the CIP Version 4 standards. 47

b. Technical Justification for Retirement
The implementation of an appropriate use banner (“banner”) on a user’s screen for all
interactive access attempts into the Electronic Security Perimeter (“ESP”) is an activity or task
that is administrative. As noted by the CIP Version 5 drafting team:
The objective of having an appropriate use banner is to prevent accidental
use of the system and help allow prosecution of unauthorized individuals
accessing the system. The drafting team did not consider either of these
rising to the level of meeting a reliability objective. 48

This Requirement has been removed from CIP Version 5, therefore Version 5 is consistent with,
and supports, the proposed retirement of this requirement.

Letter Order, Petition of the North American Electric Reliability Corporation for Approval of Interpretation
to Reliability Standard CIP-005-1, Cyber Security, Electronic Security Perimeter(s), Section 4.2.2 and Requirement
R1.3., Docket RD10-12-000, (February 2, 2011).
44
Order on Compliance 130 FERC ¶ 61,271 (2010).
45
Letter Order, Petition of the North American Electric Reliability Corporation for Approval of Interpretation
to Reliability Standard CIP-005-1, Cyber Security, Electronic Security Perimeter(s), Section 4.2.2 and Requirement
R1.3., Docket RD10-12-000, (February 2, 2011).
46
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058 (2012).
47
Id.
48
See Project 2008-06 - Cyber Security Order 706 - Version 5, Mapping Document, available here:
http://www.nerc.com/docs/standards/sar/Mapping_Document_for_CIP_V5_Clean_(2012-0911).pdf.

The banner does not ensure a proper or secure access point configuration which is
generally the purpose of CIP-005-3a, -4a. Further, this requirement has also been the subject of
numerous technical feasibility exceptions (commonly referred to as “TFEs”) for devices that
cannot support such a banner, and hence has diverted resources from more productive efforts. 49
Thus, the ERO’s compliance program would become more efficient if CIP-005-3a, -4a R2.6 was
retired, because ERO time and resources could be reallocated to monitor compliance with the
remainder of CIP-005-3a, -4a, which provides for more effective controls of electronic access at
all electronic access points into the ESP. Accordingly, the proposed retirement of CIP-005-3a, 4a, Requirement R2.6 presents no reliability gap.

5. CIP-007-3, -4, Requirement R7.3 – Cyber Security – Systems Security
Management
R7.3. The Responsible Entity shall maintain records that such assets were disposed of or
redeployed in accordance with documented procedures.
a. Procedural History
CIP-007-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 50 CIP-007-2 was filed for
Commission approval on May 22, 2009 in Docket Nos. RM06-22-000 and RD09-7-000 and was
approved on September 30, 2009. 51 CIP-007-2a was filed for Commission approval on
November 17, 2009 in Docket No. RD10-3-000 and was approved on March 18, 2010. 52 CIP007-3 was filed for Commission approval on December 29, 2009 in Docket No. RD09-7-002 and

See 2012 Annual Report of the North American Electric Reliability Corporation on Wide-Area Analysis of
Technical Feasibility Exceptions, Docket No. RR10-1-001 at 6 (September 28, 2012).
50
Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008) (“Order
No. 706”).
51
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC ¶ 61,236
(2009) (approving Version 2 of the CIP Reliability Standards)).
52
Order Approving Reliability Standard Interpretation, 130 FERC ¶ 61,184 (2010).

was approved on March 31, 2010. 53 CIP-007-4 was filed for Commission approval on February
10, 2011 in Docket No. RM11-11-000 and was approved on April 19, 2012. 54

b. Technical Justification for Retirement
CIP-007-3, -4 Requirement R7.3 requires the maintaining of records for the purpose of
demonstrating compliance with disposing of or redeploying Cyber Assets in accordance with
documented procedures. NERC and the Regional Entities, however, under Section 400 of the
NERC Rules of Procedure, have the ability to require the production of records to demonstrate
compliance, thus CIP-007-3, -4 Requirement R7.3 is redundant and unnecessary. This
requirement has been appropriately repurposed as a measure of compliance in CIP Version 5,
therefore Version 5 is consistent with, and supports, the proposed retirement of this requirement.

C. Emergency Preparedness and Operations Reliability Standards

One requirement from the EOP body of Reliability Standards is proposed for retirement.
The EOP group of Reliability Standards consists of eight Reliability Standards that address
preparation for emergencies, necessary actions during emergencies and system restoration and
reporting following disturbances. 55
1. EOP-005-2 Requirement R3.1 – System Restoration from Blackstart
Resources
R3.1. If there are no changes to the previously submitted restoration plan, the Transmission
Operator shall confirm annually on a predetermined schedule to its Reliability
Coordinator that it has reviewed its restoration plan and no changes were necessary.
53

Order on Compliance 130 FERC ¶ 61,271 (2010).
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058 (2012).
55
EOP-001 is dedicated to Emergency Operations Planning. EOP-002 is dedicated to Capacity and Energy
Emergencies. EOP-003 is dedicated to Load Shedding Plans. EOP-004 is dedicated to Event Reporting. EOP-005
is dedicated to System Restoration Plans and Blackstart Resources. EOP-006 is dedicated to System Restoration
Coordination, [note there is no EOP-007]. EOP-008 is dedicated to Loss of Control Center Functionality and EOP009 is dedicated to Documentation of Blackstart Generating Unit Test Results.
54

EOP-005 is dedicated to System Restoration Plans and Blackstart Resources. The
reliability purpose of EOP-005-2 is to ensure that plans, Facilities, and personnel are prepared to
enable System restoration from Blackstart Resources to assure that reliability is maintained
during restoration and priority is placed on restoring the Interconnection. This reliability purpose
is unaffected by the proposed retirement of Requirement R3.1.
a. Procedural History
EOP-005-1 was submitted for Commission approval on August 28, 2006 in Docket No.
RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 56 EOP-005-2 was
submitted for Commission approval on December 31, 2009 in Docket No. RM10-16-000 and
was approved on March 17, 2011 in Order No. 749. 57
b. Technical Justification for Retirement
EOP-005-2 Requirement R3.1 requires a Transmission Operator to confirm annually that
it has reviewed its restoration plan and that no changes were necessary. This requirement is
redundant with EOP-005-2, Requirement R3, and therefore, the proposed retirement of this
requirement is consistent with reliability principles and would create no gap in reliability.
EOP-005-2 Requirement R3 currently requires the Transmission Operator to submit its
restoration plan to its Reliability Coordinator, whether or not the plan includes changes. EOP005-2 Requirement R3 provides:

R3.

Each Transmission Operator shall review its restoration plan and submit it to its
Reliability Coordinator annually on a mutually agreed predetermined schedule.

Order No. 693 at P 630.
System Restoration Reliability Standards, 134 FERC ¶ 61,215, (March 17, 2011) (“Order No. 749”), order
on clarification, 136 FERC ¶ 61,030 (“Order No. 749-A”) (2011).

Consequently, since EOP-005-2 Requirement R3 requires the Transmission Operator to submit
its restoration plan to the Reliability Coordinator whether or not there has been a change, EOP005-2 Requirement R3.1 only adds a separate, duplicative administrative burden for the entity to
also confirm that there were no changes based upon another pre-determined schedule.
For these reasons, there is no reliability gap resulting from the proposed retirement of
EOP-005-2 Requirement R3.1 because a Transmission Operator already has an obligation to
review and provide its restoration plan annually on a mutually agreed upon predetermined
schedule to its Reliability Coordinator.
D. Facilities Design, Connections, and Maintenance Reliability Standards
Five separate Reliability Standards from the FAC body of Reliability Standards, (FAC002; FAC-010; FAC-011; FAC-013) contain a requirement proposed for retirement, with a total
of six FAC requirements proposed for retirement.
The FAC body of Reliability Standards consists of a total of nine Reliability Standards
that address topics such as facility connection requirements, facility ratings, system operating
limits, and transfer capabilities.58 The FAC Reliability Standards also establish requirements for
maintaining equipment and rights-of-way, including vegetation management.

1. FAC-002-1 Requirement R2 – Coordination of Plans for New Facilities
R2.

The Planning Authority, Transmission Planner, Generator Owner, Transmission Owner,
Load-Serving Entity, and Distribution Provider shall each retain its documentation (of its
evaluation of the reliability impact of the new facilities and their connections on the
interconnected transmission systems) for three years and shall provide the documentation
to the Regional Reliability Organization(s) and NERC on request (within 30 calendar
days).

FAC-001; FAC-002; FAC-003; FAC-008; FAC-010; FAC-011; FAC-012; FAC-013; and FAC-014.

a. Procedural History
FAC-002-0 was submitted to the Commission for approval on April 4, 2006 in Docket
No. RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 59 FAC-002-1 was
submitted for Commission approval on September 9, 2010 in Docket No. RD10-15-000 and was
approved on January 10, 2011. 60
b. Technical Justification for Retirement
Reliability Standard FAC-002 requires that each generation owner, transmission owner,
distribution provider, Load-Serving Entity (“LSE”), transmission planner and planning authority
assess the impact of integrating generation, transmission and end-user facilities into the
interconnected transmission system. The reliability purpose of FAC-002 is to avoid adverse
impacts on reliability by requiring Generator Owners and Transmission Owners and electricity
end-users to meet facility connection and performance requirements. The reliability purpose of
FAC-002 is unaffected by the proposed retirement of Requirement R2.
Responsible Entities have an existing obligation to produce the same information
required by Requirement R2 to demonstrate compliance with Requirement R1 and its subrequirements, thus making Requirement R2 redundant. For this reason, the proposed retirement
of Requirement R2 presents no reliability gap.
E. Interchange Scheduling and Coordination Reliability Standards
One standard from the INT body of Reliability Standards, INT-007, contains a single
requirement proposed for retirement. The INT body of Reliability Standards consists of a total

Order No. 693 at P 693.
NERC Petition for Approval of Proposed Modifications to Reliability Standards BAL-002-1; EOP-002-3;
FAC-002-1; MOD-021-2; PRC-004-2; and VAR-001-2 RD10-15-000 (January 10, 2011).
60

of nine Reliability Standards 61 that address interchange transactions, which occur when
electricity is transmitted from a seller to a buyer across the power grid.
Reliability Standard INT-007 requires that before changing the status of submitted
arranged interchanges to confirmed interchanges, the interchange authority must verify that the
submitted arranged interchanges are valid and complete with relevant information and approvals
from the Balancing Authorities and transmission service providers.
1. INT-007-1 Requirement R1.2 – Interchange Confirmation
R1.2. All reliability entities involved in the Arranged Interchange are currently in the NERC
registry.
a. Procedural History
INT-007-1 was submitted for Commission approval on August 28, 2006 in Docket No.
RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 62

b. Technical Justification for Retirement
The reliability purpose of INT-007-1 is to ensure that each Arranged Interchange is
checked for reliability before it is implemented, and this purpose is unaffected by the proposed
retirement of Requirement R1.2. INT-007-1 Requirement R1.2 is an administrative task that is
now outdated. At one time, the identification number came from the NERC Transmission
System Information Network (“TSIN”) system, which is now handled via the NAESB Electric
Industry Registry. 63 Also, under the E-Tag protocols, no entity may engage in an Interchange
transaction without first registering with the E-Tag system and receiving an identification
number. Further, the entity desiring the transaction enters this identification number in the E-

INT-001; INT-003; INT-004; INT-005; INT-006; INT-007; INT-008; INT-009; and INT-010.
Order No. 693 at P 867.
63
See, North American Energy Standards Board Webregistry Technical Guide v1.4 (Proprietary) (July 2012).
The new NAESB system has updated and implemented more automation to the process.
62

Tag system to pre-qualify and engage in an Arranged Interchange. Accordingly, the task set
forth in INT-007-1 Requirement R1.2 is an outdated activity that is no longer necessary, and thus
the proposed retirement of Requirement R1.2 presents no reliability gap.
F. Interconnection Reliability Operations and Coordination
One standard from the IRO body of Reliability Standards, IRO-016, contains a single
requirement proposed for retirement. The IRO body of Reliability Standards consists of twelve
Reliability Standards that detail the responsibilities and authorities of a Reliability Coordinator. 64
The IRO Reliability Standards establish requirements for data, tools and wide-area view, all of
which are intended to facilitate a Reliability Coordinator’s ability to perform its responsibilities
and ensure the reliable operation of the interconnected grid.
1. IRO-016-1 Requirement R2 – Coordination of Real-Time Activities between
Reliability Coordinators
R2.

The Reliability Coordinator shall document (via operator logs or other data sources) its
actions taken for either the event or for the disagreement on the problem(s) or for both.
a. Procedural History
IRO-016-1 was submitted for Commission approval on April 4, 2006 in Docket No.

RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 65

b. Technical Justification for Retirement
IRO-016 establishes requirements for coordinated real-time operations, including: (1)
notification of problems to neighboring Reliability Coordinators and (2) discussions and
decisions for agreed-upon solutions for implementation. The reliability purpose of IRO-016-1 is
to ensure that each Reliability Coordinator’s operations are coordinated such that they will not

IRO-001; IRO-002; IRO-003; IRO-004; IRO-005; IRO-006; IRO-008; IRO-009; IRO-010; IRO-014; IRO015; and IRO-016.
65
Order No. 693 at PP 1004-005.

have an adverse reliability impact on other Reliability Coordinator Areas and to preserve the
reliability benefits of interconnected operations. To implement the purpose, IRO-016-1
Requirement R1 and its sub-requirements state:

R1. The Reliability Coordinator that identifies a potential, expected, or actual
problem that requires the actions of one or more other Reliability Coordinators
shall contact the other Reliability Coordinator(s) to confirm that there is a
problem and then discuss options and decide upon a solution to prevent or resolve
the identified problem.
R1.1. If the involved Reliability Coordinators agree on the problem and
the actions to take to prevent or mitigate the system condition, each
involved Reliability Coordinator shall implement the agreed-upon
solution, and notify the involved Reliability Coordinators of the action(s)
taken.
R1.2. If the involved Reliability Coordinators cannot agree on the
problem(s) each Reliability Coordinator shall re-evaluate the causes of the
disagreement (bad data, status, study results, tools, etc.).
R1.2.1. If time permits, this re-evaluation shall be done before
taking corrective actions.
R1.2.2. If time does not permit, then each Reliability Coordinator
shall operate as though the problem(s) exist(s) until the conflicting
system status is resolved.
These requirements are specific actions and decision points among Reliability Coordinators that
promote the reliable operation of the BES. In contrast, Requirement R2 is an administrative task
and the proposed retirement will not adversely impact reliability. Therefore, the reliability
purpose of IRO-016-1 is unaffected by the proposed retirement of Requirement R2.
Furthermore, outside the context of a Reliability Standard, under Section 400 of the
NERC Rules of Procedure, NERC and the Regional Entities have the authority to require an
entity to submit data and information for purposes of monitoring compliance. Thus, the
retirement of IRO-016-1 Requirement R2 does not affect the ability for NERC and the Regional

Entities to require Reliability Coordinators to produce documentation to demonstrate compliance
with IRO-016-1 Requirement R1 and its sub-requirements. Accordingly, retiring IRO-016-1
Requirement R2 presents no gap to reliability or to the information NERC and the Regional
Entities need to monitor compliance.
G. Nuclear Reliability Standards
There is only one standard that comprises the NUC body of Reliability Standards, NUC001, and this standard contains five requirements proposed for retirement. The NUC-001
Reliability Standard requires a nuclear plant Generator Operator to coordinate operations and
planning with transmission entities providing services relating to nuclear plant operating and offsite power delivery requirements
1. NUC-001-2 Requirements R9.1, R9.1.1, R9.1.2, R9.1.3, and R9.1.4 – Nuclear
Plant Interface Coordination
R9.1.

Administrative elements:
R9.1.1. Definitions of key terms used in the agreement.
R9.1.2. Names of the responsible entities, organizational relationships, and
responsibilities related to the NPIRs.
R9.1.3. A requirement to review the agreement(s) at least every three years.
R9.1.4. A dispute resolution mechanism.

a. Procedural History
NUC-001-1 was submitted for Commission approval on November 19, 2007 in Docket
No. RM08-3-000 and was approved on October 16, 2008. 66 NUC-001-2 was submitted for

Mandatory Reliability Standard for Nuclear Plant Interface Coordination, 125 FERC ¶ 61,065 (2008)
(“Order No. 716”), order on reh’g, Order No. 716-A, 126 FERC ¶ 61,122 (2009).

Commission approval on August 14, 2009 in Docket No. RD09-10-000 and was approved on
January 21, 2010. 67
b. Technical Justification for Retirement
The reliability purpose of NUC-001-2 is to ensure the coordination between Nuclear
Plant Generator Operators and Transmission Entities for nuclear plant safe operation and
shutdown. The reliability purpose of NUC-001-2 is unaffected by the proposed retirement of
Requirements 9.1, 9.1.1, 9.1.2, 9.1.3 and 9.1.4. Requirement 9.1 and its sub-requirements
specify certain administrative elements that must be included in the agreement (required by R2)
between the Nuclear Plant Generator Operator and the applicable Transmission Entities. These
are a mix of technical, communication, training and administrative requirements. Requirement
R9.1 and its sub-requirements are administrative tasks and the proposed retirement of these
Requirements will not adversely impact reliability. Further, requiring via a mandatory
Reliability Standard the inclusion of boilerplate provisions is unnecessarily burdensome relative
to the other significant requirements in NUC-001-2 that pertain to performance based reliability
coordination and protocols between Transmission Entities and Nuclear Plant Generator
Operators. Therefore, the proposed retirement of NUC-001-2 R9.1 and all its sub-requirements
creates no reliability gap.
H. Protection and Control Reliability Standards
Two standards from the PRC body of Reliability Standards, PRC-010 and PRC-022,
contain a requirement proposed for retirement. PRC systems on Bulk-Power System elements
are an integral part of reliable grid operation. Protection systems are designed to detect and
isolate faulty elements on a system, thereby limiting the severity and spread of system
disturbances, and preventing possible damage to protected elements. The function, settings, and
67

Order Approving Reliability Standard, 130 FERC ¶ 61,051 (2010).

limitations of a protection system are critical in establishing System Operating Limits and
Interconnection Reliability Operating Limits. The PRC Reliability Standards consist of a total of
twenty-three Reliability Standards that apply to Transmission Operators, Transmission Owners,
Generator Operators, Generator Owners, Distribution Providers and Regional Reliability
Organizations and cover a wide range of topics related to the protection and control of power
systems. 68
1. PRC-010-0 Requirement R2 – Assessment of the Design and Effectiveness
of UVLS Program
R2.

The Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall provide documentation of its
current UVLS program assessment to its Regional Reliability Organization and NERC on
request (30 calendar days).
a. Procedural History
PRC-010-0 was filed for Commission approval on April 4, 2006 in Docket No. RM06-

16-000 and was approved on March 16, 2007 in Order No. 693. 69
b. Technical Justification for Retirement
Reliability Standard PRC-010 requires transmission owners, transmission operators,
LSEs and distribution providers to periodically conduct and document an assessment of the
effectiveness of their Under Voltage Load Shedding (“UVLS”) program at least every five years
or as required by changes in system conditions. The assessment must be conducted with the
associated transmission planner and planning authority. The purpose of PRC-010 is to provide
system preservation measures in an attempt to prevent system voltage collapse or voltage
instability by implementing an UVLS program. Outside the context of a Reliability Standard,
68

PRC-001; PRC-002; PRC-003; PRC-004; PRC-005; PRC-006; PRC-007, PRC-008; PRC-009; PRC-010;
PRC-011; PRC-012; PRC-013; PRC-014; PRC-015; PRC-016; PRC-017; PRC-018; PRC-019; PRC-020; PRC-021;
PRC-022; and PRC-023.
69
Order No. 693 at P 1509.

under Section 400 of the NERC Rules of Procedure, NERC and the Regional Entities have the
authority to require an entity to submit documentation of its current UVLS program assessment
for purposes of monitoring compliance. Thus, the retirement of PRC-010-0 Requirement R2
does not affect the ability of NERC and the Regional Entities to require Reliability Coordinators
to produce documentation to monitor compliance with PRC-010-0 Requirement R1 and its subrequirements. Furthermore, PRC-010-0 Requirement R1 requires that the entity document an
assessment of the effectiveness of its UVLS program:

The Load-Serving Entity, Transmission Owner, Transmission Operator, and
Distribution Provider that owns or operates a UVLS program shall periodically (at
least every five years or as required by changes in system conditions) conduct and
document an assessment of the effectiveness of the UVLS program.
Accordingly, the proposed retirement of PRC-010-0 Requirement R2 presents no reliability gap.

2. PRC-022-1 Requirement R2 – Under-Voltage Load Shedding Program
Performance
R2.

Each Transmission Operator, Load-Serving Entity, and Distribution Provider that
operates a UVLS program shall provide documentation of its analysis of UVLS program
performance to its Regional Reliability Organization within 90 calendar days of a
request.
a. Procedural History
PRC-022-1 was submitted for Commission approval on April 4, 2006 in Docket No.

RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 70
b. Technical Justification for Retirement
The purpose of Reliability Standard PRC-022 is to ensure that UVLS programs perform
as intended to mitigate the risk of voltage collapse or voltage instability in the BES. PRC-022
requires transmission operators, LSEs, and distribution providers to provide analysis,
70

Order No. 693 at P 1565.

documentation, and misoperation data on UVLS operations to the regional reliability
organization.
PRC-022-1, Requirement R2 requires entities to provide documentation of its analysis of
its UVLS program performance within 90 days of request. The proposed retirement of PRC022-1, Requirement R2 is consistent with reliability principles and will not result in a gap in
reliability as NERC has the ability to request this information pursuant to Section 400 of the
NERC Rules of Procedure. Thus, the proposed retirement of PRC-022-1 Requirement R2 does
not affect the ability of NERC to require Reliability Coordinators to produce documentation to
monitor compliance with PRC-022-1 Requirement R1 and its sub-requirements. Furthermore,
PRC-022-1 Requirement R1 also requires that the entity document its UVLS performance:
Each Transmission Operator, Load-Serving Entity, and Distribution Provider that
operates a UVLS program to mitigate the risk of voltage collapse or voltage
instability in the BES shall analyze and document all UVLS operations and
Misoperations.
Accordingly, the proposed retirement of PRC-022-1 Requirement R2 presents no gap to
reliability. The ERO compliance program efficiency will increase since it will no longer need to
track a static requirement of whether a UVLS program assessment was submitted within 30 days
of a request by NERC or the Regional Entity, and instead, compliance monitoring may focus on
the more substantive requirements of PRC-022-1.
I. Voltage and Reactive Reliability Standards
One standard from the VAR body of Reliability Standards, VAR-001, contains a single
requirement proposed for retirement. VAR-001 is dedicated to Voltage and Reactive Control
and VAR-002 is dedicated to Generator Operation for Maintaining Network Voltage Schedules.
VAR-001 ensures that voltage levels, reactive flows, and reactive resources are monitored,
controlled, and maintained within limits in real-time to protect equipment and the reliable

operation of the Interconnection. VAR-002 ensures that generators provide reactive and voltage
control necessary to ensure voltage levels, reactive flows, and reactive resources are maintained
within applicable Facility Ratings to protect equipment and the reliable operation of the
Interconnection. These two Reliability Standards, along with two regional standards (VAR-002WECC-1 and VAR-501-WECC-1), form the VAR Reliability Standards.
1. VAR-001-2, Requirement R5 – Voltage and Reactive Control
R5.

Each Purchasing-Selling Entity and Load Serving Entity shall arrange for (self-provide or
purchase) reactive resources – which may include, but is not limited to, reactive
generation scheduling; transmission line and reactive resource switching;, and
controllable load– to satisfy its reactive requirements identified by its Transmission
Service Provider.

a. Procedural History
VAR-001-1 was submitted for Commission approval on April 4, 2006, in Docket No.
RM06-16-000 and approved by the Commission in Order No. 693. 71 When approving VAR001-1, in Order No. 693 at paragraph 1858, the Commission recognized:
[T]hat all transmission customers of public utilities are required to purchase
Ancillary Service No. 2 under the OATT or self-supply, but the OATT does not
require them to provide information to transmission operators needed to
accurately study reactive power needs. The Commission directs the ERO to
address the reactive power requirements for LSEs on a comparable basis with
purchasing-selling entities.

On September 9, 2010, NERC submitted VAR-001-2, which included revisions to Requirement
R5 to satisfy Commission directives in Order No. 693, including the directive in paragraph 1858.
This directive was addressed by adding “Load Serving Entities” to the standard as applicable
entities and making them subject to the same requirements as purchasing-selling entities

Order No. 693 at P 1880.

(“PSEs”). These modifications to VAR-001-2 were accepted by the Commission on January 10,
2011. 72

b. Technical Justification for Retirement
The proposed retirement of VAR-001-2, Requirement R5 is consistent with reliability
principles as this Requirement is (i) redundant with the Commission’s pro forma open access
transmission tariff (“OATT”); and (ii) the reliability objective is achieved via VAR-001-2,
Requirement R2.
VAR-001-2, Requirement R5 provides for the PSE and LSE (transmission customers) to
arrange for or self-provide reactive resources as required under Schedule 2 of the OATT.
Schedule 2 of the OATT states:
Schedule 2 Reactive Supply and Voltage Control from Generation or Other
In order to maintain transmission voltages on the Transmission Provider's
transmission facilities within acceptable limits, generation facilities and nongeneration resources capable of providing this service that are under the control of
the control area operator) are operated to produce (or absorb) reactive power.
Thus, Reactive Supply and Voltage Control from Generation or Other Sources
Service must be provided for each transaction on the Transmission Provider's
transmission facilities. The amount of Reactive Supply and Voltage Control from
Generation or Other Sources Service that must be supplied with respect to the
Transmission Customer's transaction will be determined based on the reactive
power support necessary to maintain transmission voltages within limits that are
generally accepted in the region and consistently adhered to by the Transmission
Provider.
Reactive Supply and Voltage Control from Generation or Other Sources Service
is to be provided directly by the Transmission Provider (if the Transmission
Provider is the Control Area operator) or indirectly by the Transmission Provider
making arrangements with the Control Area operator that performs this service
for the Transmission Provider's Transmission System. The Transmission
Customer must purchase this service from the Transmission Provider or the
Control Area operator. A Transmission Customer may satisfy all or part of its
obligation through self provision or purchases provided that the self-provided or
purchased reactive power reduces the Transmission Provider’s reactive power
requirements and is from generating facilities under the control of the
72

North American Electric Reliability Corp., 134 FERC ¶ 61,015 (2011).

Transmission Provider or Control Area operator. The Transmission Customer’s
Service Agreement shall specify any such reactive supply arrangements. To the
extent the Control Area operator performs this service for the Transmission
Provider, charges to the Transmission Customer are to reflect only a pass-through
of the costs charged to the Transmission Provider by the Control Area operator.
The Transmission Provider’s rates for Reactive Supply and Voltage Control from
Generation Sources Services shall be set out in Appendix A to this Schedule.
Given the importance of the procurement or self-provision of reactive power, even in a market
setting, a form of Schedule 2 is found in the tariffs of MISO and PJM, for example. Also, other
contractual mechanisms, such as Interchange agreements, also are used to ensure transmission
customers (such as PSEs and LSEs) provide reactive power. While NERC complied with the
Commission’s directive to add LSEs to VAR-001-2 Requirement R5, a review of this
requirement in light of Schedule 2 indicates that the reliability objective of ensuring that PSEs as
well as LSEs either acquire or self provide reactive power resources associated with transmission
service requests is accomplished via Schedule 2, and, therefore, there is no need to reiterate it in
VAR-001-2 Requirement R5. The repetitive nature of VAR-001-2 Requirement R5 is also
apparent in the context of how a PSE or LSE generally demonstrates compliance – via
screenshots from Open Access Same-Time Information System reservations that show the
mandatory acquiring or self providing of reactive power resources per Schedule 2.
The reliability objective of VAR-001-2 is also accomplished in VAR-001-2 Requirement
R2 (that is not proposed for retirement) which reads:
Each Transmission Operator shall acquire sufficient reactive resources – which
may include, but is not limited to, reactive generation scheduling; transmission
line and reactive resource switching;, [sic] and controllable load – within its area
to protect the voltage levels under normal and Contingency conditions. This
includes the Transmission Operator’s share of the reactive requirements of
interconnecting transmission circuits.
The Transmission Operator’s adherence to Requirement R2 is a double-check for the obligations
under Schedule 2 to ensure there are sufficient reactive power resources to protect the voltage

levels under normal and Contingency conditions. This double check, however, does not relieve
PSEs and LSEs from their obligations under Schedule 2 of the OATT or Interchange agreements.
In addition, in the Electric Reliability Council of Texas (“ERCOT”) region, where there
is no FERC approved OATT, reactive power is handled via Section 3.15 of the ERCOT Nodal
Protocols that describes how ERCOT establishes a voltage profile for the grid, and then in detail
explains the responsibilities of the Generators, Distribution Providers and Texas Transmission
Service Providers (not to be confused with a NERC Transmission Service Provider), to meet the
Voltage Profile and ensure that those entities have sufficient reactive support to do so. There is
further Operating Guide detail on the responsibilities for entities to deploy reactive resources
approximately, within performance criteria in the Operating Guide Section 3. Thus, as in nonERCOT regions, ERCOT has protocols that are duplicative of VAR-001-2, Requirement R5.
Given the redundant nature of VAR-001-2 Requirement R5, the proposed retirement of this
requirement presents no reliability gap.

CONCLUSION
For the reasons set forth above, NERC respectfully requests that the Commission:
•

approve the proposed retirement of Reliability Standard Requirements and associated
elements included in Exhibit B, effective as proposed herein; and

•

approve the implementation plan included in Exhibit C;

Respectfully submitted,
/s/ Stacey Tyrewala
Gerald W. Cauley
President and Chief Executive Officer
North American Electric Reliability Corporation
3353 Peachtree Road, N.E.
Suite 600, North Tower
Atlanta, GA 30326
(404) 446-2560
(404) 446-2595– facsimile

Dated: February 28, 2013

CERTIFICATE OF SERVICE

I hereby certify that I have served a copy of the foregoing document upon all parties
listed on the official service list compiled by the Secretary in this proceeding.
Dated at Washington, D.C. this 28th day of February, 2013.
/s/ Stacey Tyrewala
Stacey Tyrewala
Attorney for North American Electric
Reliability Corporation

Exhibit A

Paragraph 81 Criteria

Exhibit A — Paragraph 81 Criteria

Paragraph 81 Criteria
The P 81 Team developed three criteria: (1) Criteria A: an overarching criteria designed
to determine that there is no reliability gap created by the proposed retirement; (2) Criteria B:
which consists of seven separate identifying criteria designed to recognize requirements
appropriate for retirement; and (3) Criteria C: which consists of seven separate questions
designed to assist the P 81 Team in making an informed decision regarding whether
requirements are appropriate to propose for retirement.
In order for a Reliability Standard Requirement to be proposed for retirement, it must
satisfy both: (i) Criteria A (the overarching criterion) and (ii) at least one of the Criteria B
(identifying criteria). In addition, the data and reference points set forth below in Criteria C were
considered to make a more informed decision on whether to proceed with retirement.

Criterion A (Overarching Criterion)
The Reliability Standard requirement requires responsible entities to conduct an activity or task
that does little, if anything, to benefit or protect the reliable operation of the BES.
This criterion is based on the Commission’s language in P 81 of the March 15th Order.
Section 215(a)(4) of the Federal Power Act defines “reliable operation” as: “… operating
the elements of the bulk-power system within equipment and electric system thermal, voltage,
and stability limits so that instability, uncontrolled separation, or cascading failures of such
system will not occur as a result of a sudden disturbance, including a cybersecurity incident, or
unanticipated failure of system elements.”
Criteria B (Identifying Criteria)
B1. Administrative
The Reliability Standard requirement requires responsible entities to perform a function that is
administrative in nature, does not support reliability and is needlessly burdensome.
This criterion is designed to identify Requirements that can be removed with little effect
on reliability and whose removal will result in an increase in the efficiency of the ERO
compliance program. Administrative functions may include a task that is or is not related to

developing procedures or plans, such as establishing communication contacts. Thus, for certain
requirements, Criterion B1 is closely related to Criteria B2, B3 and B4. Strictly administrative
functions do not inherently impact reliability directly and, where possible, should be eliminated
for purposes of efficiency and to allow the ERO and entities to allocate resources appropriately.
B2. Data Collection/Data Retention
These are requirements that obligate responsible entities to produce and retain data which
document prior events or activities, and should be collected via some other method under
NERC’s rules and processes.
This criterion is designed to identify requirements that can be removed with little effect
on reliability. The collection and/or retention of data do not necessarily have a reliability benefit
and yet are often required to demonstrate compliance. Where data collection and/or data
retention is unnecessary for reliability purposes, such requirements should be eliminated in order
to increase the efficiency of the ERO compliance program.
B3. Documentation
The Reliability Standard requirement requires responsible entities to develop a document (e.g.,
plan, policy or procedure) which is not necessary to protect BES reliability.
This criterion is designed to identify requirements that require the development of a
document that is unrelated to reliability or has no performance or results-based function. In other
words, the document is required, but no execution of a reliability activity or task is associated
with or required by the document.
B4. Reporting
The Reliability Standard requirement obligates responsible entities to report to a Regional
Entity, NERC or another party or entity.
This criterion is designed to identify requirements that obligate Responsible Entities to
report to a Regional Entity on activities which have no discernible impact on promoting the
reliable operation of the BES and if the entity failed to meet this requirement, there would be
little impact on reliability.
2

B5. Periodic Updates
The Reliability Standard requirement requires responsible entities to periodically update (e.g.,
annually) documentation, such as a plan, procedure or policy without an operational benefit to
reliability.
This criterion is designed to identify requirements that impose an updating requirement
that is out of sync with the actual operations of the BES, unnecessary or duplicative.
B6. Commercial or Business Practice
The Reliability Standard requirement is a commercial or business practice, or implicates
commercial rather than reliability issues.

This criterion is designed to identify those requirements that require: (i) implementing a
best or outdated business practice or (ii) implicating the exchange of or debate on commercially
sensitive information while doing little, if anything, to promote the reliable operation of the BES.
B7. Redundant
The Reliability Standard requirement is redundant with: (i) another FERC-approved Reliability
Standard requirement(s); (ii) the ERO compliance and monitoring program or (iii) a
governmental regulation (e.g., Open Access Transmission Tariff, North American Energy
Standards Board (“NAESB”), etc.).

This criterion is designed to identify requirements that are redundant with other
requirements and are, therefore, unnecessary. Unlike the other criteria listed in Criterion B, in
the case of redundancy, the task or activity itself may contribute to a reliable BES, but it is not
necessary to have two duplicative requirements on the same or similar task or activity. Such
requirements can be removed with little or no effect on reliability and removal will result in an
increase in efficiency of the ERO compliance program.

Criteria C (Additional Data and Reference Points)
To assist in the determination of whether to proceed with the retirement of a Reliability
Standard requirement that satisfied both Criteria A and B, the following data and reference
points were considered by the P 81 Team to make a more informed decision:
C1.

Was the Reliability Standard requirement part of a FFT filing?
This criterion was applied in order to determine what efficiencies would be gained for the

NERC compliance program.
C2.
Is the Reliability Standard requirement being reviewed in an on-going Standards
Development Project?
This criterion was applied in order to determine whether the requirement proposed for
retirement was a part of an active on-going standard development project.
C3.

What is the VRF of the Reliability Standard requirement?
Each requirement must have an associated violation risk factor (“VRF”) (High, Medium,

or Lower). The risk factor is one of several elements used to determine an appropriate sanction
when the associated requirement is violated. The risk factor assesses the impact to reliability of
violating a specific requirement. This criterion was applied in order to determine what
efficiencies would be gained for the NERC compliance program.
C4.

In which tier of the 2013 AML does the Reliability Standard requirement fall?
The NERC Actively Monitored List (“AML”) is the minimum scope of compliance

audits and consists of a three tiered approach.
•

Tier 1 Requirements are those that are the most critical to the purpose and intent
of the standard of which they are a part. Additionally, the ability of a registered
entity to demonstrate compliance with Tier 1 Requirements will provide guidance
to audit teams on the necessity to investigate further and broaden an audit’s scope
in additional Requirements or reliability standards or both.

•

Tier 2 Requirements are also critical to the purpose of a standard, but less so than
Tier 1 in that Tier 2 does not address the ERO high-risk priorities as directly as
Tier 1. Tier 2 also does not pose as severe a risk as Tier 1. The determination of
4

what tier each assignment is assigned is done using all the data and input
mentioned earlier in this section of the report, applied with professional judgment
and input from the Regional Entities. This is not to say that compliance with Tier
2 Requirements is not mandatory. Instead, Tier 2 Requirements represent an
additional level of inquiry that must be undertaken when a registered entity does
not display clear compliance with those most critical Requirements of Tier 1. In
the process of this added level of investigation, it may become necessary to
branch off into other reliability standards that were not identified as relating
directly to an ERO priority.
•

Tier 3 Requirements are those that, while still being significant to Bulk-Power
System reliability, do not represent the purpose of a reliability standard directly or
are not representative of ERO priorities. The exploration of an audit team into the
compliance of a registered entity with Tier 3 Requirements will be initiated
through links between identified deficiencies in Tier 1 and 2 Requirements and
those of Tier 3.

Note, Registered Entities are responsible for compliance with all regulatory approved reliability
standards and requirements in effect per their registered functions at all times, regardless of what
is specified in the AML.

C5. Is there a possible negative impact on NERC’s published and posted reliability
principles?
The application of this criterion involves consideration of eight reliability principles
published on the NERC webpage. 73
C6.
Is there any negative impact on the defense in depth protection of the Bulk Electric
System?
This criterion is designed to assess whether other Requirements rely on the Requirement
proposed for retirement to protect the BES, in recognition of the fact that NERC Reliability
Standards are an integrated whole.
C7.

Does the retirement promote results or performance based Reliability Standards?
Generally, NERC strives to achieve results-based Reliability Standards, which contain

results-based requirements with sufficient clarity to hold entities accountable without being
overly prescriptive as to how a specific reliability outcome is to be achieved. This criterion is
designed to ensure that the P 81 Project is consistent with this direction.

Principle 1.
Interconnected bulk power systems shall be planned and operated in a coordinated
manner to perform reliably under normal and abnormal conditions as defined in the NERC Standards.
Principle 2.
The frequency and voltage of interconnected bulk power systems shall be controlled within
defined limits through the balancing of real and reactive power supply and demand.
Principle 3.
Information necessary for the planning and operation of interconnected bulk power systems shall
be made available to those entities responsible for planning and operating the systems reliably.
Principle 4.
Plans for emergency operation and system restoration of interconnected bulk power systems shall
be developed, coordinated, maintained, and implemented.
Principle 5.
Facilities for communication, monitoring, and control shall be provided, used, and maintained for
the reliability of interconnected bulk power systems.
Principle 6.
Personnel responsible for planning and operating interconnected bulk power systems shall be
trained, qualified, and have the responsibility and authority to implement actions.
Principle 7.
The reliability of the interconnected bulk power systems shall be assessed, monitored, and
maintained on a wide-area basis.
Principle 8.
Bulk power systems shall be protected from malicious physical or cyber attacks. (footnote
omitted).

Exhibit B

Redlined Version of Reliability Standards with Proposed Retirements

Standard BAL-005-0.2b — Automatic Generation Control
A.

Introduction
1.

Title:

Automatic Generation Control

Number:

BAL-005-0.2b

Purpose: This standard establishes requirements for Balancing Authority Automatic
Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely
deploy the Regulating Reserve. The standard also ensures that all facilities and load
electrically synchronized to the Interconnection are included within the metered boundary of a
Balancing Area so that balancing of resources and demand can be achieved.

Applicability:

5.
B.

4.1.

Balancing Authorities

4.2.

Generator Operators

4.3.

Transmission Operators

4.4.

Load Serving Entities

Effective Date:

May 13, 2009

Requirements
R1. All generation, transmission, and load operating within an Interconnection must be included
within the metered boundaries of a Balancing Authority Area.
R1.1. Each Generator Operator with generation facilities operating in an Interconnection
shall ensure that those generation facilities are included within the metered boundaries
of a Balancing Authority Area.
R1.2. Each Transmission Operator with transmission facilities operating in an
Interconnection shall ensure that those transmission facilities are included within the
metered boundaries of a Balancing Authority Area.
R1.3. Each Load-Serving Entity with load operating in an Interconnection shall ensure that
those loads are included within the metered boundaries of a Balancing Authority Area.
R2. Each Balancing Authority shall maintain Regulating Reserve that can be controlled by AGC to
meet the Control Performance Standard. (Retired)
R3. A Balancing Authority providing Regulation Service shall ensure that adequate metering,
communications, and control equipment are employed to prevent such service from becoming
a Burden on the Interconnection or other Balancing Authority Areas.
R4. A Balancing Authority providing Regulation Service shall notify the Host Balancing
Authority for whom it is controlling if it is unable to provide the service, as well as any
Intermediate Balancing Authorities.
R5. A Balancing Authority receiving Regulation Service shall ensure that backup plans are in
place to provide replacement Regulation Service should the supplying Balancing Authority no
longer be able to provide this service.
R6. The Balancing Authority’s AGC shall compare total Net Actual Interchange to total Net
Scheduled Interchange plus Frequency Bias obligation to determine the Balancing Authority’s
ACE. Single Balancing Authorities operating asynchronously may employ alternative ACE
calculations such as (but not limited to) flat frequency control. If a Balancing Authority is
unable to calculate ACE for more than 30 minutes it shall notify its Reliability Coordinator.
Page 1 of 6

Standard BAL-005-0.2b — Automatic Generation Control
R7. The Balancing Authority shall operate AGC continuously unless such operation adversely
impacts the reliability of the Interconnection. If AGC has become inoperative, the Balancing
Authority shall use manual control to adjust generation to maintain the Net Scheduled
Interchange.
R8. The Balancing Authority shall ensure that data acquisition for and calculation of ACE occur at
least every six seconds.
R8.1. Each Balancing Authority shall provide redundant and independent frequency metering
equipment that shall automatically activate upon detection of failure of the primary
source. This overall installation shall provide a minimum availability of 99.95%.
R9. The Balancing Authority shall include all Interchange Schedules with Adjacent Balancing
Authorities in the calculation of Net Scheduled Interchange for the ACE equation.
R9.1. Balancing Authorities with a high voltage direct current (HVDC) link to another
Balancing Authority connected asynchronously to their Interconnection may choose to
omit the Interchange Schedule related to the HVDC link from the ACE equation if it is
modeled as internal generation or load.
R10. The Balancing Authority shall include all Dynamic Schedules in the calculation of Net
Scheduled Interchange for the ACE equation.
R11. Balancing Authorities shall include the effect of ramp rates, which shall be identical and
agreed to between affected Balancing Authorities, in the Scheduled Interchange values to
calculate ACE.
R12. Each Balancing Authority shall include all Tie Line flows with Adjacent Balancing Authority
Areas in the ACE calculation.
R12.1. Balancing Authorities that share a tie shall ensure Tie Line MW metering is
telemetered to both control centers, and emanates from a common, agreed-upon source
using common primary metering equipment. Balancing Authorities shall ensure that
megawatt-hour data is telemetered or reported at the end of each hour.
R12.2. Balancing Authorities shall ensure the power flow and ACE signals that are utilized for
calculating Balancing Authority performance or that are transmitted for Regulation
Service are not filtered prior to transmission, except for the Anti-aliasing Filters of Tie
Lines.
R12.3. Balancing Authorities shall install common metering equipment where Dynamic
Schedules or Pseudo-Ties are implemented between two or more Balancing
Authorities to deliver the output of Jointly Owned Units or to serve remote load.
R13. Each Balancing Authority shall perform hourly error checks using Tie Line megawatt-hour
meters with common time synchronization to determine the accuracy of its control equipment.
The Balancing Authority shall adjust the component (e.g., Tie Line meter) of ACE that is in
error (if known) or use the interchange meter error (I ME ) term of the ACE equation to
compensate for any equipment error until repairs can be made.
R14. The Balancing Authority shall provide its operating personnel with sufficient instrumentation
and data recording equipment to facilitate monitoring of control performance, generation
response, and after-the-fact analysis of area performance. As a minimum, the Balancing
Authority shall provide its operating personnel with real-time values for ACE, Interconnection
frequency and Net Actual Interchange with each Adjacent Balancing Authority Area.
R15. The Balancing Authority shall provide adequate and reliable backup power supplies and shall
periodically test these supplies at the Balancing Authority’s control center and other critical
Page 2 of 6

Standard BAL-005-0.2b — Automatic Generation Control
locations to ensure continuous operation of AGC and vital data recording equipment during
loss of the normal power supply.
R16. The Balancing Authority shall sample data at least at the same periodicity with which ACE is
calculated. The Balancing Authority shall flag missing or bad data for operator display and
archival purposes. The Balancing Authority shall collect coincident data to the greatest
practical extent, i.e., ACE, Interconnection frequency, Net Actual Interchange, and other data
shall all be sampled at the same time.
R17. Each Balancing Authority shall at least annually check and calibrate its time error and
frequency devices against a common reference. The Balancing Authority shall adhere to the
minimum values for measuring devices as listed below:

Device

Accuracy

Digital frequency transducer

≤ 0.001 Hz

MW, MVAR, and voltage transducer

≤ 0.25 % of full scale

Remote terminal unit

≤ 0.25 % of full scale

Potential transformer

≤ 0.30 % of full scale

Current transformer

≤ 0.50 % of full scale

Measures
Not specified.

Compliance
1.

Compliance Monitoring Process
1.1.

Compliance Monitoring Responsibility
Balancing Authorities shall be prepared to supply data to NERC in the format defined
below:

1.2.

1.1.1.

Within one week upon request, Balancing Authorities shall provide NERC or
the Regional Reliability Organization CPS source data in daily CSV files with
time stamped one minute averages of: 1) ACE and 2) Frequency Error.

1.1.2.

Within one week upon request, Balancing Authorities shall provide NERC or
the Regional Reliability Organization DCS source data in CSV files with time
stamped scan rate values for: 1) ACE and 2) Frequency Error for a time
period of two minutes prior to thirty minutes after the identified Disturbance.

Compliance Monitoring Period and Reset Timeframe
Not specified.

1.3.

Data Retention
1.3.1.

Each Balancing Authority shall retain its ACE, actual frequency, Scheduled
Frequency, Net Actual Interchange, Net Scheduled Interchange, Tie Line
meter error correction and Frequency Bias Setting data in digital format at the
same scan rate at which the data is collected for at least one year.

1.3.2.

Each Balancing Authority or Reserve Sharing Group shall retain
documentation of the magnitude of each Reportable Disturbance as well as
the ACE charts and/or samples used to calculate Balancing Authority or
Page 3 of 6

Standard BAL-005-0.2b — Automatic Generation Control
Reserve Sharing Group disturbance recovery values. The data shall be
retained for one year following the reporting quarter for which the data was
recorded.
1.4.

Additional Compliance Information
Not specified.

Levels of Non-Compliance
Not specified.

Regional Differences
None identified.

Associated Documents
1.

Appendix 1  Interpretation of Requirement R17 (February 12, 2008).

Version History
Version

Date

Action

Change Tracking

February 8, 2005

Adopted by NERC Board of Trustees

New

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from Effective Date

Errata

December 19, 2007

Added Appendix 1 – Interpretation of R17
approved by BOT on May 2, 2007

Addition

January 16, 2008

Section F: added “1.”; changed hyphen to “en
dash.” Changed font style for “Appendix 1” to
Arial

Errata

February 12, 2008

Replaced Appendix 1 – Interpretation of R17
approved by BOT on February 12, 2008 (BOT
approved retirement of Interpretation included in
BAL-005-0a)

Replacement

0.1b

October 29, 2008

BOT approved errata changes; updated version
number to “0.1b”

Errata

0.1b

May 13, 2009

FERC approved – Updated Effective Date

Addition

0.2b

March 8, 2012

Errata adopted by Standards Committee; (replaced
Appendix 1 with the FERC-approved revised
interpretation of R17 and corrected standard
version referenced in Interpretation by changing
from “BAL-005-1” to “BAL-005-0)

Errata

0.2b

September 13, 2012

FERC approved – Updated Effective Date

Addition

0.2b

TBD

R2 and associated elements retired as part of the
Paragraph 81 project (Project 2013-02)

Page 4 of 6

Standard BAL-005-0.2b — Automatic Generation Control

Appendix 1
Effective Date: August 27, 2008 (U.S.)
Interpretation of BAL-005-0 Automatic Generation Control, R17
Request for Clarification received from PGE on July 31, 2007

PGE requests clarification regarding the measuring devices for which the requirement applies,
specifically clarification if the requirement applies to the following measuring devices:
•
•
•
•
•
•

Only equipment within the operations control room
Only equipment that provides values used to calculate AGC ACE
Only equipment that provides values to its SCADA system
Only equipment owned or operated by the BA
Only to new or replacement equipment
To all equipment that a BA owns or operates

BAL-005-0

R17. Each Balancing Authority shall at least annually check and calibrate its time error and frequency
devices against a common reference. The Balancing Authority shall adhere to the minimum values for
measuring devices as listed below:
Device

Accuracy

Digital frequency transducer

≤ 0.001 Hz

MW, MVAR, and voltage transducer

≤ 0.25% of full scale

Remote terminal unit

≤ 0.25% of full scale

Potential transformer

≤ 0.30% of full scale

Current transformer

≤ 0.50% of full scale

Existing Interpretation Approved by Board of Trustees May 2, 2007

BAL-005-0, Requirement 17 requires that the Balancing Authority check and calibrate its control room
time error and frequency devices against a common reference at least annually. The requirement to
“annually check and calibrate” does not address any devices outside of the operations control room.
The table represents the design accuracy of the listed devices. There is no requirement within the standard
to “annually check and calibrate” the devices listed in the table, unless they are included in the control
center time error and frequency devices.
Interpretation provided by NERC Frequency Task Force on September 7, 2007 and Revised on
November 16, 2007

As noted in the existing interpretation, BAL-005-0 Requirement 17 applies only to the time error and
frequency devices that provide, or in the case of back-up equipment may provide, input into the reporting
or compliance ACE equation or provide real-time time error or frequency information to the system
Page 5 of 6

Standard BAL-005-0.2b — Automatic Generation Control
operator. Frequency inputs from other sources that are for reference only are excluded. The time error and
frequency measurement devices may not necessarily be located in the system operations control room or
owned by the Balancing Authority; however the Balancing Authority has the responsibility for the
accuracy of the frequency and time error measurement devices. No other devices are included in R 17.
The other devices listed in the table at the end of R17 are for reference only and do not have any
mandatory calibration or accuracy requirements.
New or replacement equipment that provides the same functions noted above requires the same
calibrations. Some devices used for time error and frequency measurement cannot be calibrated as such.
In this case, these devices should be cross-checked against other properly calibrated equipment and
replaced if the devices do not meet the required level of accuracy.

Page 6 of 6

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

A. Introduction
1.

Title:

Cyber Security — Security Management Controls

Number:

CIP-003-3

Purpose:
Standard CIP-003-3 requires that Responsible Entities have minimum security
management controls in place to protect Critical Cyber Assets. Standard CIP-003-3 should be
read as part of a group of standards numbered Standards CIP-002-3 through CIP-009-3.

Applicability:
4.1. Within the text of Standard CIP-003-3, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-003-3:

4.2.1

Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets shall only be required to comply with CIP003-3 Requirement R2.

Effective Date: The first day of the third calendar quarter after applicable regulatory approvals
have been received (or the Reliability Standard otherwise becomes effective the first day of the
third calendar quarter after BOT adoption in those jurisdictions where regulatory approval is
not required).

B. Requirements
R1. Cyber Security Policy — The Responsible Entity shall document and implement a cyber
security policy that represents management’s commitment and ability to secure its Critical
Cyber Assets. The Responsible Entity shall, at minimum, ensure the following:
R1.1.

The cyber security policy addresses the requirements in Standards CIP-002-3 through
CIP-009-3, including provision for emergency situations.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R1.2.

The cyber security policy is readily available to all personnel who have access to, or are
responsible for, Critical Cyber Assets. (Retired)

R1.3.

Annual review and approval of the cyber security policy by the senior manager
assigned pursuant to R2.

R2. Leadership — The Responsible Entity shall assign a single senior manager with overall
responsibility and authority for leading and managing the entity’s implementation of, and
adherence to, Standards CIP-002-3 through CIP-009-3.
R2.1.

The senior manager shall be identified by name, title, and date of designation.

R2.2.

Changes to the senior manager must be documented within thirty calendar days of the
effective date.

R2.3.

Where allowed by Standards CIP-002-3 through CIP-009-3, the senior manager may
delegate authority for specific actions to a named delegate or delegates. These
delegations shall be documented in the same manner as R2.1 and R2.2, and approved
by the senior manager.

R2.4.

The senior manager or delegate(s), shall authorize and document any exception from
the requirements of the cyber security policy.

R3. Exceptions — Instances where the Responsible Entity cannot conform to its cyber security
policy must be documented as exceptions and authorized by the senior manager or delegate(s).
(Retired)
R3.1.

Exceptions to the Responsible Entity’s cyber security policy must be documented
within thirty days of being approved by the senior manager or delegate(s). (Retired)

R3.2.

Documented exceptions to the cyber security policy must include an explanation as to
why the exception is necessary and any compensating measures. (Retired)

R3.3.

Authorized exceptions to the cyber security policy must be reviewed and approved
annually by the senior manager or delegate(s) to ensure the exceptions are still
required and valid. Such review and approval shall be documented. (Retired)

R4. Information Protection — The Responsible Entity shall implement and document a program to
identify, classify, and protect information associated with Critical Cyber Assets.
R4.1.

The Critical Cyber Asset information to be protected shall include, at a minimum and
regardless of media type, operational procedures, lists as required in Standard CIP002-3, network topology or similar diagrams, floor plans of computing centers that
contain Critical Cyber Assets, equipment layouts of Critical Cyber Assets, disaster
recovery plans, incident response plans, and security configuration information.

R4.2.

The Responsible Entity shall classify information to be protected under this program
based on the sensitivity of the Critical Cyber Asset information. (Retired)

R4.3.

The Responsible Entity shall, at least annually, assess adherence to its Critical Cyber
Asset information protection program, document the assessment results, and
implement an action plan to remediate deficiencies identified during the assessment.

R5. Access Control — The Responsible Entity shall document and implement a program for
managing access to protected Critical Cyber Asset information.
R5.1.

The Responsible Entity shall maintain a list of designated personnel who are
responsible for authorizing logical or physical access to protected information.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R5.1.1.

Personnel shall be identified by name, title, and the information for which
they are responsible for authorizing access.

R5.1.2.

The list of personnel responsible for authorizing access to protected
information shall be verified at least annually.

R5.2.

The Responsible Entity shall review at least annually the access privileges to protected
information to confirm that access privileges are correct and that they correspond with
the Responsible Entity’s needs and appropriate personnel roles and responsibilities.

R5.3.

The Responsible Entity shall assess and document at least annually the processes for
controlling access privileges to protected information.

R6. Change Control and Configuration Management — The Responsible Entity shall establish and
document a process of change control and configuration management for adding, modifying,
replacing, or removing Critical Cyber Asset hardware or software, and implement supporting
configuration management activities to identify, control and document all entity or vendorrelated changes to hardware and software components of Critical Cyber Assets pursuant to the
change control process.
C. Measures
M1. The Responsible Entity shall make available documentation of its cyber security policy as
specified in Requirement R1. Additionally, the Responsible Entity shall demonstrate that the
cyber security policy is available as specified in Requirement R1.2. (R1.2 retired)
M2. The Responsible Entity shall make available documentation of the assignment of, and changes
to, its leadership as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of the exceptions, as specified in
Requirement R3. (Retired)
M4. The Responsible Entity shall make available documentation of its information protection
program as specified in Requirement R4.
M5. The Responsible Entity shall make available its access control documentation as specified in
Requirement R5.
M6. The Responsible Entity shall make available its change control and configuration management
documentation as specified in Requirement R6.
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.1.1

Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.

1.1.2

ERO for Regional Entity.

1.1.3

Third-party monitor without vested interest in the outcome for NERC.

1.2. Compliance Monitoring Period and Reset Time Frame
Not applicable.
1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

The Responsible Entity shall keep all documentation and records from the
previous full calendar year unless directed by its Compliance Enforcement
Authority to retain specific evidence for a longer period of time as part of an
investigation.

1.4.2

The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.

1.5. Additional Compliance Information
1.5.1
2.

None

Violation Severity Levels (To be developed later.)

E. Regional Variances
None identified.
Version History
Version

Date

Action

Modifications to clarify the requirements and to bring the
compliance elements into conformance with the latest
guidelines for developing compliance elements of
standards.
Removal of reasonable business judgment.
Replaced the RRO with the RE as a responsible entity.
Rewording of Effective Date.
Requirement R2 applies to all Responsible Entities,
including Responsible Entities which have no Critical
Cyber Assets.
Modified the personnel identification information
requirements in R5.1.1 to include name, title, and the
information for which they are responsible for
authorizing access (removed the business phone
information).
Changed compliance monitor to Compliance
Enforcement Authority.

Update version number from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

Change Tracking

Update

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

TBD

R1.2, R3, R3.1, R3.2, R3.3, and R4.2 and associated
elements retired as part of the Paragraph 81 project
(Project 2013-02)

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

A. Introduction
1.

Title:

Cyber Security — Security Management Controls

Number:

CIP-003-4

Purpose:
Standard CIP-003-4 requires that Responsible Entities have minimum security
management controls in place to protect Critical Cyber Assets. Standard CIP-003-4 should be
read as part of a group of standards numbered Standards CIP-002-4 through CIP-009-4.

Applicability:
4.1. Within the text of Standard CIP-003-4, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-003-4:

4.2.1

Facilities regulated by the Canadian Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54

4.2.4

Responsible Entities that, in compliance with Standard CIP-002-4, identify that
they have no Critical Cyber Assets shall only be required to comply with CIP003-4 Requirement R2.

Effective Date: The first day of the eighth calendar quarter after applicable regulatory
approvals have been received (or the Reliability Standard otherwise becomes effective the first
day of the ninth calendar quarter after BOT adoption in those jurisdictions where regulatory
approval is not required).

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R1.1.

The cyber security policy addresses the requirements in Standards CIP-002-4 through
CIP-009-4, including provision for emergency situations.

R1.2.

The cyber security policy is readily available to all personnel who have access to, or are
responsible for, Critical Cyber Assets. (Retired)

R1.3.

Annual review and approval of the cyber security policy by the senior manager
assigned pursuant to R2.

The senior manager shall be identified by name, title, and date of designation.

R2.2.

Changes to the senior manager must be documented within thirty calendar days of the
effective date.

R2.3.

Where allowed by Standards CIP-002-4 through CIP-009-4, the senior manager may
delegate authority for specific actions to a named delegate or delegates. These
delegations shall be documented in the same manner as R2.1 and R2.2, and approved
by the senior manager.

R2.4.

The senior manager or delegate(s), shall authorize and document any exception from
the requirements of the cyber security policy.

Exceptions to the Responsible Entity’s cyber security policy must be documented
within thirty days of being approved by the senior manager or delegate(s). (Retired)

R3.2.

Documented exceptions to the cyber security policy must include an explanation as to
why the exception is necessary and any compensating measures. (Retired)

R3.3.

R4. Information Protection — The Responsible Entity shall implement and document a program to
identify, classify, and protect information associated with Critical Cyber Assets.
R4.1.

The Critical Cyber Asset information to be protected shall include, at a minimum and
regardless of media type, operational procedures, lists as required in Standard CIP002-4, network topology or similar diagrams, floor plans of computing centers that
contain Critical Cyber Assets, equipment layouts of Critical Cyber Assets, disaster
recovery plans, incident response plans, and security configuration information.

R4.2.

The Responsible Entity shall classify information to be protected under this program
based on the sensitivity of the Critical Cyber Asset information. (Retired)

R4.3.

R5. Access Control — The Responsible Entity shall document and implement a program for
managing access to protected Critical Cyber Asset information.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R5.1.

The Responsible Entity shall maintain a list of designated personnel who are
responsible for authorizing logical or physical access to protected information.
R5.1.1.

Personnel shall be identified by name, title, and the information for which
they are responsible for authorizing access.

R5.1.2.

The list of personnel responsible for authorizing access to protected
information shall be verified at least annually.

R5.2.

R5.3.

The Responsible Entity shall assess and document at least annually the processes for
controlling access privileges to protected information.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1

For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement
Authority.

1.2.2

For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the
Compliance Enforcement Authority.

1.2.3

For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or
other applicable governmental authorities shall serve as the Compliance Enforcement Authority.

1.2.4

For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance
Enforcement Authority.

1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

The Responsible Entity shall keep all documentation and records from the previous full calendar year unless directed by
its Compliance Enforcement Authority to retain specific evidence for a longer period of time as part of an investigation.

1.4.2

The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all
requested and submitted subsequent audit records.

1.5. Additional Compliance Information
1.5.1
2.

None

Violation Severity Levels

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

R1.

MEDIUM

N/A

The Responsible Entity has documented but not
implemented a cyber security policy.

The Responsible Entity has not documented nor implemented a
cyber security policy.

R1.1.

LOWER

N/A

The Responsible Entity's cyber security policy does not address
all the requirements in Standards CIP-002-4 through CIP-009-4,
including provision for emergency situations.

R1.2.

LOWER

N/A

The Responsible Entity's cyber security policy is not readily
available to all personnel who have access to, or are responsible
for, Critical Cyber Assets.

R1.3

LOWER

N/A

The Responsible Entity's senior manager, assigned pursuant
to R2, annually reviewed but did not annually approve its
cyber security policy.

The Responsible Entity's senior manager, assigned pursuant to
R2, did not annually review nor approve its cyber security
policy.

R2.

LOWER

N/A

The Responsible Entity has not assigned a single senior manager
with overall responsibility and

(Retired)

authority for leading and managing the entity’s implementation
of, and adherence to, Standards CIP-002-4 through CIP-009-4.
R2.1.

LOWER

N/A

The senior manager is not identified by name, title, and date of
designation.

R2.2.

LOWER

Changes to the senior
manager were
documented in greater
than 30 but less than 60
days of the effective
date.

Changes to the senior manager
were documented in 60 or more
but less than 90 days of the
effective date.

Changes to the senior manager were documented in 90 or
more but less than 120 days of the effective date.

Changes to the senior manager were documented in 120 or more
days of the effective date.

R2.3.

LOWER

N/A

The identification of a senior manager’s delegate does not
include at least one of the following; name, title, or date of
the designation,

A senior manager’s delegate is not identified by name, title, and
date

delegating the authority is not approved by the senior manager;

The document is not approved by the senior manager,

AND

changes to the delegated authority are not documented within
thirty calendar days of the effective date.

Changes to the delegated authority are not documented

of designation; the document delegating the authority does not
identify the authority being delegated; the document

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

within thirty calendar days of the effective date.

R2.4

LOWER

N/A

The senior manager or delegate(s) did not authorize and
document any exceptions from the requirements of the cyber
security policy as required.

R3.

LOWER

N/A

In Instances where the Responsible Entity cannot conform to
its cyber security policy (pertaining to CIP 002 through CIP
009), exceptions were documented, but were not authorized
by the senior manager or delegate(s).

In Instances where the Responsible Entity cannot conform to its
cyber security policy (pertaining to CIP 002 through CIP 009),
exceptions were not documented, and were not authorized by the
senior manager or delegate(s).

LOWER

Exceptions to the
Responsible Entity’s
cyber security policy
were documented in
more than 30 but less
than 60 days of being
approved by the senior
manager or delegate(s).

Exceptions to the Responsible
Entity’s cyber security policy
were documented in 60 or more
but less than 90 days of being
approved by the senior manager
or delegate(s).

Exceptions to the Responsible Entity’s cyber security policy
were documented in 90 or more but less than 120 days of
being approved by the senior manager or delegate(s).

Exceptions to the Responsible Entity’s cyber security policy
were documented in 120 or more days of being approved by the
senior manager or delegate(s).

LOWER

N/A

The Responsible Entity has a documented exception to the
cyber

The Responsible Entity has a documented exception to the cyber

(Retired)

R3.1.
(Retired)

R3.2.
(Retired)

security policy (pertaining to CIP 002-4 through CIP 009-4)
but did not include either:
1) an explanation as to why the exception is necessary, or

security policy (pertaining to CIP 002-4 through CIP 009-4) but
did not include both:
1) an explanation as to why the exception is necessary, and
2) any compensating measures.

2) any compensating measures.
LOWER

N/A

Exceptions to the cyber security policy (pertaining to CIP
002-4 through CIP 009-4) were reviewed but not approved
annually by the senior manager or delegate(s) to ensure the
exceptions are still required and valid.

Exceptions to the cyber security policy (pertaining to CIP 002-4
through CIP 009-4) were not reviewed nor approved annually by
the senior manager or delegate(s) to ensure the exceptions are
still required and valid.

R4.

MEDIUM

N/A

The Responsible Entity
implemented but did not
document a program to identify,
classify, and protect information
associated with Critical Cyber
Assets.

The Responsible Entity documented but did not implement a
program to identify, classify, and protect information
associated with Critical Cyber Assets.

The Responsible Entity did not implement nor document a
program to identify, classify, and protect information associated
with Critical Cyber Assets.

R4.1.

MEDIUM

N/A

The information protection program does not include one of
the minimum information types to be protected as detailed in
R4.1.

The information protection program does not include two or
more of the minimum information types to be protected as
detailed in R4.1.

R3.3.
(Retired)

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement
R4.2.

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

LOWER

N/A

The Responsible Entity did not classify the information to be
protected under this program based on the sensitivity of the
Critical Cyber Asset information.

R4.3.

LOWER

N/A

The Responsible Entity annually
assessed adherence to its Critical
Cyber Asset information
protection program, documented
the assessment results, which
included deficiencies identified
during the assessment but did
not implement a remediation
plan.

The Responsible Entity annually assessed adherence to its
Critical Cyber Asset information protection program, did not
document the assessment results, and did not implement a
remediation plan.

The Responsible Entity did not annually, assess adherence to its
Critical Cyber Asset information protection program, document
the assessment results, nor implement an action plan to
remediate deficiencies identified during the assessment.

R5.

LOWER

N/A

The Responsible Entity
implemented but did not
document a program for
managing access to protected
Critical Cyber Asset
information.

The Responsible Entity documented but did not implement a
program for managing access to protected Critical Cyber
Asset information.

The Responsible Entity did not implement nor document a
program for managing access to protected Critical Cyber Asset
information.

R5.1.

LOWER

N/A

The Responsible Entity maintained a list of designated
personnel for authorizing either logical or physical access
but not both.

The Responsible Entity did not maintain a list of designated
personnel who are responsible for authorizing logical or physical
access to protected information.

R5.1.1.

LOWER

N/A

The Responsible Entity did identify the personnel by name
and title but did not identify the information for which they
are responsible for authorizing access.

The Responsible Entity did not identify the personnel by name
and title nor the information for which they are responsible for
authorizing access.

R5.1.2.

LOWER

N/A

The Responsible Entity did not verify at least annually the list of
personnel responsible for authorizing access to protected
information.

R5.2.

LOWER

N/A

The Responsible Entity did not review at least annually the
access privileges to protected information to confirm that access
privileges are correct and that they correspond with the
Responsible Entity’s needs and appropriate personnel roles and
responsibilities.

R5.3.

LOWER

N/A

The Responsible Entity did not assess and document at least
annually the processes for controlling access privileges to
protected information.

R6.

LOWER

The Responsible Entity
has established but not
documented a change

The Responsible Entity has
established but not documented
both a change control process
and configuration management

The Responsible Entity has not established and documented
a change control process

The Responsible Entity has not established and documented a
change control process

AND

(Retired)

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL
control process
OR

Moderate VSL
process.

High VSL

Severe VSL

The Responsible Entity has not established and documented
a configuration management process.

The Responsible Entity
has established but not
documented a
configuration
management process.

Regional Variances
None identified.

The Responsible Entity has not established and documented a
configuration management process.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Version History
Version Date

Action

Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing
compliance elements of standards.
Removal of reasonable business judgment.
Replaced the RRO with the RE as a responsible
entity.
Rewording of Effective Date.
Requirement R2 applies to all Responsible Entities,
including Responsible Entities which have no
Critical Cyber Assets.
Modified the personnel identification information
requirements in R5.1.1 to include name, title, and
the information for which they are responsible for
authorizing access (removed the business phone
information).
Changed compliance monitor to Compliance
Enforcement Authority.

Update version number from -2 to -3

Change
Tracking

12/16/09

Approved by the NERC Board of Trustees

Update

Board approved
01/24/2011

Update version number from “3” to “4”

Update to conform
to changes to CIP002-4 (Project
2008-06)

4/19/12

FERC Order issued approving CIP-003-4 (approval
becomes effective June 25, 2012)
Added approved VRF/VSL table to section D.2.

3, 4

TBD

R1.2, R3, R3.1, R3.2, R3.3, and R4.2 and
associated elements retired as part of the Paragraph
81 project (Project 2013-02)

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

A. Introduction
1.

Title:

Cyber Security — Electronic Security Perimeter(s)

Number:

CIP-005-3a

Purpose:
Standard CIP-005-3 requires the identification and protection of the Electronic
Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points
on the perimeter. Standard CIP-005-3 should be read as part of a group of standards numbered
Standards CIP-002-3 through CIP-009-3.

Applicability
4.1. Within the text of Standard CIP-005-3, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity
4.2. The following are exempt from Standard CIP-005-3:

4.2.1

Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets.

Effective Date: The first day of the third calendar quarter after applicable regulatory approvals
have been received (or the Reliability Standard otherwise becomes effective in those
jurisdictions where regulatory approval is not required).

B. Requirements
R1. Electronic Security Perimeter — The Responsible Entity shall ensure that every Critical Cyber
Asset resides within an Electronic Security Perimeter. The Responsible Entity shall identify and
document the Electronic Security Perimeter(s) and all access points to the perimeter(s).
R1.1.

Access points to the Electronic Security Perimeter(s) shall include any externally
connected communication end point (for example, dial-up modems) terminating at any
device within the Electronic Security Perimeter(s).

R1.2.

For a dial-up accessible Critical Cyber Asset that uses a non-routable protocol, the
Responsible Entity shall define an Electronic Security Perimeter for that single access
point at the dial-up device.

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R1.3.

Communication links connecting discrete Electronic Security Perimeters shall not be
considered part of the Electronic Security Perimeter. However, end points of these
communication links within the Electronic Security Perimeter(s) shall be considered
access points to the Electronic Security Perimeter(s).

R1.4.

Any non-critical Cyber Asset within a defined Electronic Security Perimeter shall be
identified and protected pursuant to the requirements of Standard CIP-005-3.

R1.5.

Cyber Assets used in the access control and/or monitoring of the Electronic Security
Perimeter(s) shall be afforded the protective measures as a specified in Standard CIP003-3; Standard CIP-004-3 Requirement R3; Standard CIP-005-3 Requirements R2
and R3; Standard CIP-006-3 Requirement R3; Standard CIP-007-3 Requirements R1
and R3 through R9; Standard CIP-008-3; and Standard CIP-009-3.

R1.6.

The Responsible Entity shall maintain documentation of Electronic Security
Perimeter(s), all interconnected Critical and non-critical Cyber Assets within the
Electronic Security Perimeter(s), all electronic access points to the Electronic Security
Perimeter(s) and the Cyber Assets deployed for the access control and monitoring of
these access points.

R2. Electronic Access Controls — The Responsible Entity shall implement and document the
organizational processes and technical and procedural mechanisms for control of electronic
access at all electronic access points to the Electronic Security Perimeter(s).
R2.1.

These processes and mechanisms shall use an access control model that denies access
by default, such that explicit access permissions must be specified.

R2.2.

At all access points to the Electronic Security Perimeter(s), the Responsible Entity shall
enable only ports and services required for operations and for monitoring Cyber Assets
within the Electronic Security Perimeter, and shall document, individually or by
specified grouping, the configuration of those ports and services.

R2.3.

The Responsible Entity shall implement and maintain a procedure for securing dial-up
access to the Electronic Security Perimeter(s).

R2.4.

Where external interactive access into the Electronic Security Perimeter has been
enabled, the Responsible Entity shall implement strong procedural or technical controls
at the access points to ensure authenticity of the accessing party, where technically
feasible.

R2.5.

The required documentation shall, at least, identify and describe:

R2.6.

R2.5.1.

The processes for access request and authorization.

R2.5.2.

The authentication methods.

R2.5.3.

The review process for authorization rights, in accordance with Standard
CIP-004-3 Requirement R4.

R2.5.4.

The controls used to secure dial-up accessible connections.

R3. Monitoring Electronic Access — The Responsible Entity shall implement and document an
electronic or manual process(es) for monitoring and logging access at access points to the
Electronic Security Perimeter(s) twenty-four hours a day, seven days a week.

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R3.1.

For dial-up accessible Critical Cyber Assets that use non-routable protocols, the
Responsible Entity shall implement and document monitoring process(es) at each
access point to the dial-up device, where technically feasible.

R3.2.

Where technically feasible, the security monitoring process(es) shall detect and alert for
attempts at or actual unauthorized accesses. These alerts shall provide for appropriate
notification to designated response personnel. Where alerting is not technically
feasible, the Responsible Entity shall review or otherwise assess access logs for
attempts at or actual unauthorized accesses at least every ninety calendar days.

R4. Cyber Vulnerability Assessment — The Responsible Entity shall perform a cyber vulnerability
assessment of the electronic access points to the Electronic Security Perimeter(s) at least
annually. The vulnerability assessment shall include, at a minimum, the following:
R4.1.

A document identifying the vulnerability assessment process;

R4.2.

A review to verify that only ports and services required for operations at these access
points are enabled;

R4.3.

The discovery of all access points to the Electronic Security Perimeter;

R4.4.

A review of controls for default accounts, passwords, and network management
community strings;

R4.5.

Documentation of the results of the assessment, the action plan to remediate or mitigate
vulnerabilities identified in the assessment, and the execution status of that action plan.

R5. Documentation Review and Maintenance — The Responsible Entity shall review, update, and
maintain all documentation to support compliance with the requirements of Standard CIP-0053.
R5.1.

The Responsible Entity shall ensure that all documentation required by Standard CIP005-3 reflect current configurations and processes and shall review the documents and
procedures referenced in Standard CIP-005-3 at least annually.

R5.2.

The Responsible Entity shall update the documentation to reflect the modification of
the network or controls within ninety calendar days of the change.

R5.3.

The Responsible Entity shall retain electronic access logs for at least ninety calendar
days. Logs related to reportable incidents shall be kept in accordance with the
requirements of Standard CIP-008-3.

C. Measures
M1. The Responsible Entity shall make available documentation about the Electronic Security
Perimeter as specified in Requirement R1.
M2. The Responsible Entity shall make available documentation of the electronic access controls to
the Electronic Security Perimeter(s), as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of controls implemented to log and
monitor access to the Electronic Security Perimeter(s) as specified in Requirement R3.
M4. The Responsible Entity shall make available documentation of its annual vulnerability
assessment as specified in Requirement R4.
M5. The Responsible Entity shall make available access logs and documentation of review, changes,
and log retention as specified in Requirement R5.
D. Compliance
1.

Compliance Monitoring Process
3

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

1.1. Compliance Enforcement Authority
1.1.1

Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.

1.1.2

ERO for Regional Entity.

1.1.3

Third-party monitor without vested interest in the outcome for NERC.

1.2. Compliance Monitoring Period and Reset Time Frame
Not applicable.
1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

The Responsible Entity shall keep logs for a minimum of ninety calendar days,
unless: a) longer retention is required pursuant to Standard CIP-008-3,
Requirement R2; b) directed by its Compliance Enforcement Authority to retain
specific evidence for a longer period of time as part of an investigation.

1.4.2

The Responsible Entity shall keep other documents and records required by
Standard CIP-005-3 from the previous full calendar year.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.

1.5. Additional Compliance Information
2.

Violation Severity Levels (To be developed later.)

E. Regional Variances
None identified.
Version History
Version
1
2

Date

Action

Change Tracking

01/16/06

D.2.3.1 — Change “Critical Assets,” to “Critical Cyber Assets”
as intended.

03/24/06

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

shall “implement and maintain” a procedure for securing dial-up
access to the Electronic Security Perimeter(s).
Changed compliance monitor to Compliance Enforcement
Authority.
3

Update version from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

Update

02/16/10

Added Appendix 1 – Interpretation of R1.3 approved by BOT
on February 16, 2010

Interpretation

02/02/11

Approved by FERC

TBD

R2.6 and associated elements retired as part of the Paragraph 81
project (Project 2013-02)

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Appendix 1
Requirement Number and Text of Requirement
Section 4.2.2 Cyber Assets associated with communication networks and data communication links
between discrete Electronic Security Perimeters.
Requirement R1.3 Communication links connecting discrete Electronic Security Perimeters shall not
be considered part of the Electronic Security Perimeter. However, end points of these communication
links within the Electronic Security Perimeter(s) shall be considered access points to the Electronic
Security Perimeter(s).
Question 1 (Section 4.2.2)
What kind of cyber assets are referenced in 4.2.2 as "associated"? What else could be meant except the
devices forming the communication link?
Response to Question 1
In the context of applicability, associated Cyber Assets refer to any communications devices external
to the Electronic Security Perimeter, i.e., beyond the point at which access to the Electronic Security
Perimeter is controlled. Devices controlling access into the Electronic Security Perimeter are not
exempt.
Question 2 (Section 4.2.2)
Is the communication link physical or logical? Where does it begin and terminate?
Response to Question 2
The drafting team interprets the data communication link to be physical or logical, and its termination
points depend upon the design and architecture of the communication link.
Question 3 (Requirement R1.3)
Please clarify what is meant by an “endpoint”? Is it physical termination? Logical termination of OSI
layer 2, layer 3, or above?
Response to Question 3
The drafting team interprets the endpoint to mean the device at which a physical or logical
communication link terminates. The endpoint is the Electronic Security Perimeter access point if
access into the Electronic Security Perimeter is controlled at the endpoint, irrespective of which Open
Systems Interconnection (OSI) layer is managing the communication.
Question 4 (Requirement R1.3)
If “endpoint” is defined as logical and refers to layer 3 and above, please clarify if the termination
points of an encrypted tunnel (layer 3) must be treated as an “access point? If two control centers are
owned and managed by the same entity, connected via an encrypted link by properly applied Federal
6

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Information Processing Standards, with tunnel termination points that are within the control center
ESPs and PSPs and do not terminate on the firewall but on a separate internal device, and the
encrypted traffic already passes through a firewall access point at each ESP boundary where
port/protocol restrictions are applied, must these encrypted communication tunnel termination points
be treated as "access points" in addition to the firewalls through which the encrypted traffic has already
passed?
Response to Question 4
In the case where the “endpoint” is defined as logical and is >= layer 3, the termination points of an
encrypted tunnel must be treated as an “access point.” The encrypted communication tunnel
termination points referred to above are “access points.”

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Introduction
1.

Title:

Cyber Security — Electronic Security Perimeter(s)

Number:

CIP-005-4a

Purpose:
Standard CIP-005-4a requires the identification and protection of the Electronic
Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points
on the perimeter. Standard CIP-005-4a should be read as part of a group of standards numbered
Standards CIP-002-4 through CIP-009-4.

Applicability
4.1. Within the text of Standard CIP-005-4a, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity
4.2. The following are exempt from Standard CIP-005-4a:

4.2.1

Facilities regulated by the Canadian Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-4, identify that
they have no Critical Cyber Assets.

4.2.4

In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54.

Effective Date: The first day of the eighth calendar quarter after applicable regulatory
approvals have been received (or the Reliability Standard otherwise becomes effective the
first day of the ninth calendar quarter after BOT adoption in those jurisdictions where
regulatory approval is not required).

Requirements
R1. Electronic Security Perimeter — The Responsible Entity shall ensure that every Critical Cyber
Asset resides within an Electronic Security Perimeter. The Responsible Entity shall identify and
document the Electronic Security Perimeter(s) and all access points to the perimeter(s).
R1.1.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R1.2.

R1.3.

R1.4.

Any non-critical Cyber Asset within a defined Electronic Security Perimeter shall be
identified and protected pursuant to the requirements of Standard CIP-005-4a.

R1.5.

Cyber Assets used in the access control and/or monitoring of the Electronic Security
Perimeter(s) shall be afforded the protective measures as a specified in Standard CIP003-4; Standard CIP-004-4 Requirement R3; Standard CIP-005-4a Requirements R2
and R3; Standard CIP-006-4c Requirement R3; Standard CIP-007-4 Requirements R1
and R3 through R9; Standard CIP-008-4; and Standard CIP-009-4.

R1.6.

These processes and mechanisms shall use an access control model that denies access
by default, such that explicit access permissions must be specified.

R2.2.

R2.3.

The Responsible Entity shall implement and maintain a procedure for securing dial-up
access to the Electronic Security Perimeter(s).

R2.4.

R2.5.

The required documentation shall, at least, identify and describe:

R2.6.

R2.5.1.

The processes for access request and authorization.

R2.5.2.

The authentication methods.

R2.5.3.

The review process for authorization rights, in accordance with Standard
CIP-004-4 Requirement R4.

R2.5.4.

The controls used to secure dial-up accessible connections.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R3.2.

A document identifying the vulnerability assessment process;

R4.2.

A review to verify that only ports and services required for operations at these access
points are enabled;

R4.3.

The discovery of all access points to the Electronic Security Perimeter;

R4.4.

A review of controls for default accounts, passwords, and network management
community strings;

R4.5.

Documentation of the results of the assessment, the action plan to remediate or mitigate
vulnerabilities identified in the assessment, and the execution status of that action plan.

R5. Documentation Review and Maintenance — The Responsible Entity shall review, update, and
maintain all documentation to support compliance with the requirements of Standard CIP-0054a.

R5.1.

The Responsible Entity shall ensure that all documentation required by Standard CIP005-4a reflect current configurations and processes and shall review the documents and
procedures referenced in Standard CIP-005-4a at least annually.

R5.2.

The Responsible Entity shall update the documentation to reflect the modification of
the network or controls within ninety calendar days of the change.

R5.3.

Measures
M1. The Responsible Entity shall make available documentation about the Electronic Security
Perimeter as specified in Requirement R1.
M2. The Responsible Entity shall make available documentation of the electronic access controls to
the Electronic Security Perimeter(s), as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of controls implemented to log and
monitor access to the Electronic Security Perimeter(s) as specified in Requirement R3.
M4. The Responsible Entity shall make available documentation of its annual vulnerability
assessment as specified in Requirement R4.
M5. The Responsible Entity shall make available access logs and documentation of review, changes,
and log retention as specified in Requirement R5.
3

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1

For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement Authority.

1.2.1

For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the Compliance
Enforcement Authority.

1.2.1

For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other applicable
governmental authorities shall serve as the Compliance Enforcement Authority.

1.2.2

For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance Enforcement
Authority.

1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

The Responsible Entity shall keep logs for a minimum of ninety calendar days, unless: a) longer retention is required pursuant to Standard
CIP-008-4, Requirement R2; b) directed by its Compliance Enforcement Authority to retain specific evidence for a longer period of time
as part of an investigation.

1.4.2

The Responsible Entity shall keep other documents and records required by Standard CIP-005-4a from the previous full calendar year.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all requested and
submitted subsequent audit records.

1.5. Additional Compliance Information
2.

Violation Severity Levels
4

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement
R1.

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

MEDIUM

The Responsible Entity
did not document one
or more access points
to the Electronic
Security Perimeter(s).

The Responsible Entity
identified but did not document
one or more Electronic Security
Perimeter(s).

The Responsible Entity did not ensure that one or more of
the Critical Cyber Assets resides within an Electronic
Security Perimeter.

The Responsible Entity did not ensure that one or more Critical
Cyber Assets resides within an Electronic Security Perimeter,
and the Responsible Entity did not identify and document the
Electronic Security Perimeter(s) and all access points to the
perimeter(s) for all Critical Cyber Assets.

OR
The Responsible Entity did not identify nor document one
or more Electronic Security Perimeter(s).

R1.1.

MEDIUM

N/A

Access points to the Electronic Security Perimeter(s) do not
include all externally connected communication end point (for
example, dial-up modems) terminating at any device within the
Electronic Security Perimeter(s).

R1.2.

MEDIUM

N/A

For one or more dial-up accessible Critical Cyber Assets that
use a non-routable protocol, the Responsible Entity did not
define an Electronic Security Perimeter for that single access
point at the dial-up device.

R1.3.

MEDIUM

N/A

At least one end point of a communication link within the
Electronic Security Perimeter(s) connecting discrete Electronic
Security Perimeters was not considered an access point to the
Electronic Security Perimeter.

R1.4.

MEDIUM

N/A

One or more non-critical Cyber
Asset within a defined
Electronic Security Perimeter is
not identified but is protected
pursuant to the requirements of
Standard CIP-005.

One or more non-critical Cyber Asset within a defined
Electronic Security Perimeter is identified but not
protected pursuant to the requirements of Standard CIP005.

One or more non-critical Cyber Asset within a defined
Electronic Security Perimeter is not identified and is not
protected pursuant to the requirements of Standard CIP-005.

R1.5.

MEDIUM

A Cyber Asset used in
the access

A Cyber Asset used in the
access

A Cyber Asset used in the access

control and/or monitoring of the

control and/or
monitoring of the

control and/or monitoring of
the

Electronic Security Perimeter(s) is

Electronic Security
Perimeter(s) is

provided with all but three (3) of

provided without four (4) or

the protective measures as

more of the protective measures as
specified in Standard CIP-003-4;

provided with all but
one (1) of

provided with all but two (2) of

specified in Standard CIP-003-4;

the protective measures as

Standard CIP-004-4 Requirement

the protective measures
as

specified in Standard CIP-0034;

R3; Standard CIP-005-4

Requirements R2 and R3;

specified in Standard
CIP-003-4;

Standard CIP-004-4
Requirement

Standard CIP-006-4

R3; Standard CIP-005-4

Requirement R3; Standard CIP-007-4 Requirements R1
and R3

Requirement R3; Standard CIP-007-4 Requirements R1 and
R3

Requirements R2 and R3;

through R9; Standard CIP-008-4;

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL
R3; Standard CIP-0054
Requirements R2 and
R3;
Standard CIP-006-4
Requirement R3;
Standard CIP-007-4
Requirements R1 and
R3

Moderate VSL
Standard CIP-006-4

High VSL

Severe VSL

and Standard CIP-009-4.

Requirement R3; Standard CIP007-4 Requirements R1 and R3
through R9; Standard CIP-0084;
and Standard CIP-009-4.

through R9; Standard
CIP-008-4;
and Standard CIP-0094.
R1.6.

LOWER

N/A

The Responsible Entity did not maintain documentation of
one of the following: Electronic Security Perimeter(s),
interconnected Critical and non-critical Cyber Assets
within the Electronic Security Perimeter(s), electronic
access point to the Electronic Security Perimeter(s) or
Cyber Asset deployed for the access control and
monitoring of these access points.

The Responsible Entity did not maintain documentation of two
or more of the following: Electronic Security Perimeter(s),
interconnected Critical and non-critical Cyber Assets within
the Electronic Security Perimeter(s), electronic access points to
the Electronic Security Perimeter(s) and Cyber Assets
deployed for the access control and monitoring of these access
points.

R2.

MEDIUM

N/A

The Responsible Entity
implemented but did not
document the organizational
processes and technical and
procedural mechanisms for
control of electronic access at
all electronic access points to
the Electronic Security
Perimeter(s).

The Responsible Entity documented but did not implement
the organizational processes and technical and procedural
mechanisms for control of electronic access at all
electronic access points to the Electronic Security
Perimeter(s).

The Responsible Entity did not implement nor document the
organizational processes and technical and procedural
mechanisms for control of electronic access at all electronic
access points to the Electronic Security Perimeter(s).

R2.1.

MEDIUM

N/A

The processes and mechanisms did not use an access control
model that denies access by default, such that explicit access
permissions must be specified.

R2.2.

MEDIUM

N/A

At one or more access points to
the Electronic Security
Perimeter(s), the Responsible
Entity did not document,
individually or by specified
grouping, the configuration of
those ports and services
required for operation and for
monitoring Cyber Assets within
the Electronic Security

At one or more access points to the Electronic Security
Perimeter(s), the Responsible Entity enabled ports and
services not required for operations and for monitoring
Cyber Assets within the Electronic Security Perimeter but
did document, individually or by specified grouping, the
configuration of those ports and services.

At one or more access points to the Electronic Security
Perimeter(s), the Responsible Entity enabled ports and services
not required for operations and for monitoring Cyber Assets
within the Electronic Security Perimeter, and did not
document, individually or by specified grouping, the
configuration of those ports and services.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

Perimeter.

R2.3.

MEDIUM

N/A

The Responsible Entity did

The Responsible Entity did not

implement but did not maintain a

implement nor maintain a

procedure for securing dial-up

access to the Electronic Security

Perimeter(s) where applicable.

R2.4.

MEDIUM

N/A

Where external interactive access into the Electronic Security
Perimeter has been enabled the Responsible Entity did not
implement strong procedural or technical controls at the access
points to ensure authenticity of the accessing party, where
technically feasible.

R2.5.

LOWER

The required
documentation for R2
did not include one of
the elements described
in R2.5.1 through
R2.5.4

The required documentation for
R2 did not include two of the
elements described in R2.5.1
through R2.5.4

The required documentation for R2 did not include three of
the elements described in R2.5.1 through R2.5.4

The required documentation for R2 did not include any of the
elements described in R2.5.1 through R2.5.4

R2.5.1.

LOWER

N/A

R2.5.2.

LOWER

N/A

R2.5.3.

LOWER

N/A

R2.5.4.

LOWER

N/A

R2.6.

LOWER

The Responsible Entity
did not maintain a
document identifying
the content of the
banner.

Where technically feasible 5%
but less than 10% of electronic
access control devices did not
display an appropriate use
banner on the user screen upon
all interactive access attempts.

Where technically feasible 10% but less than 15% of
electronic access control devices did not display an
appropriate use banner on the user screen upon all
interactive access attempts.

Where technically feasible, 15% or more electronic access
control devices did not display an appropriate use banner on
the user screen upon all interactive access attempts.

(Retired)

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

Where technically
feasible less than 5%
electronic access
control devices did not
display an appropriate
use banner on the user
screen upon all
interactive access
attempts.
R3.

MEDIUM

The Responsible Entity
did not document the
electronic or manual
processes for
monitoring and logging
access to access points.

The Responsible Entity did not
implement electronic or manual
processes monitoring and
logging at 5% or more but less
than 10% of the access points.

The Responsible Entity did not implement electronic or
manual processes monitoring and logging at 10% or more
but less than 15 % of the access points.

The Responsible Entity did not implement electronic or
manual processes monitoring and logging at 15% or more of
the access points.

Where technically feasible, the
Responsible Entity did not
implement electronic or manual
processes for monitoring at 5%
or more but less than 10% of
the access points to dial-up
devices.

Where technically feasible, the Responsible Entity did not
implement electronic or manual processes for monitoring
at 10% or more but less than 15% of the access points to
dial-up devices.

Where technically feasible, the Responsible Entity did not
implement electronic or manual processes for monitoring at
15% or more of the access points to dial-up devices.

N/A

Where technically feasible, the Responsible Entity
implemented security monitoring process(es) to detect and
alert for attempts at or actual unauthorized accesses,
however the alerts do not provide for appropriate

Where technically feasible, the Responsible Entity did not
implement security monitoring process(es) to detect and alert
for attempts at or actual unauthorized accesses.

OR
The Responsible Entity
did not implement
electronic or manual
processes monitoring
and logging at less than
5% of the access
points.
R3.1.

MEDIUM

The Responsible Entity
did not document the
electronic or manual
processes for
monitoring access
points to dial-up
devices.
OR
Where technically
feasible, the
Responsible Entity did
not implement
electronic or manual
processes for
monitoring at less than
5% of the access points
to dial-up devices.

R3.2.

MEDIUM

N/A

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

R4.

VRF

MEDIUM

Lower VSL

Moderate VSL

High VSL

Severe VSL

notification to designated response personnel.

Where alerting is not technically feasible, the Responsible
Entity did not review or otherwise assess access logs for
attempts at or actual unauthorized accesses at least every
ninety calendar days
The Responsible Entity did not perform a Vulnerability
Assessment at least annually for 15% or more of access points
to the Electronic Security Perimeter(s).

The Responsible Entity
did not perform a
Vulnerability
Assessment at least
annually for less than
5% of access points to
the Electronic Security
Perimeter(s).

The Responsible Entity did not
perform a Vulnerability
Assessment at least annually
for 5% or more but less than
10% of access points to the
Electronic Security
Perimeter(s).

The Responsible Entity did not perform a Vulnerability
Assessment at least annually for 10% or more but less than
15% of access points to the Electronic Security
Perimeter(s).

OR
The vulnerability assessment did not include one (1) or more
of the subrequirements R 4.1, R4.2, R4.3, R4.4, R4.5.

R4.1.

LOWER

N/A

R4.2.

MEDIUM

N/A

R4.3.

MEDIUM

N/A

R4.4.

MEDIUM

N/A

R4.5.

MEDIUM

N/A

R5.

LOWER

The Responsible Entity
did not review, update,
and maintain at least
one but less than or
equal to 5% of the
documentation to
support compliance
with the requirements
of Standard CIP-005-4.

The Responsible Entity did not
review, update, and maintain
greater than 5% but less than or
equal to 10% of the
documentation to support
compliance with the
requirements of Standard CIP005-4.

The Responsible Entity did not review, update, and
maintain greater than 10% but less than or equal to 15% of
the documentation to support compliance with the
requirements of Standard CIP-005-4.

The Responsible Entity did not review, update, and maintain
greater than 15% of the documentation to support compliance
with the requirements of Standard CIP-005-4.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

R5.1.

LOWER

N/A

The Responsible Entity did not
provide evidence of an annual
review of the documents and
procedures referenced in
Standard CIP-005-4.

The Responsible Entity did not document current
configurations and processes referenced in Standard CIP005-4.

The Responsible Entity did not document current
configurations and processes and did not review the documents
and procedures referenced in Standard CIP-005-4 at least
annually.

R5.2.

LOWER

For less than 5% of the
applicable changes, the
Responsible Entity did
not update the
documentation to
reflect the modification
of the network or
controls within ninety
calendar days of the
change.

For 5% or more but less than
10% of the applicable changes,
the Responsible Entity did not
update the documentation to
reflect the modification of the
network or controls within
ninety calendar days of the
change.

For 10% or more but less than 15% of the applicable
changes, the Responsible Entity did not update the
documentation to reflect the modification of the network or
controls within ninety calendar days of the change.

For 15% or more of the applicable changes, the Responsible
Entity did not update the documentation to reflect the
modification of the network or controls within ninety calendar
days of the change.

R5.3.

LOWER

The Responsible Entity
retained electronic
access logs for 75 or
more calendar days, but
for less than 90
calendar days.

The Responsible Entity retained
electronic access logs for 60 or
more calendar days, but for less
than 75 calendar days.

The Responsible Entity retained electronic access logs for
45 or more calendar days , but for less than 60 calendar
days.

The Responsible Entity retained electronic access logs for less
than 45 calendar days.

Regional Variances
None identified.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Version History
Version

Date

Action

Change Tracking

01/16/06

D.2.3.1 — Change “Critical Assets,” to
“Critical Cyber Assets” as intended.

03/24/06

Approved by
NERC Board of
Trustees 5/6/09

Modifications to clarify the requirements
and to bring the compliance elements into
conformance with the latest guidelines for
developing compliance elements of
standards.
Removal of reasonable business judgment.
Replaced the RRO with the RE as a
responsible entity.
Rewording of Effective Date.
Revised the wording of the Electronic
Access Controls requirement stated in R2.3
to clarify that the Responsible Entity shall
“implement and maintain” a procedure for
securing dial-up access to the Electronic
Security Perimeter(s).
Changed compliance monitor to
Compliance Enforcement Authority.

Revised.

12/16/09

Changed CIP-005-2 to CIP-005-3.
Changed all references to CIP Version “2”
standards to CIP Version “3” standards.
For Violation Severity Levels, changed, “To
be developed later” to “Developed
separately.”

Conforming revisions for
FERC Order on CIP V2
Standards (9/30/2009)

02/16/10

Added Appendix 1 — Interpretation of R1.3
approved by BOT on February 16, 2010

Addition

01/24/11

Adopted by the NERC Board of Trustees

Update to conform to
changes to CIP-002-4
(Project 2008-06)
Update version number
from “3” to “4a”

4/19/12

FERC Order issued approving CIP-005-4a
(approval becomes effective June 25, 2012)
Added approved VRF/VSL table to section
D.2.

3a, 4a

TBD

R2.6 and associated elements retired as part
of the Paragraph 81 project (Project 201302)
11

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

owned and managed by the same entity, connected via an encrypted link by properly applied Federal
Information Processing Standards, with tunnel termination points that are within the control center
ESPs and PSPs and do not terminate on the firewall but on a separate internal device, and the
encrypted traffic already passes through a firewall access point at each ESP boundary where
port/protocol restrictions are applied, must these encrypted communication tunnel termination points
be treated as "access points" in addition to the firewalls through which the encrypted traffic has already
passed?
Response to Question 4
In the case where the “endpoint” is defined as logical and is >= layer 3, the termination points of an
encrypted tunnel must be treated as an “access point.” The encrypted communication tunnel
termination points referred to above are “access points.”

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

A. Introduction
1.

Title:

Cyber Security — Systems Security Management

Number:

CIP-007-3

Purpose:
Standard CIP-007-3 requires Responsible Entities to define methods, processes,
and procedures for securing those systems determined to be Critical Cyber Assets, as well as
the other (non-critical) Cyber Assets within the Electronic Security Perimeter(s). Standard
CIP-007-3 should be read as part of a group of standards numbered Standards CIP-002-3
through CIP-009-3.

Applicability:
4.1. Within the text of Standard CIP-007-3, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-007-3:

4.2.1

Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets.

B. Requirements
R1.

Test Procedures — The Responsible Entity shall ensure that new Cyber Assets and significant
changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely
affect existing cyber security controls. For purposes of Standard CIP-007-3, a significant
change shall, at a minimum, include implementation of security patches, cumulative service
packs, vendor releases, and version upgrades of operating systems, applications, database
platforms, or other third-party software or firmware.
R1.1.

The Responsible Entity shall create, implement, and maintain cyber security test
procedures in a manner that minimizes adverse effects on the production system or its
operation.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R2.

R3.

R4.

R5.

R1.2.

The Responsible Entity shall document that testing is performed in a manner that
reflects the production environment.

R1.3.

The Responsible Entity shall document test results.

Ports and Services — The Responsible Entity shall establish, document and implement a
process to ensure that only those ports and services required for normal and emergency
operations are enabled.
R2.1.

The Responsible Entity shall enable only those ports and services required for normal
and emergency operations.

R2.2.

The Responsible Entity shall disable other ports and services, including those used for
testing purposes, prior to production use of all Cyber Assets inside the Electronic
Security Perimeter(s).

R2.3.

In the case where unused ports and services cannot be disabled due to technical
limitations, the Responsible Entity shall document compensating measure(s) applied
to mitigate risk exposure.

Security Patch Management — The Responsible Entity, either separately or as a component of
the documented configuration management process specified in CIP-003-3 Requirement R6,
shall establish, document and implement a security patch management program for tracking,
evaluating, testing, and installing applicable cyber security software patches for all Cyber
Assets within the Electronic Security Perimeter(s).
R3.1.

The Responsible Entity shall document the assessment of security patches and
security upgrades for applicability within thirty calendar days of availability of the
patches or upgrades.

R3.2.

The Responsible Entity shall document the implementation of security patches. In
any case where the patch is not installed, the Responsible Entity shall document
compensating measure(s) applied to mitigate risk exposure.

Malicious Software Prevention — The Responsible Entity shall use anti-virus software and
other malicious software (“malware”) prevention tools, where technically feasible, to detect,
prevent, deter, and mitigate the introduction, exposure, and propagation of malware on all
Cyber Assets within the Electronic Security Perimeter(s).
R4.1.

The Responsible Entity shall document and implement anti-virus and malware
prevention tools. In the case where anti-virus software and malware prevention tools
are not installed, the Responsible Entity shall document compensating measure(s)
applied to mitigate risk exposure.

R4.2.

The Responsible Entity shall document and implement a process for the update of
anti-virus and malware prevention “signatures.” The process must address testing and
installing the signatures.

Account Management — The Responsible Entity shall establish, implement, and document
technical and procedural controls that enforce access authentication of, and accountability for,
all user activity, and that minimize the risk of unauthorized system access.
R5.1.

The Responsible Entity shall ensure that individual and shared system accounts and
authorized access permissions are consistent with the concept of “need to know” with
respect to work functions performed.
R5.1.1. The Responsible Entity shall ensure that user accounts are implemented as
approved by designated personnel. Refer to Standard CIP-003-3
Requirement R5.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R5.1.2. The Responsible Entity shall establish methods, processes, and procedures
that generate logs of sufficient detail to create historical audit trails of
individual user account access activity for a minimum of ninety days.
R5.1.3. The Responsible Entity shall review, at least annually, user accounts to
verify access privileges are in accordance with Standard CIP-003-3
Requirement R5 and Standard CIP-004-3 Requirement R4.
R5.2.

The Responsible Entity shall implement a policy to minimize and manage the scope
and acceptable use of administrator, shared, and other generic account privileges
including factory default accounts.
R5.2.1. The policy shall include the removal, disabling, or renaming of such
accounts where possible. For such accounts that must remain enabled,
passwords shall be changed prior to putting any system into service.
R5.2.2. The Responsible Entity shall identify those individuals with access to shared
accounts.
R5.2.3. Where such accounts must be shared, the Responsible Entity shall have a
policy for managing the use of such accounts that limits access to only those
with authorization, an audit trail of the account use (automated or manual),
and steps for securing the account in the event of personnel changes (for
example, change in assignment or termination).

R5.3.

At a minimum, the Responsible Entity shall require and use passwords, subject to the
following, as technically feasible:
R5.3.1. Each password shall be a minimum of six characters.
R5.3.2. Each password shall consist of a combination of alpha, numeric, and
“special” characters.
R5.3.3. Each password shall be changed at least annually, or more frequently based
on risk.

R6.

R7.

Security Status Monitoring — The Responsible Entity shall ensure that all Cyber Assets within
the Electronic Security Perimeter, as technically feasible, implement automated tools or
organizational process controls to monitor system events that are related to cyber security.
R6.1.

The Responsible Entity shall implement and document the organizational processes
and technical and procedural mechanisms for monitoring for security events on all
Cyber Assets within the Electronic Security Perimeter.

R6.2.

The security monitoring controls shall issue automated or manual alerts for detected
Cyber Security Incidents.

R6.3.

The Responsible Entity shall maintain logs of system events related to cyber security,
where technically feasible, to support incident response as required in Standard CIP008-3.

R6.4.

The Responsible Entity shall retain all logs specified in Requirement R6 for ninety
calendar days.

R6.5.

The Responsible Entity shall review logs of system events related to cyber security
and maintain records documenting review of logs.

Disposal or Redeployment — The Responsible Entity shall establish and implement formal
methods, processes, and procedures for disposal or redeployment of Cyber Assets within the
Electronic Security Perimeter(s) as identified and documented in Standard CIP-005-3.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R8.

R9.

R7.1.

Prior to the disposal of such assets, the Responsible Entity shall destroy or erase the
data storage media to prevent unauthorized retrieval of sensitive cyber security or
reliability data.

R7.2.

Prior to redeployment of such assets, the Responsible Entity shall, at a minimum,
erase the data storage media to prevent unauthorized retrieval of sensitive cyber
security or reliability data.

R7.3.

The Responsible Entity shall maintain records that such assets were disposed of or
redeployed in accordance with documented procedures. (Retired)

Cyber Vulnerability Assessment — The Responsible Entity shall perform a cyber vulnerability
assessment of all Cyber Assets within the Electronic Security Perimeter at least annually. The
vulnerability assessment shall include, at a minimum, the following:
R8.1.
R8.2.

A document identifying the vulnerability assessment process;
A review to verify that only ports and services required for operation of the Cyber
Assets within the Electronic Security Perimeter are enabled;

R8.3.
R8.4.

A review of controls for default accounts; and,
Documentation of the results of the assessment, the action plan to remediate or
mitigate vulnerabilities identified in the assessment, and the execution status of that
action plan.

Documentation Review and Maintenance — The Responsible Entity shall review and update
the documentation specified in Standard CIP-007-3 at least annually. Changes resulting from
modifications to the systems or controls shall be documented within thirty calendar days of the
change being completed.

C. Measures
M1. The Responsible Entity shall make available documentation of its security test procedures as
specified in Requirement R1.
M2. The Responsible Entity shall make available documentation as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation and records of its security patch
management program, as specified in Requirement R3.
M4. The Responsible Entity shall make available documentation and records of its malicious
software prevention program as specified in Requirement R4.
M5. The Responsible Entity shall make available documentation and records of its account
management program as specified in Requirement R5.
M6. The Responsible Entity shall make available documentation and records of its security status
monitoring program as specified in Requirement R6.
M7. The Responsible Entity shall make available documentation and records of its program for the
disposal or redeployment of Cyber Assets as specified in Requirement R7.
M8. The Responsible Entity shall make available documentation and records of its annual
vulnerability assessment of all Cyber Assets within the Electronic Security Perimeters(s) as
specified in Requirement R8.
M9. The Responsible Entity shall make available documentation and records demonstrating the
review and update as specified in Requirement R9.
D. Compliance
1.

Compliance Monitoring Process

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

1.1. Compliance Enforcement Authority
1.1.1

Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.

1.1.2

ERO for Regional Entity.

1.1.3

Third-party monitor without vested interest in the outcome for NERC.

1.4.2

The Responsible Entity shall retain security–related system event logs for ninety
calendar days, unless longer retention is required pursuant to Standard CIP-008-3
Requirement R2.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.

1.5. Additional Compliance Information.
2.

Violation Severity Levels (To be developed later.)

E. Regional Variances
None identified.
Version History
Version
2

Date

Action

Change Tracking

Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing compliance
elements of standards.
Removal of reasonable business judgment and
acceptance of risk.
Revised the Purpose of this standard to clarify that
Standard CIP-007-2 requires Responsible Entities to
define methods, processes, and procedures for
securing Cyber Assets and other (non-Critical)

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

Assets within an Electronic Security Perimeter.
Replaced the RRO with the RE as a responsible
entity.
Rewording of Effective Date.
R9 changed ninety (90) days to thirty (30) days
Changed compliance monitor to Compliance
Enforcement Authority.
3

Updated version numbers from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

TBD

R7.3 and associated elements retired as part of the
Paragraph 81 project (Project 2013-02)

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

A. Introduction
1.

Title:

Cyber Security — Systems Security Management

Number:

CIP-007-4

Purpose:
Standard CIP-007-4 requires Responsible Entities to define methods, processes,
and procedures for securing those systems determined to be Critical Cyber Assets, as well as
the other (non-critical) Cyber Assets within the Electronic Security Perimeter(s). Standard
CIP-007-4 should be read as part of a group of standards numbered Standards CIP-002-4
through CIP-009-4.

Applicability:
4.1. Within the text of Standard CIP-007-4, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-007-4:

4.2.1

Facilities regulated by the Canadian Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54

4.2.4

Responsible Entities that, in compliance with Standard CIP-002-4, identify that
they have no Critical Cyber Assets.

B. Requirements
R1.

Test Procedures — The Responsible Entity shall ensure that new Cyber Assets and significant
changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely
affect existing cyber security controls. For purposes of Standard CIP-007-4, a significant
change shall, at a minimum, include implementation of security patches, cumulative service
packs, vendor releases, and version upgrades of operating systems, applications, database
platforms, or other third-party software or firmware.
1

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R2.

R3.

R4.

R5.

R1.1.

The Responsible Entity shall create, implement, and maintain cyber security test
procedures in a manner that minimizes adverse effects on the production system or its
operation.

R1.2.

The Responsible Entity shall document that testing is performed in a manner that
reflects the production environment.

R1.3.

The Responsible Entity shall document test results.

The Responsible Entity shall enable only those ports and services required for normal
and emergency operations.

R2.2.

The Responsible Entity shall disable other ports and services, including those used for
testing purposes, prior to production use of all Cyber Assets inside the Electronic
Security Perimeter(s).

R2.3.

In the case where unused ports and services cannot be disabled due to technical
limitations, the Responsible Entity shall document compensating measure(s) applied
to mitigate risk exposure.

Security Patch Management — The Responsible Entity, either separately or as a component of
the documented configuration management process specified in CIP-003-4 Requirement R6,
shall establish, document and implement a security patch management program for tracking,
evaluating, testing, and installing applicable cyber security software patches for all Cyber
Assets within the Electronic Security Perimeter(s).
R3.1.

The Responsible Entity shall document the assessment of security patches and
security upgrades for applicability within thirty calendar days of availability of the
patches or upgrades.

R3.2.

R4.2.

The Responsible Entity shall document and implement a process for the update of
anti-virus and malware prevention “signatures.” The process must address testing and
installing the signatures.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R5.1.1. The Responsible Entity shall ensure that user accounts are implemented as
approved by designated personnel. Refer to Standard CIP-003-4
Requirement R5.
R5.1.2. The Responsible Entity shall establish methods, processes, and procedures
that generate logs of sufficient detail to create historical audit trails of
individual user account access activity for a minimum of ninety days.
R5.1.3. The Responsible Entity shall review, at least annually, user accounts to
verify access privileges are in accordance with Standard CIP-003-4
Requirement R5 and Standard CIP-004-4 Requirement R4.
R5.2.

R5.3.

R6.

R6.2.

The security monitoring controls shall issue automated or manual alerts for detected
Cyber Security Incidents.

R6.3.

The Responsible Entity shall maintain logs of system events related to cyber security,
where technically feasible, to support incident response as required in Standard CIP008-4.

R6.4.

The Responsible Entity shall retain all logs specified in Requirement R6 for ninety
calendar days.

R6.5.

The Responsible Entity shall review logs of system events related to cyber security
and maintain records documenting review of logs.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R7.

R8.

R9.

Prior to the disposal of such assets, the Responsible Entity shall destroy or erase the
data storage media to prevent unauthorized retrieval of sensitive cyber security or
reliability data.

R7.2.

Prior to redeployment of such assets, the Responsible Entity shall, at a minimum,
erase the data storage media to prevent unauthorized retrieval of sensitive cyber
security or reliability data.

R7.3.

The Responsible Entity shall maintain records that such assets were disposed of or
redeployed in accordance with documented procedures. (Retired)

R8.3.
R8.4.

Documentation Review and Maintenance — The Responsible Entity shall review and update
the documentation specified in Standard CIP-007-4 at least annually. Changes resulting from
modifications to the systems or controls shall be documented within thirty calendar days of the
change being completed.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1

For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement Authority.

1.2.2

For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the Compliance
Enforcement Authority.

1.2.3

For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other applicable
governmental authorities shall serve as the Compliance Enforcement Authority.

1.2.4

For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance Enforcement
Authority.

1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

The Responsible Entity shall keep all documentation and records from the previous full calendar year unless directed by its Compliance
Enforcement Authority to retain specific evidence for a longer period of time as part of an investigation.

1.4.2

The Responsible Entity shall retain security–related system event logs for ninety calendar days, unless longer retention is required
pursuant to Standard CIP-008-4 Requirement R2.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all requested and
submitted subsequent audit records.

1.5. Additional Compliance Information.
2.

Violation Severity Levels

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

Requirement
R1.

VRF
MEDIUM

Lower VSL
N/A

Moderate VSL
The Responsible Entity did
create, implement and maintain
the test procedures as required in
R1.1, but did not document
that testing is performed as
required in R1.2.

High VSL

Severe VSL

The Responsible Entity did not create, implement and
maintain the test procedures as required in R1.1.

The Responsible Entity did not create, implement and maintain
the test procedures as required in R1.1,
AND
The Responsible Entity did not document that testing was
performed as required in R1.2

AND

The Responsible Entity did not
document the test results as
required in R1.3.

The Responsible Entity did not document the test results as
required in R1.3.

R1.1.

MEDIUM

N/A

R1.2.

LOWER

N/A

R1.3.

LOWER

N/A

R2.

MEDIUM

N/A

The Responsible Entity
established (implemented) but
did not document a process to
ensure that only those ports and
services required for normal and
emergency operations are
enabled.

The Responsible Entity documented but did not establish
(implement) a process to ensure that only those ports and
services required for normal and emergency operations are
enabled.

The Responsible Entity did not establish (implement) nor
document a process to ensure that only those ports and services
required for normal and emergency operations are enabled.

R2.1.

MEDIUM

The Responsible Entity
enabled ports and
services not required for
normal and emergency
operations on at least
one but less than 5% of
the Cyber Assets inside
the Electronic Security
Perimeter(s).

The Responsible Entity enabled
ports and services not required
for normal and emergency
operations on 5% or more but
less than 10% of the Cyber
Assets inside the Electronic
Security Perimeter(s).

The Responsible Entity enabled ports and services not
required for normal and emergency operations on 10% or
more but less than 15% of the Cyber Assets inside the
Electronic Security Perimeter(s).

The Responsible Entity enabled ports and services not required
for normal and emergency operations on 15% or more of the
Cyber Assets inside the Electronic Security Perimeter(s).

R2.2.

MEDIUM

The Responsible Entity
did not disable other
ports and services,
including those used for

The Responsible Entity did not
disable other ports and services,
including those used for testing
purposes, prior to production use

The Responsible Entity did not disable other ports and
services, including those used for testing purposes, prior to
production use for 10% or more but less than 15% of the
Cyber Assets inside the Electronic Security Perimeter(s).

The Responsible Entity did not disable other ports and services,
including those used for testing purposes, prior to production use
for 15% or more of the Cyber Assets inside the Electronic
Security Perimeter(s).

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

testing purposes, prior
to production use for at
least one but less than
5% of the Cyber Assets
inside the Electronic
Security Perimeter(s).

for 5% or more but less than
10% of the Cyber Assets inside
the Electronic Security
Perimeter(s).

R2.3.

MEDIUM

N/A

For cases where unused ports and services cannot be disabled
due to technical limitations, the Responsible Entity did not
document compensating measure(s) applied to mitigate risk
exposure.

R3.

LOWER

The Responsible Entity
established (implemented) but
did not document, either
separately or as a component of
the documented configuration
management process specified in
CIP-003-4 Requirement R6, a
security patch management
program for tracking, evaluating,
testing, and installing applicable
cyber security software patches
for all Cyber Assets within the
Electronic Security Perimeter(s).

The Responsible Entity documented but did not establish
(implement), either separately or as a component of the
documented configuration management process specified in
CIP-003-4 Requirement R6, a security patch management
program for tracking, evaluating, testing, and installing
applicable cyber security software patches for all Cyber
Assets within the Electronic Security Perimeter(s).

The Responsible Entity did not establish (implement) nor
document, either separately or as a component of the
documented configuration management process specified in CIP003-4 Requirement R6, a security patch management program
for tracking, evaluating, testing, and installing applicable cyber
security software patches for all Cyber Assets within the
Electronic Security Perimeter(s).

The Responsible Entity
documented the assessment of
security patches and security
upgrades for applicability as
required in Requirement R3 in
60 or more but less than 90
calendar days after the
availability of the patches and
upgrades.

The Responsible Entity documented the assessment of
security patches and security upgrades for applicability as
required in Requirement R3 in 90 or more but less than 120
calendar days after the availability of the patches and
upgrades.

The Responsible Entity documented the assessment of security
patches and security upgrades for applicability as required in
Requirement R3 in 120 calendar days or more after the
availability of the patches and upgrades.

tracking, evaluating,
testing, and installing
applicable cyber
security software
patches for all Cyber
Assets within the
Electronic Security
Perimeter(s).
R3.1.

LOWER

The Responsible Entity
documented the
assessment of security
patches and security
upgrades for
applicability as required
in Requirement R3 in
more than 30 but less
than 60 calendar days
after the availability of
the patches and
upgrades.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R3.2.

LOWER

N/A

The Responsible Entity did not document the implementation of
applicable security patches as required in R3.
OR
Where an applicable patch was not installed, the Responsible
Entity did not document the compensating measure(s) applied to
mitigate risk exposure.

R4.

MEDIUM

The Responsible Entity,
as technically feasible,
did not use anti-virus
software and other
malicious software
(“malware”) prevention
tools, nor implemented
compensating measures,
on at least one but less
than 5% of Cyber
Assets within the
Electronic Security
Perimeter(s).

The Responsible Entity, as
technically feasible, did not use
anti-virus software and other
malicious software (“malware”)
prevention tools, nor
implemented compensating
measures, on at least 5% but less
than 10% of Cyber Assets within
the Electronic Security
Perimeter(s).

The Responsible Entity, as technically feasible, did not use
anti-virus software and other malicious software
(“malware”) prevention tools, nor implemented
compensating measures, on at least 10% but less than 15%
of Cyber Assets within the Electronic Security Perimeter(s).

The Responsible Entity, as technically feasible, did not use antivirus software and other malicious software (“malware”)
prevention tools, nor implemented compensating measures, on
15% or more Cyber Assets within the Electronic Security
Perimeter(s).

R4.1.

MEDIUM

N/A

The Responsible Entity did not document the implementation of
antivirus and malware prevention tools for cyber assets within
the electronic security perimeter.
OR
The Responsible Entity did not document the implementation of
compensating measure(s) applied to mitigate risk exposure
where antivirus and malware prevention tools are not installed.

R4.2.

MEDIUM

The Responsible Entity,
as technically feasible,
documented and
implemented a process
for the update of antivirus and malware
prevention
“signatures.”, but the
process did not address
testing and installation
of the signatures.

The Responsible Entity, as
technically feasible, did not
document but implemented a
process, including addressing
testing and installing the
signatures, for the update of antivirus and malware prevention
“signatures.”

The Responsible Entity, as technically feasible, documented
but did not implement a process, including addressing testing
and installing the signatures, for the update of anti-virus and
malware prevention “signatures.”

The Responsible Entity, as technically feasible, did not
document nor implement a process including addressing testing
and installing the signatures for the update of anti-virus and
malware prevention “signatures.”

R5.

LOWER

N/A

The Responsible Entity
implemented but did not
document technical and
procedural controls that enforce
access authentication of, and
accountability for, all user
activity.

The Responsible Entity documented but did not implement
technical and procedural controls that enforce access
authentication of, and accountability for, all user activity.

The Responsible Entity did not document nor implement
technical and procedural controls that enforce access
authentication of, and accountability for, all user activity.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R5.1.

MEDIUM

N/A

The Responsible Entity did not ensure that individual and shared
system accounts and authorized access permissions are
consistent with the concept of “need to know” with respect to
work functions performed.

R5.1.1.

LOWER

At least one user
account but less than
1% of user accounts
implemented by the
Responsible Entity,
were not approved by
designated personnel.

One (1) % or more of user
accounts but less than 3% of
user accounts implemented by
the Responsible Entity were not
approved by designated
personnel.

Three (3) % or more of user accounts but less than 5% of
user accounts implemented by the Responsible Entity were
not approved by designated personnel.

Five (5) % or more of user accounts implemented by the
Responsible Entity were not approved by designated personnel.

R5.1.2.

LOWER

N/A

The Responsible Entity
generated logs with sufficient
detail to create historical audit
trails of individual user account
access activity, however the logs
do not contain activity for a
minimum of 90 days.

The Responsible Entity generated logs with insufficient
detail to create historical audit trails of individual user
account access activity.

The Responsible Entity did not generate logs of individual user
account access activity.

R5.1.3.

MEDIUM

N/A

The Responsible Entity did not review, at least annually, user
accounts to verify access privileges are in accordance with
Standard CIP-003-4 Requirement R5 and Standard CIP-004-4
Requirement R4.

R5.2.

LOWER

N/A

The Responsible Entity did not implement a policy to minimize
and manage the scope and acceptable use of administrator,
shared, and other generic account privileges including factory
default accounts.

R5.2.1.

MEDIUM

N/A

The Responsible Entity's policy did not include the removal,
disabling, or renaming of such accounts where possible,
however for accounts that must remain enabled, passwords
were changed prior to putting any system into service.

For accounts that must remain enabled, the Responsible Entity
did not change passwords prior to putting any system into
service.

R5.2.2.

LOWER

N/A

The Responsible Entity did not identify all individuals with
access to shared accounts.

R5.2.3.

MEDIUM

N/A

Where such accounts must be
shared, the Responsible Entity
has a policy for managing the
use of such accounts, but is
missing 1 of the following 3
items:

Where such accounts must be shared, the Responsible Entity
has a policy for managing the use of such accounts, but is
missing 2 of the following 3 items:

Where such accounts must be shared, the Responsible Entity
does not have a policy for managing the use of such accounts
that limits access to only those with authorization, an audit trail
of the account use (automated or manual), and steps for securing
the account in the event of personnel changes (for example,
change in assignment or termination).

a) limits access to only those
with authorization,
b) has an audit trail of the
account use (automated or

a) limits access to only those with authorization,
b) has an audit trail of the account use (automated or
manual),
c) has specified steps for securing the account in the event of
personnel changes (for example, change in assignment or
termination).

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

manual),
c) has specified steps for
securing the account in the event
of personnel changes (for
example, change in assignment
or termination).
R5.3.

LOWER

The Responsible Entity
requires and uses
passwords as technically
feasible, but only
addresses 2 of the
requirements in R5.3.1,
R5.3.2., R5.3.3.

The Responsible Entity requires
and uses passwords as
technically feasible but only
addresses 1 of the requirements
in R5.3.1, R5.3.2., R5.3.3.

The Responsible Entity requires but does not use passwords
as required in R5.3.1, R5.3.2., R5.3.3 and did not
demonstrate why it is not technically feasible.

The Responsible Entity does not require nor use passwords as
required in R5.3.1, R5.3.2., R5.3.3 and did not demonstrate why
it is not technically feasible.

R5.3.1.

LOWER

N/A

R5.3.2.

LOWER

N/A

R5.3.3.

MEDIUM

N/A

R6.

LOWER

The Responsible Entity,
as technically feasible,
did not implement
automated tools or
organizational process
controls to monitor
system events that are
related to cyber security
for at least one but less
than 5% of Cyber
Assets inside the
Electronic Security
Perimeter(s).

The Responsible Entity, as
technically feasible, did not
implement automated tools or
organizational process controls
to monitor system events that are
related to cyber security for 5%
or more but less than 10% of
Cyber Assets inside the
Electronic Security Perimeter(s).

The Responsible Entity did not implement automated tools
or organizational process controls, as technically feasible, to
monitor system events that are related to cyber security for
10% or more but less than 15% of Cyber Assets inside the
Electronic Security Perimeter(s).

The Responsible Entity did not implement automated tools or
organizational process controls, as technically feasible, to
monitor system events that are related to cyber security for 15%
or more of Cyber Assets inside the Electronic Security
Perimeter(s).

R6.1.

MEDIUM

N/A

The Responsible Entity
implemented but did not
document the organizational
processes and technical and
procedural mechanisms for
monitoring for security events
on all Cyber Assets within the
Electronic Security Perimeter.

The Responsible Entity documented but did not implement
the organizational processes and technical and procedural
mechanisms for monitoring for security events on all Cyber
Assets within the Electronic Security Perimeter.

The Responsible Entity did not implement nor document the
organizational processes and technical and procedural
mechanisms for monitoring for security events on all Cyber
Assets within the Electronic Security Perimeter.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R6.2.

MEDIUM

N/A

The Responsible entity's security monitoring controls do not
issue automated or manual alerts for detected Cyber Security
Incidents.

R6.3.

MEDIUM

N/A

The Responsible Entity did not maintain logs of system events
related to cyber security, where technically feasible, to support
incident response as required in Standard CIP-008-4.

R6.4.

LOWER

The Responsible Entity
retained the logs
specified in
Requirement R6, for at
least 60 days, but less
than 90 days.

The Responsible Entity retained
the logs specified in
Requirement R6, for at least 30
days, but less than 60 days.

The Responsible Entity retained the logs specified in
Requirement R6, for at least one day, but less than 30 days.

The Responsible Entity did not retain any logs specified in
Requirement R6.

R6.5.

LOWER

N/A

The Responsible Entity did not review logs of system events
related to cyber security nor maintain records documenting
review of logs.

R7.

LOWER

The Responsible Entity
established and
implemented formal
methods, processes, and
procedures for disposal
and redeployment of
Cyber Assets within the
Electronic Security
Perimeter(s) as
identified and
documented in Standard
CIP- 005-4 but did not
maintain records as
specified in R7.3.

The Responsible Entity
established and implemented
formal methods, processes, and
procedures for disposal of Cyber
Assets within the Electronic
Security Perimeter(s) as
identified and documented in
Standard CIP-005-4 but did not
address redeployment as
specified in R7.2.

The Responsible Entity established and implemented formal
methods, processes, and procedures for redeployment of
Cyber Assets within the Electronic Security Perimeter(s) as
identified and documented in Standard CIP-005-4 but did
not address disposal as specified in R7.1.

The Responsible Entity did not establish or implement formal
methods, processes, and procedures for disposal or redeployment
of Cyber Assets within the Electronic Security Perimeter(s) as
identified and documented in Standard CIP-005-4.

(Retired)

Formatted: Font color: Red

R7.1.

LOWER

N/A

R7.2.

LOWER

N/A

R7.3.

LOWER

N/A

(Retired)

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

LOWER

The Responsible Entity
performed at least
annually a Vulnerability
Assessment that
included 95% or more
but less than 100% of
Cyber Assets within the
Electronic Security
Perimeter.

The Responsible Entity
performed at least annually a
Vulnerability Assessment that
included 90% or more but less
than 95% of Cyber Assets within
the Electronic Security
Perimeter.

The Responsible Entity performed at least annually a
Vulnerability Assessment that included more than 85% but
less than 90% of Cyber Assets within the Electronic Security
Perimeter.

The Responsible Entity performed at least annually a
Vulnerability Assessment for 85% or less of Cyber Assets within
the Electronic Security Perimeter.
OR
The vulnerability assessment did not include one (1) or more of
the subrequirements 8.1, 8.2, 8.3, 8.4.

R8.1.

LOWER

N/A

R8.2.

MEDIUM

N/A

R8.3.

MEDIUM

N/A

R8.4.

MEDIUM

N/A

LOWER

N/A

The Responsible Entity did not review and update the
documentation specified in Standard CIP-007-4 at least
annually.

The Responsible Entity did not review and update the
documentation specified in Standard CIP-007-4 at least annually
nor were changes resulting from modifications to the systems or
controls documented within thirty calendar days of the change
being completed.

OR
The Responsible Entity did not document changes resulting
from modifications to the systems or controls within thirty
calendar days of the change being completed.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

E. Regional Variances
None identified.
Version History
Version

Date

Action

Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing compliance
elements of standards.
Removal of reasonable business judgment and
acceptance of risk.
Revised the Purpose of this standard to clarify that
Standard CIP-007-2 requires Responsible Entities to
define methods, processes, and procedures for
securing Cyber Assets and other (non-Critical)
Assets within an Electronic Security Perimeter.
Replaced the RRO with the RE as a responsible
entity.
Rewording of Effective Date.
R9 changed ninety (90) days to thirty (30) days
Changed compliance monitor to Compliance
Enforcement Authority.

Updated version numbers from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

Board
approved
01/24/2011

Update version number from “3” to “4”

4/19/12

FERC Order issued approving CIP-007-4 (approval
becomes effective June 25, 2012)

Change Tracking

Update to conform to
changes to CIP-002-4
(Project 2008-06)

Added approved VRF/VSL table to section D.2.
3, 4

TBD

R7.3 and associated elements retired as part of the
Paragraph 81 project (Project 2013-02)

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

A. Introduction
1.

Title:

System Restoration from Blackstart Resources

Number:

EOP-005-2

Purpose: Ensure plans, Facilities, and personnel are prepared to enable System
restoration from Blackstart Resources to assure reliability is maintained during
restoration and priority is placed on restoring the Interconnection.

Applicability:
4.1. Transmission Operators.
4.2. Generator Operators.
4.3. Transmission Owners identified in the Transmission Operators restoration plan.
4.4. Distribution Providers identified in the Transmission Operators restoration plan.

Proposed Effective Date: Twenty-four months after the first day of the first calendar
quarter following applicable regulatory approval. In those jurisdictions where no
regulatory approval is required, all requirements go into effect twenty-four months after Board
of Trustees adoption.

B. Requirements
R1. Each Transmission Operator shall have a restoration plan approved by its Reliability
Coordinator. The restoration plan shall allow for restoring the Transmission
Operator’s System following a Disturbance in which one or more areas of the Bulk
Electric System (BES) shuts down and the use of Blackstart Resources is required to
restore the shut down area to service, to a state whereby the choice of the next Load to
be restored is not driven by the need to control frequency or voltage regardless of
whether the Blackstart Resource is located within the Transmission Operator’s System.
The restoration plan shall include: [Time Horizon = Operations Planning]
R1.1.

Strategies for system restoration that are coordinated with the Reliability
Coordinator’s high level strategy for restoring the Interconnection.

R1.2.

A description of how all Agreements or mutually agreed upon procedures or
protocols for off-site power requirements of nuclear power plants, including
priority of restoration, will be fulfilled during System restoration.

R1.3.

Procedures for restoring interconnections with other Transmission Operators
under the direction of the Reliability Coordinator.

R1.4.

Identification of each Blackstart Resource and its characteristics including but
not limited to the following: the name of the Blackstart Resource, location,
megawatt and megavar capacity, and type of unit.

R1.5.

Identification of Cranking Paths and initial switching requirements between
each Blackstart Resource and the unit(s) to be started.

R1.6.

Identification of acceptable operating voltage and frequency limits during
restoration.

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

R1.7.

Operating Processes to reestablish connections within the Transmission
Operator’s System for areas that have been restored and are prepared for
reconnection.

R1.8.

Operating Processes to restore Loads required to restore the System, such as
station service for substations, units to be restarted or stabilized, the Load
needed to stabilize generation and frequency, and provide voltage control.

R1.9.

Operating Processes for transferring authority back to the Balancing Authority
in accordance with the Reliability Coordinator’s criteria.

R2. Each Transmission Operator shall provide the entities identified in its approved
restoration plan with a description of any changes to their roles and specific tasks prior
to the implementation date of the plan. [Time Horizon = Operations Planning]
R3. Each Transmission Operator shall review its restoration plan and submit it to its
Reliability Coordinator annually on a mutually agreed predetermined schedule. [Time
Horizon = Operations Planning]
R3.1.

If there are no changes to the previously submitted restoration plan, the
Transmission Operator shall confirm annually on a predetermined schedule to
its Reliability Coordinator that it has reviewed its restoration plan and no
changes were necessary. (Retired)

R4. Each Transmission Operator shall update its restoration plan within 90 calendar days
after identifying any unplanned permanent System modifications, or prior to
implementing a planned BES modification, that would change the implementation of
its restoration plan. [Time Horizon = Operations Planning]
R4.1.

Each Transmission Operator shall submit its revised restoration plan to its
Reliability Coordinator for approval within the same 90 calendar day period.

R5. Each Transmission Operator shall have a copy of its latest Reliability Coordinator
approved restoration plan within its primary and backup control rooms so that it is
available to all of its System Operators prior to its implementation date. [Time Horizon
= Operations Planning]
R6. Each Transmission Operator shall verify through analysis of actual events, steady state
and dynamic simulations, or testing that its restoration plan accomplishes its intended
function. This shall be completed every five years at a minimum. Such analysis,
simulations or testing shall verify: [Time Horizon = Long-term Planning]
R6.1.

The capability of Blackstart Resources to meet the Real and Reactive Power
requirements of the Cranking Paths and the dynamic capability to supply initial
Loads.

R6.2.

The location and magnitude of Loads required to control voltages and
frequency within acceptable operating limits.

R6.3.

The capability of generating resources required to control voltages and
frequency within acceptable operating limits.

R7. Following a Disturbance in which one or more areas of the BES shuts down and the
use of Blackstart Resources is required to restore the shut down area to service, each

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

affected Transmission Operator shall implement its restoration plan. If the restoration
plan cannot be executed as expected the Transmission Operator shall utilize its
restoration strategies to facilitate restoration. [Time Horizon = Real-time Operations]
R8. Following a Disturbance in which one or more areas of the BES shuts down and the
use of Blackstart Resources is required to restore the shut down area to service, the
Transmission Operator shall resynchronize area(s) with neighboring Transmission
Operator area(s) only with the authorization of the Reliability Coordinator or in
accordance with the established procedures of the Reliability Coordinator. [Time
Horizon = Real-time Operations]
R9. Each Transmission Operator shall have Blackstart Resource testing requirements to
verify that each Blackstart Resource is capable of meeting the requirements of its
restoration plan. These Blackstart Resource testing requirements shall include: [Time
Horizon = Operations Planning]
R9.1.

The frequency of testing such that each Blackstart Resource is tested at least
once every three calendar years.

R9.2.

A list of required tests including:
R9.2.1. The ability to start the unit when isolated with no support from the
BES or when designed to remain energized without connection to the
remainder of the System.
R9.2.2. The ability to energize a bus. If it is not possible to energize a bus
during the test, the testing entity must affirm that the unit has the
capability to energize a bus such as verifying that the breaker close
coil relay can be energized with the voltage and frequency monitor
controls disconnected from the synchronizing circuits.

R9.3.

The minimum duration of each of the required tests.

R10. Each Transmission Operator shall include within its operations training program,
annual System restoration training for its System Operators to assure the proper
execution of its restoration plan. This training program shall include training on the
following: [Time Horizon = Operations Planning]
R10.1. System restoration plan including coordination with the Reliability
Coordinator and Generator Operators included in the restoration plan.
R10.2. Restoration priorities.
R10.3. Building of cranking paths.
R10.4. Synchronizing (re-energized sections of the System).
R11. Each Transmission Operator, each applicable Transmission Owner, and each
applicable Distribution Provider shall provide a minimum of two hours of System
restoration training every two calendar years to their field switching personnel
identified as performing unique tasks associated with the Transmission Operator’s
restoration plan that are outside of their normal tasks. [Time Horizon = Operations
Planning]

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

R12. Each Transmission Operator shall participate in its Reliability Coordinator’s restoration
drills, exercises, or simulations as requested by its Reliability Coordinator. [Time
Horizon = Operations Planning]
R13. Each Transmission Operator and each Generator Operator with a Blackstart Resource
shall have written Blackstart Resource Agreements or mutually agreed upon
procedures or protocols, specifying the terms and conditions of their arrangement.
Such Agreements shall include references to the Blackstart Resource testing
requirements. [Time Horizon = Operations Planning]
R14. Each Generator Operator with a Blackstart Resource shall have documented procedures
for starting each Blackstart Resource and energizing a bus. [Time Horizon =
Operations Planning]
R15. Each Generator Operator with a Blackstart Resource shall notify its Transmission
Operator of any known changes to the capabilities of that Blackstart Resource affecting
the ability to meet the Transmission Operator’s restoration plan within 24 hours
following such change. [Time Horizon = Operations Planning]
R16. Each Generator Operator with a Blackstart Resource shall perform Blackstart Resource
tests, and maintain records of such testing, in accordance with the testing requirements
set by the Transmission Operator to verify that the Blackstart Resource can perform as
specified in the restoration plan. [Time Horizon = Operations Planning]
R16.1. Testing records shall include at a minimum: name of the Blackstart Resource,
unit tested, date of the test, duration of the test, time required to start the unit,
an indication of any testing requirements not met under Requirement R9.
R16.2. Each Generator Operator shall provide the blackstart test results within 30
calendar days following a request from its Reliability Coordinator or
Transmission Operator.
R17. Each Generator Operator with a Blackstart Resource shall provide a minimum of two
hours of training every two calendar years to each of its operating personnel
responsible for the startup of its Blackstart Resource generation units and energizing a
bus. The training program shall include training on the following: [Time Horizon =
Operations Planning]
R17.1. System restoration plan including coordination with the Transmission
Operator.
R17.2. The procedures documented in Requirement R14.
R18. Each Generator Operator shall participate in the Reliability Coordinator’s restoration
drills, exercises, or simulations as requested by the Reliability Coordinator. [Time
Horizon = Operations Planning]
C. Measures
M1. Each Transmission Operator shall have a dated, documented System restoration plan
developed in accordance with Requirement R1 that has been approved by its
Reliability Coordinator as shown with the documented approval from its Reliability
Coordinator.

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

M2. Each Transmission Operator shall have evidence such as e-mails with receipts or
registered mail receipts that it provided the entities identified in its approved
restoration plan with a description of any changes to their roles and specific tasks prior
to the implementation date of the plan in accordance with Requirement R2.
M3. Each Transmission Operator shall have documentation such as a dated review signature
sheet, revision histories, e-mails with receipts, or registered mail receipts, that it has
annually reviewed and submitted the Transmission Operator’s restoration plan to its
Reliability Coordinator in accordance with Requirement R3.
M4. Each Transmission Operator shall have documentation such as dated review signature
sheets, revision histories, e-mails with receipts, or registered mail receipts, that it has
updated its restoration plan and submitted it to its Reliability Coordinator in
accordance with Requirement R4.
M5. Each Transmission Operator shall have documentation that it has made the latest
Reliability Coordinator approved copy of its restoration plan available in its primary
and backup control rooms and its System Operators prior to its implementation date in
accordance with Requirement R5.
M6. Each Transmission Operator shall have documentation such as power flow outputs,
that it has verified that its latest restoration plan will accomplish its intended function
in accordance with Requirement R6.
M7. If there has been a Disturbance in which Blackstart Resources have been utilized in
restoring the shut down area of the BES to service, each Transmission Operator
involved shall have evidence such as voice recordings, e-mail, dated computer
printouts, or operator logs, that it implemented its restoration plan or restoration plan
strategies in accordance with Requirement R7.
M8. If there has been a Disturbance in which Blackstart Resources have been utilized in
restoring the shut down area of the BES to service, each Transmission Operator
involved in such an event shall have evidence, such as voice recordings, e-mail, dated
computer printouts, or operator logs, that it resynchronized shut down areas in
accordance with Requirement R8.
M9. Each Transmission Operator shall have documented Blackstart Resource testing
requirements in accordance with Requirement R9.
M10. Each Transmission Operator shall have an electronic or hard copy of the training
program material provided for its System Operators for System restoration training in
accordance with Requirement R10.
M11. Each Transmission Operator, each applicable Transmission Owner, and each
applicable Distribution Provider shall have an electronic or hard copy of the training
program material provided to their field switching personnel for System restoration
training and the corresponding training records including training dates and duration in
accordance with Requirement R11.
M12. Each Transmission Operator shall have evidence, such as training records, that it
participated in the Reliability Coordinator’s restoration drills, exercises, or simulations
as requested in accordance with Requirement R12.

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

M13. Each Transmission Operator and Generator Operator with a Blackstart Resource shall
have the dated Blackstart Resource Agreements or mutually agreed upon procedures or
protocols in accordance with Requirement R13.
M14. Each Generator Operator with a Blackstart Resource shall have dated documented
procedures on file for starting each unit and energizing a bus in accordance with
Requirement R14.
M15. Each Generator Operator with a Blackstart Resource shall provide evidence, such as emails with receipts or registered mail receipts, showing that it notified its Transmission
Operator of any known changes to its Blackstart Resource capabilities within twentyfour hours of such changes in accordance with Requirement R15.
M16. Each Generator Operator with a Blackstart Resource shall maintain dated
documentation of its Blackstart Resource test results and shall have evidence such as emails with receipts or registered mail receipts, that it provided these records to its
Reliability Coordinator and Transmission Operator when requested in accordance with
Requirement R16.
M17. Each Generator Operator with a Blackstart Resource shall have an electronic or hard
copy of the training program material provided to its operating personnel responsible
for the startup and synchronization of its Blackstart Resource generation units and a
copy of its dated training records including training dates and durations showing that it
has provided training in accordance with Requirement R17.
M18. Each Generator Operator shall have evidence, such as dated training records, that it
participated in the Reliability Coordinator’s restoration drills, exercises, or simulations
if requested to do so in accordance with Requirement R18.
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority

Regional Entity.
1.2. Compliance Monitoring Period and Reset Time Frame

Not applicable.
1.3. Compliance Monitoring and Enforcement Processes:

Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

The Transmission Operator shall keep data or evidence to show compliance as
identified below unless directed by its Compliance Enforcement Authority to
retain specific evidence for a longer period of time as part of an investigation:
o Approved restoration plan and any restoration plans in force since the last
compliance audit for Requirement R1, Measure M1.
o Provided the entities identified in its approved restoration plan with a
description of any changes to their roles and specific tasks prior to the
implementation date of the plan for the current calendar year and three
prior calendar years for Requirement R2, Measure M2.
o Submission of the Transmission Operator’s annually reviewed restoration
plan to its Reliability Coordinator for the current calendar year and three
prior calendar years for Requirement R3, Measure M3.
o Submission of an updated restoration plan to its Reliability Coordinator
for all versions for the current calendar year and the prior three years for
Requirement R4, Measure M4.
o The current, restoration plan approved by the Reliability Coordinator and
any restoration plans for the last three calendar years that was made
available in its control rooms for Requirement R5, Measure M5.
o The verification results for the current, approved restoration plan and the
previous approved restoration plan for Requirement R6, Measure M6.
o Implementation of its restoration plan or restoration plan strategies on any
occasion for three calendar years if there has been a Disturbance in which
Blackstart Resources have been utilized in restoring the shut down area of
the BES to service for Requirement R7, Measure M7.
o Resynchronization of shut down areas on any occasion over three calendar
years if there has been a Disturbance in which Blackstart Resources have
been utilized in restoring the shut down area of the BES to service for
Requirement R8, Measure M8.
o The verification process and results for the current Blackstart Resource
testing requirements and the last previous Blackstart Resource testing
requirements for Requirement R9, Measure M9.
o Actual training program materials or descriptions for three calendar years
for Requirement R10, Measure M10.
o Records of participation in all requested Reliability Coordinator
restoration drills, exercises, or simulations since its last compliance audit
as well as one previous compliance audit period for Requirement R12,
Measure M12.
If a Transmission Operator is found non-compliant for any requirement, it shall
keep information related to the non-compliance until found compliant.
The Transmission Operator, applicable Transmission Owner, and applicable
Distribution provider shall keep data or evidence to show compliance as identified

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

below unless directed by its Compliance Enforcement Authority to retain specific
evidence for a longer period of time as part of an investigation:
o Actual training program materials or descriptions and actual training
records for three calendar years for Requirement R11, Measure M11.
If a Transmission Operator, applicable Transmission owner, or applicable
Distribution Provider is found non-compliant for any requirement, it shall keep
information related to the non-compliance until found compliant.
The Transmission Operator and Generator Operator with a Blackstart Resource
shall keep data or evidence to show compliance as identified below unless
directed by its Compliance Enforcement Authority to retain specific evidence for
a longer period of time as part of an investigation:
o Current Blackstart Resource Agreements and any Blackstart Resource
Agreements or mutually agreed upon procedures or protocols in force
since its last compliance audit for Requirement R13, Measure M13.
The Generator Operator with a Blackstart Resource shall keep data or evidence to
show compliance as identified below unless directed by its Compliance
Enforcement Authority to retain specific evidence for a longer period of time as
part of an investigation:
o Current documentation and any documentation in force since its last
compliance audit on procedures to start each Blackstart Resources and for
energizing a bus for Requirement R14, Measure M14.
o Notification to its Transmission Operator of any known changes to its
Blackstart Resource capabilities over the last three calendar years for
Requirement R15, Measure M15.
o The verification test results for the current set of requirements and one
previous set for its Blackstart Resources for Requirement R16, Measure
M16.
o Actual training program materials and actual training records for three
calendar years for Requirement R17, Measure M17.
If a Generation Operator with a Blackstart Resource is found non-compliant for
any requirement, it shall keep information related to the non-compliance until
found compliant.
The Generator Operator shall keep data or evidence to show compliance as
identified below unless directed by its Compliance Enforcement Authority to
retain specific evidence for a longer period of time as part of an investigation:
o Records of participation in all requested Reliability Coordinator
restoration drills, exercises, or simulations since its last compliance audit
for Requirement R18, Measure M18.
If a Generation Operator is found non-compliant for any requirement, it shall keep
information related to the non-compliance until found compliant.

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

The Compliance Enforcement Authority shall keep the last audit records and all
requested and submitted subsequent audit records.
1.5. Additional Compliance Information

None.
2.

Violation Severity Levels

E. Regional Variances
None.
Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from
Effective Date

Errata

May 2, 2007

Approved by Board of
Trustees

Revised

TBD

Revisions pursuant to
Project 2006-03

Updated testing requirements
Incorporated Attachment 1 into the
requirements
Updated Measures and Compliance to
match new Requirements

August 5, 2009

Adopted by Board of
Trustees

Revised

March 17, 2011

Order issued by FERC
approving EOP-005-2
(approval effective
5/23/11)

TBD

R3.1 and associated
elements retired as part of
the Paragraph 81 project
(Project 2013-02)

Standard FAC-002-1 — Coordination of Plans for New Facilities
A.

Introduction
1.

Title:
Facilities

Coordination of Plans For New Generation, Transmission, and End-User

Number:

FAC-002-1

Purpose: To avoid adverse impacts on reliability, Generator Owners and Transmission
Owners and electricity end-users must meet facility connection and performance requirements.

Applicability:

4.1.

Generator Owner

4.2.

Transmission Owner

4.3.

Distribution Provider

4.4.

Load-Serving Entity

4.5.

Transmission Planner

4.6.

Planning Authority

(Proposed) Effective Date: The first day of the first calendar quarter six months after
applicable regulatory approval; or in those jurisdictions where no regulatory approval is
required, the first day of the first calendar quarter six months after Board of Trustees’
adoption.

Requirements
R1. The Generator Owner, Transmission Owner, Distribution Provider, and Load-Serving Entity
seeking to integrate generation facilities, transmission facilities, and electricity end-user
facilities shall each coordinate and cooperate on its assessments with its Transmission Planner
and Planning Authority. The assessment shall include:
1.1.

Evaluation of the reliability impact of the new facilities and their connections on the
interconnected transmission systems.

1.2.

Ensurance of compliance with NERC Reliability Standards and applicable Regional,
subregional, Power Pool, and individual system planning criteria and facility
connection requirements.

1.3.

Evidence that the parties involved in the assessment have coordinated and cooperated
on the assessment of the reliability impacts of new facilities on the interconnected
transmission systems. While these studies may be performed independently, the
results shall be jointly evaluated and coordinated by the entities involved.

1.4.

Evidence that the assessment included steady-state, short-circuit, and dynamics studies
as necessary to evaluate system performance under both normal and contingency
conditions in accordance with Reliability Standards TPL-001-0, TPL-002-0, and TPL003-0.

1.5.

Documentation that the assessment included study assumptions, system performance,
alternatives considered, and jointly coordinated recommendations.

R2. The Planning Authority, Transmission Planner, Generator Owner, Transmission Owner, LoadServing Entity, and Distribution Provider shall each retain its documentation (of its evaluation
of the reliability impact of the new facilities and their connections on the interconnected

Adopted by Board of Trustees: August 5, 2010

1 of 3

Standard FAC-002-1 — Coordination of Plans for New Facilities
transmission systems) for three years and shall provide the documentation to the Regional
Reliability Organization(s) and NERC on request (within 30 calendar days). (Retired)
C.

Measures
M1. The Planning Authority, Transmission Planner, Generator Owner, Transmission Owner, LoadServing Entity, and Distribution Provider’s documentation of its assessment of the reliability
impacts of new facilities shall address all items in Reliability Standard FAC-002-0_R1.
M2. The Planning Authority, Transmission Planner, Generator Owner, Transmission Owner, LoadServing Entity, and Distribution Provider shall each have evidence of its assessment of the
reliability impacts of new facilities and their connections on the interconnected transmission
systems is retained and provided to other entities in accordance with Reliability Standard
FAC-002-0_R2. (Retired)

Compliance
1.

Compliance Monitoring Process
1.1.

Compliance Enforcement Authority
Regional Entity.

1.2.

Compliance Monitoring Period and Reset Timeframe
Not applicable.

1.3.

Compliance Monitoring and Enforcement Processes:
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints

2.
E.

1.4.

Data Retention
Evidence of the assessment of the reliability impacts of new facilities and their
connections on the interconnected transmission systems: Three years.

1.5.

Additional Compliance Information
None

Violation Severity Levels (no changes)

Regional Differences
1.

None identified.

Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

January 13, 2006

Removed duplication of “Regional Reliability
Organizations(s).

Errata

TBD

Modified to address Order No. 693 Directives
contained in paragraph 693.

Revised.

Adopted by Board of Trustees: August 5, 2010

2 of 3

Standard FAC-002-1 — Coordination of Plans for New Facilities

TBD

R2 and associated elements retired as part of
the Paragraph 81 project (Project 2013-02)

Adopted by Board of Trustees: August 5, 2010

3 of 3

Standard FAC-008-3 — Facility Ratings

A. Introduction

Title:

Facility Ratings

Number:

FAC-008-3

Purpose:
To ensure that Facility Ratings used in the reliable planning and operation of the
Bulk Electric System (BES) are determined based on technically sound principles. A Facility
Rating is essential for the determination of System Operating Limits.

Applicability
4.1. Transmission Owner.
4.2. Generator Owner.

Effective Date:
The first day of the first calendar quarter that is twelve months beyond
the date approved by applicable regulatory authorities, or in those jurisdictions where
regulatory approval is not required, the first day of the first calendar quarter twelve months
following BOT adoption.

B. Requirements
R1.

Each Generator Owner shall have documentation for determining the Facility Ratings of its
solely and jointly owned generator Facility(ies) up to the low side terminals of the main step up
transformer if the Generator Owner does not own the main step up transformer and the high
side terminals of the main step up transformer if the Generator Owner owns the main step up
transformer. [Violation Risk Factor: Lower] [Time Horizon: Long-term Planning]
1.1. The documentation shall contain assumptions used to rate the generator and at least one
of the following:
•

Design or construction information such as design criteria, ratings provided
by equipment manufacturers, equipment drawings and/or specifications,
engineering analyses, method(s) consistent with industry standards (e.g.
ANSI and IEEE), or an established engineering practice that has been
verified by testing or engineering analysis.

•

Operational information such as commissioning test results, performance
testing or historical performance records, any of which may be supplemented
by engineering analyses.

1.2. The documentation shall be consistent with the principle that the Facility Ratings do not
exceed the most limiting applicable Equipment Rating of the individual equipment that
comprises that Facility.
R2.

Each Generator Owner shall have a documented methodology for determining Facility Ratings
(Facility Ratings methodology) of its solely and jointly owned equipment connected between
the location specified in R1 and the point of interconnection with the Transmission Owner that
contains all of the following. [Violation Risk Factor: Medium] [Time Horizon: Long-term
Planning]
2.1.

The methodology used to establish the Ratings of the equipment that comprises the
Facility(ies) shall be consistent with at least one of the following:
•

Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications such as nameplate rating.

Page 1 of 10

Standard FAC-008-3 — Facility Ratings

2.2.

R3.

•

One or more industry standards developed through an open process such as
Institute of Electrical and Electronic Engineers (IEEE) or International
Council on Large Electric Systems (CIGRE).

•

A practice that has been verified by testing, performance history or
engineering analysis.

The underlying assumptions, design criteria, and methods used to determine the
Equipment Ratings identified in Requirement R2, Part 2.1 including identification of
how each of the following were considered:
2.2.1.

Equipment Rating standard(s) used in development of this methodology.

2.2.2.

Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications.

2.2.3.

Ambient conditions (for particular or average conditions or as they vary in
real-time).

2.2.4.

Operating limitations. 1

2.3.

A statement that a Facility Rating shall respect the most limiting applicable
Equipment Rating of the individual equipment that comprises that Facility.

2.4.

The process by which the Rating of equipment that comprises a Facility is determined.
2.4.1.

The scope of equipment addressed shall include, but not be limited to,
conductors, transformers, relay protective devices, terminal equipment, and
series and shunt compensation devices.

2.4.2.

The scope of Ratings addressed shall include, as a minimum, both Normal
and Emergency Ratings.

Each Transmission Owner shall have a documented methodology for determining Facility
Ratings (Facility Ratings methodology) of its solely and jointly owned Facilities (except for
those generating unit Facilities addressed in R1 and R2) that contains all of the following:
[Violation Risk Factor: Medium] [ Time Horizon: Long-term Planning]
3.1.

3.2.

The methodology used to establish the Ratings of the equipment that comprises the
Facility shall be consistent with at least one of the following:
•

Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications such as nameplate rating.

•

One or more industry standards developed through an open process such as
Institute of Electrical and Electronics Engineers (IEEE) or International
Council on Large Electric Systems (CIGRE).

•

A practice that has been verified by testing, performance history or
engineering analysis.

The underlying assumptions, design criteria, and methods used to determine the
Equipment Ratings identified in Requirement R3, Part 3.1 including identification of
how each of the following were considered:
3.2.1.

Equipment Rating standard(s) used in development of this methodology.

Such as temporary de-ratings of impaired equipment in accordance with good utility practice.
Page 2 of 10

Standard FAC-008-3 — Facility Ratings

3.2.2.

Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications.

3.2.3.

Ambient conditions (for particular or average conditions or as they vary in
real-time).

3.2.4.

Operating limitations. 2

3.3.

A statement that a Facility Rating shall respect the most limiting applicable
Equipment Rating of the individual equipment that comprises that Facility.

3.4.

The process by which the Rating of equipment that comprises a Facility is determined.
3.4.1.

The scope of equipment addressed shall include, but not be limited to,
transmission conductors, transformers, relay protective devices, terminal
equipment, and series and shunt compensation devices.

3.4.2.

The scope of Ratings addressed shall include, as a minimum, both Normal
and Emergency Ratings.

R4.

Each Transmission Owner shall make its Facility Ratings methodology and each Generator
Owner shall each make its documentation for determining its Facility Ratings and its Facility
Ratings methodology available for inspection and technical review by those Reliability
Coordinators, Transmission Operators, Transmission Planners and Planning Coordinators that
have responsibility for the area in which the associated Facilities are located, within 21
calendar days of receipt of a request. [Violation Risk Factor: Lower] [Time Horizon:
Operations Planning] (Retired)

R5.

R6.

Each Transmission Owner and Generator Owner shall have Facility Ratings for its solely and
jointly owned Facilities that are consistent with the associated Facility Ratings methodology or
documentation for determining its Facility Ratings. [Violation Risk Factor: Medium] [Time
Horizon: Operations Planning]

R7.

Each Generator Owner shall provide Facility Ratings (for its solely and jointly owned Facilities
that are existing Facilities, new Facilities, modifications to existing Facilities and re-ratings of
existing Facilities) to its associated Reliability Coordinator(s), Planning Coordinator(s),
Transmission Planner(s), Transmission Owner(s) and Transmission Operator(s) as scheduled
by such requesting entities. [Violation Risk Factor: Medium] [Time Horizon: Operations
Planning]

R8.

Each Transmission Owner (and each Generator Owner subject to Requirement R2) shall
provide requested information as specified below (for its solely and jointly owned Facilities
that are existing Facilities, new Facilities, modifications to existing Facilities and re-ratings of
existing Facilities) to its associated Reliability Coordinator(s), Planning Coordinator(s),
Transmission Planner(s), Transmission Owner(s) and Transmission Operator(s): [Violation
Risk Factor: Medium] [Time Horizon: Operations Planning]

Such as temporary de-ratings of impaired equipment in accordance with good utility practice.
Page 3 of 10

Standard FAC-008-3 — Facility Ratings

8.1.

8.2.

As scheduled by the requesting entities:
8.1.1.

Facility Ratings

8.1.2.

Identity of the most limiting equipment of the Facilities

Within 30 calendar days (or a later date if specified by the requester), for any
requested Facility with a Thermal Rating that limits the use of Facilities under the
requester’s authority by causing any of the following: 1) An Interconnection
Reliability Operating Limit, 2) A limitation of Total Transfer Capability, 3) An
impediment to generator deliverability, or 4) An impediment to service to a major
load center:
8.2.1.

Identity of the existing next most limiting equipment of the Facility

8.2.2.

The Thermal Rating for the next most limiting equipment identified in
Requirement R8, Part 8.2.1.

C. Measures
M1. Each Generator Owner shall have documentation that shows how its Facility Ratings were
determined as identified in Requirement 1.
M2. Each Generator Owner shall have a documented Facility Ratings methodology that includes all
of the items identified in Requirement 2, Parts 2.1 through 2.4.
M3. Each Transmission Owner shall have a documented Facility Ratings methodology that includes
all of the items identified in Requirement 3, Parts 3.1 through 3.4.
M4. Each Transmission Owner shall have evidence, such as a copy of a dated electronic note, or
other comparable evidence to show that it made its Facility Ratings methodology available for
inspection within 21 calendar days of a request in accordance with Requirement 4. The
Generator Owner shall have evidence, such as a copy of a dated electronic note, or other
comparable evidence to show that it made its documentation for determining its Facility
Ratings or its Facility Ratings methodology available for inspection within 21 calendar days of
a request in accordance with Requirement R4. (Retired)
M5. If the Reliability Coordinator, Transmission Operator, Transmission Planner or Planning
Coordinator provides documented comments on its technical review of a Transmission
Owner’s or Generator Owner’s Facility Ratings methodology or a Generator Owner’s
documentation for determining its Facility Ratings, the Transmission Owner or Generator
Owner shall have evidence, (such as a copy of a dated electronic or hard copy note, or other
comparable evidence from the Transmission Owner or Generator Owner addressed to the
commenter that includes the response to the comment,) that it provided a response to that
commenting entity in accordance with Requirement R5. (Retired)
M6. Each Transmission Owner and Generator Owner shall have evidence to show that its Facility
Ratings are consistent with the documentation for determining its Facility Ratings as specified
in Requirement R1 or consistent with its Facility Ratings methodology as specified in
Requirements R2 and R3 (Requirement R6).
M7. Each Generator Owner shall have evidence, such as a copy of a dated electronic note, or other
comparable evidence to show that it provided its Facility Ratings to its associated Reliability
Coordinator(s), Planning Coordinator(s), Transmission Planner(s), Transmission Owner(s) and
Transmission Operator(s) in accordance with Requirement R7.
M8. Each Transmission Owner (and Generator Owner subject to Requirement R2) shall have
evidence, such as a copy of a dated electronic note, or other comparable evidence to show that
it provided its Facility Ratings and identity of limiting equipment to its associated Reliability
Page 4 of 10

Standard FAC-008-3 — Facility Ratings

Coordinator(s), Planning Coordinator(s), Transmission Planner(s), Transmission Owner(s) and
Transmission Operator(s) in accordance with Requirement R8.
D. Compliance

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
Regional Entity
1.2. Compliance Monitoring and Enforcement Processes:

•

Self-Certifications

•

Spot Checking

•

Compliance Audits

•

Self-Reporting

•

Compliance Violation Investigations

•

Complaints

1.3. Data Retention
The Generator Owner shall keep its current documentation (for R1) and any
modifications to the documentation that were in force since last compliance audit
period for Measure M1 and Measure M6.
The Generator Owner shall keep its current, in force Facility Ratings methodology
(for R2) and any modifications to the methodology that were in force since last
compliance audit period for Measure M2 and Measure M6.
The Transmission Owner shall keep its current, in force Facility Ratings
methodology (for R3) and any modifications to the methodology that were in force
since the last compliance audit for Measure M3 and Measure M6.
The Transmission Owner and Generator Owner shall keep its current, in force
Facility Ratings and any changes to those ratings for three calendar years for Measure
M6.
The Generator Owner and Transmission Owner shall each keep evidence for Measure
M4, and Measure M5, for three calendar years. (Retired)
The Generator Owner shall keep evidence for Measure M7 for three calendar years.
The Transmission Owner (and Generator Owner that is subject to Requirement R2)
shall keep evidence for Measure M8 for three calendar years.
If a Generator Owner or Transmission Owner is found non-compliant, it shall keep
information related to the non-compliance until found compliant.
The Compliance Enforcement Authority shall keep the last audit and all subsequent
compliance records.
1.4. Additional Compliance Information
None

Page 5 of 10

Standard FAC-008-3 — Facility Ratings

Violation Severity Levels
R#

Lower VSL

Moderate VSL

N/A

•

The Generator Owner failed to
include in its Facility Rating
methodology one of the
following Parts of
Requirement R2:

High VSL

Formatted Table

Severe VSL

The Generator Owner’s Facility
Rating documentation did not
address Requirement R1, Part 1.2.

The Generator Owner failed to
provide documentation for
determining its Facility Ratings.

The Generator Owner failed to
include in its Facility Rating
methodology two of the following
Parts of Requirement R2:

The Generator Owner’s Facility
Rating methodology did not
address all the components of
Requirement R2, Part 2.4.

The Generator Owner’s Facility
Rating methodology failed to
recognize a facility's rating based
on the most limiting component
rating as required in Requirement
R2, Part 2.3

The Generator Owner’s
Facility Rating documentation
did not address Requirement
R1, Part 1.1.

•

2.1

•

2.1.

•

2.2.1

•

2.2.2

•

2.2.3

The Generator Owner failed to
include in its Facility Rating
Methodology, three of the
following Parts of Requirement R2:

2.2.3

•

2.2.4

•

2.1.

•

The Generator Owner failed to
include in its Facility Rating
Methodology four or more of the
following Parts of Requirement R2:

2.2.4

•

2.2.1

•

2.1

•

2.2.2

•

2.2.1

•

2.2.3

•

2.2.2

•

2.2.4

•

2.2.3

•

2.2.4

The Transmission Owner
failed to include in its Facility
Rating methodology one of the
following Parts of
Requirement R3:
•

3.1

•

3.2.1

The Transmission Owner failed to
include in its Facility Rating
methodology two of the following
Parts of Requirement R3:

The Transmission Owner’s Facility
Rating methodology did not
address either of the following
Parts of Requirement R3:

•

3.1

•

3.4.1

The Transmission Owner’s Facility
Rating methodology failed to
recognize a Facility's rating based
on the most limiting component
rating as required in Requirement
R3, Part 3.3

•

3.2.1

•

3.4.2

Page 6 of 10

Standard FAC-008-3 — Facility Ratings

R4
(Retired)

R5
(Retired)

Lower VSL

Moderate VSL

High VSL

•

3.2.2

•

3.2.2

•

3.2.3

•

3.2.3

•

3.2.4

•

3.2.4

The Transmission Owner failed to
include in its Facility Rating
methodology three of the following
Parts of Requirement R3:

Formatted Table

Severe VSL
The Transmission Owner failed to
include in its Facility Rating
methodology four or more of the
following Parts of Requirement R3:
•

3.1

•

3.1

•

3.2.1

•

3.2.1

•

3.2.2

•

3.2.2

•

3.2.3

•

3.2.3

•

3.2.4

•

3.2.4

The responsible entity made its
Facility Ratings methodology
or Facility Ratings
documentation available
within more than 21 calendar
days but less than or equal to
31 calendar days after a
request.

The responsible entity made its
Facility Ratings methodology or
Facility Ratings documentation
available within more than 31
calendar days but less than or equal
to 41 calendar days after a request.

The responsible entity made its
Facility Rating methodology or
Facility Ratings documentation
available within more than 41
calendar days but less than or equal
to 51 calendar days after a request.

The responsible entity failed to
make its Facility Ratings
methodology or Facility Ratings
documentation available in more
than 51 calendar days after a
request. (R3)

The responsible entity
provided a response in more
than 45 calendar days but less
than or equal to 60 calendar
days after a request. (R5)

The responsible entity provided a
response in more than 60 calendar
days but less than or equal to 70
calendar days after a request.

The responsible entity provided a
response in more than 70 calendar
days but less than or equal to 80
calendar days after a request.

The responsible entity failed to
provide a response as required in
more than 80 calendar days after
the comments were received. (R5)

The responsible entity provided a
response within 45 calendar days,
and the response indicated that a
change will not be made to the
Facility Ratings methodology or
Facility Ratings documentation but
did not indicate why no change will
be made. (R5)

The responsible entity provided a
response within 45 calendar days,
but the response did not indicate
whether a change will be made to
the Facility Ratings methodology or
Facility Ratings documentation.
(R5)

Page 7 of 10

Standard FAC-008-3 — Facility Ratings

Formatted Table

Lower VSL

Moderate VSL

High VSL

Severe VSL

The responsible entity failed to
establish Facility Ratings
consistent with the associated
Facility Ratings methodology
or documentation for
determining the Facility
Ratings for 5% or less of its
solely owned and jointly
owned Facilities. (R6)

The responsible entity failed to
establish Facility Ratings consistent
with the associated Facility Ratings
methodology or documentation for
determining the Facility Ratings for
more than 5% or more, but less
than up to (and including) 10% of
its solely owned and jointly owned
Facilities. (R6)

The responsible entity failed to
establish Facility Ratings consistent
with the associated Facility Ratings
methodology or documentation for
determining the Facility Ratings for
more than 10% up to (and
including) 15% of its solely owned
and jointly owned Facilities. (R6)

The responsible entity failed to
establish Facility Ratings consistent
with the associated Facility Ratings
methodology or documentation for
determining the Facility Ratings for
more than15% of its solely owned
and jointly owned Facilities. (R6)

The Generator Owner provided
its Facility Ratings to all of the
requesting entities but missed
meeting the schedules by up to
and including 15 calendar
days.

The Generator Owner provided its
Facility Ratings to all of the
requesting entities but missed
meeting the schedules by more than
15 calendar days but less than or
equal to 25 calendar days.

The Generator Owner provided its
Facility Ratings to all of the
requesting entities but missed
meeting the schedules by more than
25 calendar days but less than or
equal to 35 calendar days.

The Generator Owner provided its
Facility Ratings to all of the
requesting entities but missed
meeting the schedules by more than
35 calendar days.
OR
The Generator Owner failed to
provide its Facility Ratings to the
requesting entities.

The responsible entity
provided its Facility Ratings to
all of the requesting entities
but missed meeting the
schedules by up to and
including 15 calendar days.
(R8, Part 8.1)

The responsible entity
provided less than 100%, but
not less than or equal to 95%
of the required Rating
information to all of the
requesting entities. (R8, Part
8.1)

The responsible entity provided less
than 95%, but not less than or equal
to 90% of the required Rating
information to all of the requesting
entities. (R8, Part 8.1)

The responsible entity provided less
than 90%, but not less than or equal
to 85% of the required Rating
information to all of the requesting
entities. (R8, Part 8.1)

Standard FAC-008-3 — Facility Ratings

Lower VSL
OR
The responsible entity
provided the required Rating
information to the requesting
entity, but the information was
provided up to and including
15 calendar days late. (R8, Part
8.2)
OR
The responsible entity
provided less than 100%, but
not less than or equal to 95%
of the required Rating
information to the requesting
entity. (R8, Part 8.2)

Moderate VSL

High VSL

The responsible entity provided the
required Rating information to the
requesting entity, but did so more
15 calendar days but less than or
equal to 25 calendar days late. (R8,
Part 8.2)

The responsible entity provided the
required Rating information to the
requesting entity, but did so more
than 25 calendar days but less than
or equal to 35 calendar days late.
(R8, Part 8.2)

The responsible entity provided less
than 95%, but not less than or equal
to 90% of the required Rating
information to the requesting entity.
(R8, Part 8.2)

The responsible entity provided less
than 90%, but no less than or equal
to 85% of the required Rating
information to the requesting entity.
(R8, Part 8.2)

Formatted Table

Severe VSL
than 35 calendar days late. (R8,
Part 8.2)
OR
The responsible entity provided less
than 85 % of the required Rating
information to the requesting entity.
(R8, Part 8.2)
OR
The responsible entity failed to
provide its Rating information to
the requesting entity. (R8, Part 8.1)

Page 9 of 10

Standard FAC-008-3 — Facility Ratings

E. Regional Variances
None.
F. Associated Documents
Version History
Version

Date

Action

Change Tracking

Feb 7, 2006

Approved by Board of
Trustees

New

Mar 16, 2007

Approved by FERC

New

May 12, 2010

Approved by Board of
Trustees

Complete Revision, merging
FAC_008-1 and FAC-009-1
under Project 2009-06 and
address directives from Order
693

May 24, 2011

Addition of Requirement R8

Project 2009-06 Expansion to
address third directive from
Order 693

May 24, 2011

Adopted by NERC Board of
Trustees

November 17,
2011

FERC Order issued approving
FAC-008-3

May 17, 2012

FERC Order issued directing
the VRF for Requirement R2
be changed from “Lower” to
“Medium”

TBD

R4 and R5 and associated
elements retired as part of the
Paragraph 81 project (Project
2013-02)

Page 10 of 10

Standard FAC-010-2.1 — System Operating Limits Methodology for the Planning Horizon
A. Introduction
1.

Title:

System Operating Limits Methodology for the Planning Horizon

Number:

FAC-010-2.1

Purpose:
To ensure that System Operating Limits (SOLs) used in the reliable planning of
the Bulk Electric System (BES) are determined based on an established methodology or
methodologies.

Applicability
4.1. Planning Authority

Effective Date:

April 19, 2010

B. Requirements
R1.

R2.

The Planning Authority shall have a documented SOL Methodology for use in developing
SOLs within its Planning Authority Area. This SOL Methodology shall:
R1.1.

Be applicable for developing SOLs used in the planning horizon.

R1.2.

State that SOLs shall not exceed associated Facility Ratings.

R1.3.

Include a description of how to identify the subset of SOLs that qualify as IROLs.

The Planning Authority’s SOL Methodology shall include a requirement that SOLs provide
BES performance consistent with the following:
R2.1.

In the pre-contingency state and with all Facilities in service, the BES shall
demonstrate transient, dynamic and voltage stability; all Facilities shall be within their
Facility Ratings and within their thermal, voltage and stability limits. In the
determination of SOLs, the BES condition used shall reflect expected system
conditions and shall reflect changes to system topology such as Facility outages.

R2.2.

Following the single Contingencies 1 identified in Requirement 2.2.1 through
Requirement 2.2.3, the system shall demonstrate transient, dynamic and voltage
stability; all Facilities shall be operating within their Facility Ratings and within their
thermal, voltage and stability limits; and Cascading or uncontrolled separation shall
not occur.
R2.2.1. Single line to ground or three-phase Fault (whichever is more severe), with
Normal Clearing, on any Faulted generator, line, transformer, or shunt
device.
R2.2.2. Loss of any generator, line, transformer, or shunt device without a Fault.
R2.2.3. Single pole block, with Normal Clearing, in a monopolar or bipolar high
voltage direct current system.

R2.3.

Starting with all Facilities in service, the system’s response to a single Contingency,
may include any of the following:
R2.3.1. Planned or controlled interruption of electric supply to radial customers or
some local network customers connected to or supplied by the Faulted
Facility or by the affected area.

1
The Contingencies identified in R2.2.1 through R2.2.3 are the minimum contingencies that must be studied but are
not necessarily the only Contingencies that should be studied.

Page 1 of 9

Standard FAC-010-2.1 — System Operating Limits Methodology for the Planning Horizon
R2.3.2. System reconfiguration through manual or automatic control or protection
actions.
R2.4.

To prepare for the next Contingency, system adjustments may be made, including
changes to generation, uses of the transmission system, and the transmission system
topology.

R2.5.

Starting with all Facilities in service and following any of the multiple Contingencies
identified in Reliability Standard TPL-003 the system shall demonstrate transient,
dynamic and voltage stability; all Facilities shall be operating within their Facility
Ratings and within their thermal, voltage and stability limits; and Cascading or
uncontrolled separation shall not occur.

R2.6.

In determining the system’s response to any of the multiple Contingencies, identified
in Reliability Standard TPL-003, in addition to the actions identified in R2.3.1 and
R2.3.2, the following shall be acceptable:
R2.6.1. Planned or controlled interruption of electric supply to customers (load
shedding), the planned removal from service of certain generators, and/or
the curtailment of contracted Firm (non-recallable reserved) electric power
Transfers.

R3.

R4.

R5.

The Planning Authority’s methodology for determining SOLs, shall include, as a minimum, a
description of the following, along with any reliability margins applied for each:
R3.1.

Study model (must include at least the entire Planning Authority Area as well as the
critical modeling details from other Planning Authority Areas that would impact the
Facility or Facilities under study).

R3.2.

Selection of applicable Contingencies.

R3.3.

Level of detail of system models used to determine SOLs.

R3.4.

Allowed uses of Special Protection Systems or Remedial Action Plans.

R3.5.

Anticipated transmission system configuration, generation dispatch and Load level.

R3.6.

Criteria for determining when violating a SOL qualifies as an Interconnection
Reliability Operating Limit (IROL) and criteria for developing any associated IROL
Tv.

The Planning Authority shall issue its SOL Methodology, and any change to that methodology,
to all of the following prior to the effectiveness of the change:
R4.1.

Each adjacent Planning Authority and each Planning Authority that indicated it has a
reliability-related need for the methodology.

R4.2.

Each Reliability Coordinator and Transmission Operator that operates any portion of
the Planning Authority’s Planning Authority Area.

R4.3.

Each Transmission Planner that works in the Planning Authority’s Planning Authority
Area.

If a recipient of the SOL Methodology provides documented technical comments on the
methodology, the Planning Authority shall provide a documented response to that recipient
within 45 calendar days of receipt of those comments. The response shall indicate whether a
change will be made to the SOL Methodology and, if no change will be made to that SOL
Methodology, the reason why. (Retired)

C. Measures
M1. The Planning Authority’s SOL Methodology shall address all of the items listed in
Requirement 1 through Requirement 3.
Page 2 of 9

Standard FAC-010-2.1 — System Operating Limits Methodology for the Planning Horizon
M2. The Planning Authority shall have evidence it issued its SOL Methodology and any changes to
that methodology, including the date they were issued, in accordance with Requirement 4.
M3. If the recipient of the SOL Methodology provides documented comments on its technical
review of that SOL methodology, the Planning Authority that distributed that SOL
Methodology shall have evidence that it provided a written response to that commenter within
45 calendar days of receipt of those comments in accordance with Requirement 5. (Retired)
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Regional Reliability Organization
1.2. Compliance Monitoring Period and Reset Time Frame
Each Planning Authority shall self-certify its compliance to the Compliance Monitor at
least once every three years. New Planning Authorities shall demonstrate compliance
through an on-site audit conducted by the Compliance Monitor within the first year that it
commences operation. The Compliance Monitor shall also conduct an on-site audit once
every nine years and an investigation upon complaint to assess performance.
The Performance-Reset Period shall be twelve months from the last non-compliance.
1.3. Data Retention
The Planning Authority shall keep all superseded portions to its SOL Methodology for 12
months beyond the date of the change in that methodology and shall keep all documented
comments on its SOL Methodology and associated responses for three years. In addition,
entities found non-compliant shall keep information related to the non-compliance until
found compliant. (Deleted text retired)
The Compliance Monitor shall keep the last audit and all subsequent compliance records.
1.4. Additional Compliance Information
The Planning Authority shall make the following available for inspection during an onsite audit by the Compliance Monitor or within 15 business days of a request as part of an
investigation upon complaint:

1.4.1

SOL Methodology.

1.4.2

Documented comments provided by a recipient of the SOL Methodology on its
technical review of a SOL Methodology, and the associated responses. (Retired)

1.4.3

Superseded portions of its SOL Methodology that had been made within the past
12 months.

1.4.4

Evidence that the SOL Methodology and any changes to the methodology that
occurred within the past 12 months were issued to all required entities.

Levels of Non-Compliance for Western Interconnection: (To be replaced with VSLs once
developed and approved by WECC)
2.1. Level 1:
There shall be a level one non-compliance if either of the following
conditions exists:
2.1.1

The SOL Methodology did not include a statement indicating that Facility
Ratings shall not be exceeded.

2.1.2

No evidence of responses to a recipient’s comments on the SOL Methodology.
(Retired)
Page 3 of 9

Formatted: Strikethrough

Formatted: Font color: Red

Standard FAC-010-2.1 — System Operating Limits Methodology for the Planning Horizon
2.2. Level 2:
The SOL Methodology did not include a requirement to address all of the
elements in R2.1 through R2.3 and E1.
2.3. Level 3:
There shall be a level three non-compliance if any of the following
conditions exists:
2.3.1

The SOL Methodology did not include a statement indicating that Facility
Ratings shall not be exceeded and the methodology did not include evaluation of
system response to one of the three types of single Contingencies identified in
R2.2.

2.3.2

The SOL Methodology did not include a statement indicating that Facility
Ratings shall not be exceeded and the methodology did not include evaluation of
system response to two of the seven types of multiple Contingencies identified in
E1.1.

2.3.3

The System Operating Limits Methodology did not include a statement
indicating that Facility Ratings shall not be exceeded and the methodology did
not address two of the six required topics in R3.

2.4. Level 4:
with R4

The SOL Methodology was not issued to all required entities in accordance

Page 4 of 9

Standard FAC-010-2.1 — System Operating Limits Methodology for the Planning Horizon
3.

Violation Severity Levels:

Requirement

Lower

Moderate

High

Severe

Not applicable.

The Planning Authority has a
documented SOL Methodology
for use in developing SOLs
within its Planning Authority
Area, but it does not address
R1.2

The Planning Authority has a
documented SOL Methodology
for use in developing SOLs
within its Planning Authority
Area, but it does not address
R1.3.

The Planning Authority has a
documented SOL Methodology
for use in developing SOLs
within its Planning Authority
Area, but it does not address
R1.1.
OR
The Planning Authority has no
documented SOL Methodology
for use in developing SOLs
within its Planning Authority
Area.

The Planning Authority’s SOL
Methodology requires that SOLs
are set to meet BES
performance following single and
multiple contingencies, but does
not address the pre-contingency
state (R2.1)

The Planning Authority’s SOL
Methodology requires that SOLs
are set to meet BES
performance in the precontingency state and following
single contingencies, but does
not address multiple
contingencies. (R2.5-R2.6)

The Planning Authority’s SOL
Methodology requires that SOLs
are set to meet BES
performance in the precontingency state and following
multiple contingencies, but does
not meet the performance for
response to single
contingencies. (R2.2 –R2.4)

The Planning Authority’s SOL
Methodology requires that SOLs
are set to meet BES
performance in the precontingency state but does not
require that SOLs be set to meet
the BES performance specified
for response to single
contingencies (R2.2-R2.4) and
does not require that SOLs be
set to meet the BES
performance specified for
response to multiple
contingencies. (R2.5-R2.6)

The Planning Authority has a
methodology for determining
SOLs that includes a description
for all but one of the following:
R3.1 through R3.6.

The Planning Authority has a
methodology for determining
SOLs that includes a description
for all but two of the following:
R3.1 through R3.6.

The Planning Authority has a
methodology for determining
SOLs that includes a description
for all but three of the following:
R3.1 through R3.6.

The Planning Authority has a
methodology for determining
SOLs that is missing a
description of four or more of the
following: R3.1 through R3.6.

One or both of the following:
The Planning Authority issued its
SOL Methodology and changes

One of the following:
The Planning Authority issued its
SOL Methodology and changes

One of the following:
The Planning Authority failed to
issue its SOL Methodology and

Page 5 of 9

Standard FAC-010-2.1 — System Operating Limits Methodology for the Planning Horizon

Requirement

Lower

Moderate

High

Severe

to that methodology to all but
one of the required entities.
For a change in methodology,
the changed methodology was
provided up to 30 calendar days
after the effectiveness of the
change.

to that methodology to all but
one of the required entities AND
for a change in methodology, the
changed methodology was
provided 30 calendar days or
more, but less than 60 calendar
days after the effectiveness of
the change.
OR
The Planning Authority issued its
SOL Methodology and changes
to that methodology to all but
two of the required entities AND
for a change in methodology, the
changed methodology was
provided up to 30 calendar days
after the effectiveness of the
change.

to that methodology to all but
one of the required entities AND
for a change in methodology, the
changed methodology was
provided 60 calendar days or
more, but less than 90 calendar
days after the effectiveness of
the change.
OR
The Planning Authority issued its
SOL Methodology and changes
to that methodology to all but
two of the required entities AND
for a change in methodology, the
changed methodology was
provided 30 calendar days or
more, but less than 60 calendar
days after the effectiveness of
the change.
OR
The Planning Authority issued its
SOL Methodology and changes
to that methodology to all but
three of the required entities
AND for a change in
methodology, the changed
methodology was provided up to
30 calendar days after the
effectiveness of the change.

changes to that methodology to
more than three of the required
entities.
The Planning Authority issued its
SOL Methodology and changes
to that methodology to all but
one of the required entities AND
for a change in methodology, the
changed methodology was
provided 90 calendar days or
more after the effectiveness of
the change.
OR
The Planning Authority issued its
SOL Methodology and changes
to that methodology to all but
two of the required entities AND
for a change in methodology, the
changed methodology was
provided 60 calendar days or
more, but less than 90 calendar
days after the effectiveness of
the change.
OR
The Planning Authority issued its
SOL Methodology and changes
to that methodology to all but
three of the required entities
AND for a change in
methodology, the changed
methodology was provided 30
calendar days or more, but less
than 60 calendar days after the
effectiveness of the change.
The Planning Authority issued its
SOL Methodology and changes
to that methodology to all but

Page 6 of 9

Standard FAC-010-2.1 — System Operating Limits Methodology for the Planning Horizon

Requirement

Lower

Moderate

High

Severe
four of the required entities AND
for a change in methodology, the
changed methodology was
provided up to 30 calendar days
after the effectiveness of the
change.

R5
(Retired)

The Planning Authority received
documented technical comments
on its SOL Methodology and
provided a complete response in
a time period that was longer
than 45 calendar days but less
than 60 calendar days.

The Planning Authority received
documented technical comments
on its SOL Methodology and
provided a complete response in
a time period that was 60
calendar days or longer but less
than 75 calendar days.

The Planning Authority received
documented technical comments
on its SOL Methodology and
provided a complete response in
a time period that was 75
calendar days or longer but less
than 90 calendar days.
OR
The Planning Authority’s
response to documented
technical comments on its SOL
Methodology indicated that a
change will not be made, but did
not include an explanation of
why the change will not be
made.

Page 7 of 9

The Planning Authority received
documented technical comments
on its SOL Methodology and
provided a complete response in
a time period that was 90
calendar days or longer.
OR
The Planning Authority’s
response to documented
technical comments on its SOL
Methodology did not indicate
whether a change will be made
to the SOL Methodology.

Standard FAC-010-2.1 — System Operating Limits Methodology for the Planning Horizon
E. Regional Differences
1.

The following Interconnection-wide Regional Difference shall be applicable in the Western
Interconnection:
1.1. As governed by the requirements of R2.5 and R2.6, starting with all Facilities in service,
shall require the evaluation of the following multiple Facility Contingencies when
establishing SOLs:
1.1.1

Simultaneous permanent phase to ground Faults on different phases of each of
two adjacent transmission circuits on a multiple circuit tower, with Normal
Clearing. If multiple circuit towers are used only for station entrance and exit
purposes, and if they do not exceed five towers at each station, then this
condition is an acceptable risk and therefore can be excluded.

1.1.2

A permanent phase to ground Fault on any generator, transmission circuit,
transformer, or bus section with Delayed Fault Clearing except for bus
sectionalizing breakers or bus-tie breakers addressed in E1.1.7

1.1.3

Simultaneous permanent loss of both poles of a direct current bipolar Facility
without an alternating current Fault.

1.1.4

The failure of a circuit breaker associated with a Special Protection System to
operate when required following: the loss of any element without a Fault; or a
permanent phase to ground Fault, with Normal Clearing, on any transmission
circuit, transformer or bus section.

1.1.5

A non-three phase Fault with Normal Clearing on common mode Contingency of
two adjacent circuits on separate towers unless the event frequency is determined
to be less than one in thirty years.

1.1.6

A common mode outage of two generating units connected to the same
switchyard, not otherwise addressed by FAC-010.

1.1.7

The loss of multiple bus sections as a result of failure or delayed clearing of a bus
tie or bus sectionalizing breaker to clear a permanent Phase to Ground Fault.

1.2. SOLs shall be established such that for multiple Facility Contingencies in E1.1.1 through
E1.1.5 operation within the SOL shall provide system performance consistent with the
following:
1.2.1

All Facilities are operating within their applicable Post-Contingency thermal,
frequency and voltage limits.

1.2.2

Cascading does not occur.

1.2.3

Uncontrolled separation of the system does not occur.

1.2.4

The system demonstrates transient, dynamic and voltage stability.

1.2.5

Depending on system design and expected system impacts, the controlled
interruption of electric supply to customers (load shedding), the planned removal
from service of certain generators, and/or the curtailment of contracted firm (nonrecallable reserved) electric power transfers may be necessary to maintain the
overall security of the interconnected transmission systems.

1.2.6

Interruption of firm transfer, Load or system reconfiguration is permitted through
manual or automatic control or protection actions.

Page 8 of 9

Standard FAC-010-2.1 — System Operating Limits Methodology for the Planning Horizon
1.2.7

To prepare for the next Contingency, system adjustments are permitted, including
changes to generation, Load and the transmission system topology when
determining limits.

1.3. SOLs shall be established such that for multiple Facility Contingencies in E1.1.6 through
E1.1.7 operation within the SOL shall provide system performance consistent with the
following with respect to impacts on other systems:
1.3.1

Cascading does not occur.

1.4. The Western Interconnection may make changes (performance category adjustments) to
the Contingencies required to be studied and/or the required responses to Contingencies
for specific facilities based on actual system performance and robust design. Such
changes will apply in determining SOLs.
Version History
Version

Date

Action

Change Tracking

November 1,
2006

Adopted by Board of Trustees

New

November 1,
2006

Fixed typo. Removed the word “each” from
the 1st sentence of section D.1.3, Data
Retention.

01/11/07

June 24, 2008

Adopted by Board of Trustees; FERC Order
705

Revised

Changed the effective date to July 1, 2008
Changed “Cascading Outage” to
“Cascading”
Replaced Levels of Non-compliance with
Violation Severity Levels

Revised

January 22,
2010

Updated effective date and footer to April
29, 2009 based on the March 20, 2009
FERC Order

Update

2.1

November 5,
2009

Adopted by the Board of Trustees — errata
change Section E1.1 modified to reflect the
renumbering of requirements R2.4 and R2.5
from FAC-010-1 to R2.5 and R2.6 in FAC010-2.

Errata

2.1

April 19, 2010

FERC Approved — errata change Section
E1.1 modified to reflect the renumbering of
requirements R2.4 and R2.5 from FAC-0101 to R2.5 and R2.6 in FAC-010-2.

Errata

2.1

TBD

R5 and associated elements retired as part of
the Paragraph 81 project (Project 2013-02)

Page 9 of 9

S ta n d a rd FAC-011-2 — S ys te m Op e ra tin g Lim its Me th o d o lo g y fo r th e Op e ra tio n s Ho rizo n

A. Introduction
1.

Title:

System Operating Limits Methodology for the Operations Horizon

Number:

FAC-011-2

Purpose:
To ensure that System Operating Limits (SOLs) used in the reliable operation of
the Bulk Electric System (BES) are determined based on an established methodology or
methodologies.

Applicability
4.1. Reliability Coordinator

Effective Date:

April 29, 2009

B. Requirements
R1. The Reliability Coordinator shall have a documented methodology for use in developing SOLs
(SOL Methodology) within its Reliability Coordinator Area. This SOL Methodology shall:

R2.

R1.1.

Be applicable for developing SOLs used in the operations horizon.

R1.2.

State that SOLs shall not exceed associated Facility Ratings.

R1.3.

Include a description of how to identify the subset of SOLs that qualify as IROLs.

The Reliability Coordinator’s SOL Methodology shall include a requirement that SOLs
provide BES performance consistent with the following:
R2.1.

In the pre-contingency state, the BES shall demonstrate transient, dynamic and
voltage stability; all Facilities shall be within their Facility Ratings and within their
thermal, voltage and stability limits. In the determination of SOLs, the BES condition
used shall reflect current or expected system conditions and shall reflect changes to
system topology such as Facility outages.

R2.2.

Following the single Contingencies 1 identified in Requirement 2.2.1 through
Requirement 2.2.3, the system shall demonstrate transient, dynamic and voltage
stability; all Facilities shall be operating within their Facility Ratings and within their
thermal, voltage and stability limits; and Cascading or uncontrolled separation shall
not occur.
R2.2.1. Single line to ground or 3-phase Fault (whichever is more severe), with
Normal Clearing, on any Faulted generator, line, transformer, or shunt
device.
R2.2.2. Loss of any generator, line, transformer, or shunt device without a Fault.
R2.2.3. Single pole block, with Normal Clearing, in a monopolar or bipolar high
voltage direct current system.

R2.3.

In determining the system’s response to a single Contingency, the following shall be
acceptable:
R2.3.1. Planned or controlled interruption of electric supply to radial customers or
some local network customers connected to or supplied by the Faulted
Facility or by the affected area.

The Contingencies identified in FAC-011 R2.2.1 through R2.2.3 are the minimum contingencies that must be
studied but are not necessarily the only Contingencies that should be studied.

Ad o p te d b y Bo a rd o f Tru s te e s : J u ne 24, 2008
Effe c tive Da te : Ap ril 29, 2009

Page 1 of 9

S ta n d a rd FAC-011-2 — S ys te m Op e ra tin g Lim its Me th o d o lo g y fo r th e Op e ra tio n s Ho rizo n

R2.3.2. Interruption of other network customers, (a) only if the system has already
been adjusted, or is being adjusted, following at least one prior outage, or
(b) if the real-time operating conditions are more adverse than anticipated in
the corresponding studies
R2.3.3. System reconfiguration through manual or automatic control or protection
actions.
R2.4.

R3.

To prepare for the next Contingency, system adjustments may be made, including
changes to generation, uses of the transmission system, and the transmission system
topology.

The Reliability Coordinator’s methodology for determining SOLs, shall include, as a
minimum, a description of the following, along with any reliability margins applied for each:
R3.1.

Study model (must include at least the entire Reliability Coordinator Area as well as
the critical modeling details from other Reliability Coordinator Areas that would
impact the Facility or Facilities under study.)

R3.2.

Selection of applicable Contingencies

R3.3.

A process for determining which of the stability limits associated with the list of
multiple contingencies (provided by the Planning Authority in accordance with FAC014 Requirement 6) are applicable for use in the operating horizon given the actual or
expected system conditions.
R3.3.1. This process shall address the need to modify these limits, to modify the list
of limits, and to modify the list of associated multiple contingencies.

R4.

R5.

R3.4.

Level of detail of system models used to determine SOLs.

R3.5.

Allowed uses of Special Protection Systems or Remedial Action Plans.

R3.6.

Anticipated transmission system configuration, generation dispatch and Load level

R3.7.

Criteria for determining when violating a SOL qualifies as an Interconnection
Reliability Operating Limit (IROL) and criteria for developing any associated IROL
Tv.

The Reliability Coordinator shall issue its SOL Methodology and any changes to that
methodology, prior to the effectiveness of the Methodology or of a change to the Methodology,
to all of the following:
R4.1.

Each adjacent Reliability Coordinator and each Reliability Coordinator that indicated
it has a reliability-related need for the methodology.

R4.2.

Each Planning Authority and Transmission Planner that models any portion of the
Reliability Coordinator’s Reliability Coordinator Area.

R4.3.

Each Transmission Operator that operates in the Reliability Coordinator Area.

If a recipient of the SOL Methodology provides documented technical comments on the
methodology, the Reliability Coordinator shall provide a documented response to that recipient
within 45 calendar days of receipt of those comments. The response shall indicate whether a
change will be made to the SOL Methodology and, if no change will be made to that SOL
Methodology, the reason why. (Retired)

C. Measures

Ad o p te d b y Bo a rd o f Tru s te e s : J u ne 24, 2008
Effe c tive Da te : Ap ril 29, 2009

Page 2 of 9

S ta n d a rd FAC-011-2 — S ys te m Op e ra tin g Lim its Me th o d o lo g y fo r th e Op e ra tio n s Ho rizo n

M1. The Reliability Coordinator’s SOL Methodology shall address all of the items listed in
Requirement 1 through Requirement 3.
M2. The Reliability Coordinator shall have evidence it issued its SOL Methodology, and any
changes to that methodology, including the date they were issued, in accordance with
Requirement 4.
M3. If the recipient of the SOL Methodology provides documented comments on its technical
review of that SOL methodology, the Reliability Coordinator that distributed that SOL
Methodology shall have evidence that it provided a written response to that commenter within
45 calendar days of receipt of those comments in accordance with Requirement 5 (Retired)
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Regional Reliability Organization
1.2. Compliance Monitoring Period and Reset Time Frame
Each Reliability Coordinator shall self-certify its compliance to the Compliance Monitor
at least once every three years. New Reliability Authorities shall demonstrate
compliance through an on-site audit conducted by the Compliance Monitor within the
first year that it commences operation. The Compliance Monitor shall also conduct an onsite audit once every nine years and an investigation upon complaint to assess
performance.
The Performance-Reset Period shall be twelve months from the last non-compliance.
1.3. Data Retention
The Reliability Coordinator shall keep all superseded portions to its SOL Methodology
for 12 months beyond the date of the change in that methodology and shall keep all
documented comments on its SOL Methodology and associated responses for three years.
In addition, entities found non-compliant shall keep information related to the noncompliance until found compliant. (Deleted text retired)
The Compliance Monitor shall keep the last audit and all subsequent compliance records.
1.4. Additional Compliance Information
The Reliability Coordinator shall make the following available for inspection during an
on-site audit by the Compliance Monitor or within 15 business days of a request as part
of an investigation upon complaint:

1.4.1

SOL Methodology.

1.4.2

Documented comments provided by a recipient of the SOL Methodology on its
technical review of a SOL Methodology, and the associated responses. (Retired)

1.4.3

Superseded portions of its SOL Methodology that had been made within the past
12 months.

1.4.4

Evidence that the SOL Methodology and any changes to the methodology that
occurred within the past 12 months were issued to all required entities.

Levels of Non-Compliance for Western Interconnection: (To be replaced with VSLs once
developed and approved by WECC)

Ad o p te d b y Bo a rd o f Tru s te e s : J u ne 24, 2008
Effe c tive Da te : Ap ril 29, 2009

Page 3 of 9

Formatted: Strikethrough

Formatted: Font color: Red

S ta n d a rd FAC-011-2 — S ys te m Op e ra tin g Lim its Me th o d o lo g y fo r th e Op e ra tio n s Ho rizo n

2.1. Level 1:
There shall be a level one non-compliance if either of the following
conditions exists:
2.1.1

The SOL Methodology did not include a statement indicating that Facility
Ratings shall not be exceeded.

2.1.2

No evidence of responses to a recipient’s comments on the SOL Methodology
(Retired)

2.2. Level 2:
The SOL Methodology did not include a requirement to address all of the
elements in R3.1, R3.2, R3.4 through R3.7 and E1.
2.3. Level 3:
There shall be a level three non-compliance if any of the following
conditions exists:
2.3.1

2.3.2

2.3.3

The System Operating Limits Methodology did not include a statement
indicating that Facility Ratings shall not be exceeded and the methodology did
not address two of the six required topics in R3.1, R3.2, R3.4 through R3.7.

2.4. Level 4:
with R4.

The SOL Methodology was not issued to all required entities in accordance

Ad o p te d b y Bo a rd o f Tru s te e s : J u ne 24, 2008
Effe c tive Da te : Ap ril 29, 2009

Page 4 of 9

S ta n d a rd FAC-011-2 — S ys te m Op e ra tin g Lim its Me th o d o lo g y fo r th e Op e ra tio n s Ho rizo n

Violation Severity Levels:

Requirement

Lower

Moderate

High

Severe

Not applicable.

The Reliability Coordinator has a
documented SOL Methodology
for use in developing SOLs
within its Reliability Coordinator
Area, but it does not address
R1.2

The Reliability Coordinator has a
documented SOL Methodology
for use in developing SOLs
within its Reliability Coordinator
Area, but it does not address
R1.3.

The Reliability Coordinator has a
documented SOL Methodology
for use in developing SOLs
within its Reliability Coordinator
Area, but it does not address
R1.1.
OR
The Reliability Coordinator has
no documented SOL
Methodology for use in
developing SOLs within its
Reliability Coordinator Area.

The Reliability Coordinator‘s
SOL Methodology requires that
SOLs are set to meet BES
performance following single
contingencies, but does not
require that SOLs are set to
meet BES performance in the
pre-contingency state. (R2.1)

Not applicable.

The Reliability Coordinator‘s
SOL Methodology requires that
SOLs are set to meet BES
performance in the precontingency state, but does not
require that SOLs are set to
meet BES performance following
single contingencies. (R2.2 –
R2.4)

The Reliability Coordinator’s
SOL Methodology does not
require that SOLs are set to
meet BES performance in the
pre-contingency state and does
not require that SOLs are set to
meet BES performance following
single contingencies. (R2.1
through R2.4)

The Reliability Coordinator has a
methodology for determining
SOLs that includes a description
for all but one of the following:
R3.1 through R3.7.

The Reliability Coordinator has a
methodology for determining
SOLs that includes a description
for all but two of the following:
R3.1 through R3.7.

The Reliability Coordinator has a
methodology for determining
SOLs that includes a description
for all but three of the following:
R3.1 through R3.7.

The Reliability Coordinator has a
methodology for determining
SOLs that is missing a
description of three or more of
the following: R3.1 through R3.7.

One or both of the following:
The Reliability Coordinator
issued its SOL Methodology and
changes to that methodology to
all but one of the required
entities.
For a change in methodology,
the changed methodology was

One of the following:
The Reliability Coordinator
issued its SOL Methodology and
changes to that methodology to
all but one of the required
entities AND for a change in
methodology, the changed
methodology was provided 30

One of the following:
The Reliability Coordinator failed
to issue its SOL Methodology
and changes to that
methodology to more than three
of the required entities.
The Reliability Coordinator
issued its SOL Methodology and

Ad o p te d b y Bo a rd o f Tru s te e s : J u n e 24, 2008
Effe c tive Da te : Ap ril 29, 2009

P a ge 5 o f 9

S ta n d a rd FAC-011-2 — S ys te m Op e ra tin g Lim its Me th o d o lo g y fo r th e Op e ra tio n s Ho rizo n

Requirement

Lower

Moderate

High

Severe

provided up to 30 calendar days
after the effectiveness of the
change.

calendar days or more, but less
than 60 calendar days after the
effectiveness of the change.
OR
The Reliability Coordinator
issued its SOL Methodology and
changes to that methodology to
all but two of the required entities
AND for a change in
methodology, the changed
methodology was provided up to
30 calendar days after the
effectiveness of the change.

calendar days or more, but less
than 90 calendar days after the
effectiveness of the change.
OR
The Reliability Coordinator
issued its SOL Methodology and
changes to that methodology to
all but two of the required entities
AND for a change in
methodology, the changed
methodology was provided 30
calendar days or more, but less
than 60 calendar days after the
effectiveness of the change.
OR
The Reliability Coordinator
issued its SOL Methodology and
changes to that methodology to
all but three of the required
entities AND for a change in
methodology, the changed
methodology was provided up to
30 calendar days after the
effectiveness of the change.

changes to that methodology to
all but one of the required
entities AND for a change in
methodology, the changed
methodology was provided 90
calendar days or more after the
effectiveness of the change.
OR
The Reliability Coordinator
issued its SOL Methodology and
changes to that methodology to
all but two of the required entities
AND for a change in
methodology, the changed
methodology was provided 60
calendar days or more, but less
than 90 calendar days after the
effectiveness of the change.
OR
The Reliability Coordinator
issued its SOL Methodology and
changes to that methodology to
all but three of the required
entities AND for a change in
methodology, the changed
methodology was provided 30
calendar days or more, but less
than 60 calendar days after the
effectiveness of the change.
OR
The Reliability Coordinator
issued its SOL Methodology and
changes to that methodology to
all but four of the required
entities AND for a change in
methodology, the changed
methodology was provided up to

Ad o p te d b y Bo a rd o f Tru s te e s : J u n e 24, 2008
Effe c tive Da te : Ap ril 29, 2009

P a ge 6 o f 9

S ta n d a rd FAC-011-2 — S ys te m Op e ra tin g Lim its Me th o d o lo g y fo r th e Op e ra tio n s Ho rizo n

Requirement

Lower

Moderate

High

Severe
30 calendar days after the
effectiveness of the change.

R5
(Retired)

The Reliability Coordinator
received documented technical
comments on its SOL
Methodology and provided a
complete response in a time
period that was longer than 45
calendar days but less than 60
calendar days.

Ad o p te d b y Bo a rd o f Tru s te e s : J u n e 24, 2008
Effe c tive Da te : Ap ril 29, 2009

The Reliability Coordinator
received documented technical
comments on its SOL
Methodology and provided a
complete response in a time
period that was 60 calendar days
or longer but less than 75
calendar days.

The Reliability Coordinator
received documented technical
comments on its SOL
Methodology and provided a
complete response in a time
period that was 75 calendar days
or longer but less than 90
calendar days.
OR
The Reliability Coordinator’s
response to documented
technical comments on its SOL
Methodology indicated that a
change will not be made, but did
not include an explanation of
why the change will not be
made.

The Reliability Coordinator
received documented technical
comments on its SOL
Methodology and provided a
complete response in a time
period that was 90 calendar days
or longer.
OR
The Reliability Coordinator’s
response to documented
technical comments on its SOL
Methodology did not indicate
whether a change will be made
to the SOL Methodology.

P a ge 7 o f 9

S ta n d a rd FAC-011-2 — S ys te m Op e ra tin g Lim its Me th o d o lo g y fo r th e Op e ra tio n s Ho rizo n

Regional Differences
1.

The following Interconnection-wide Regional Difference shall be applicable in the Western
Interconnection:
1.1. As governed by the requirements of R3.3, starting with all Facilities in service, shall
require the evaluation of the following multiple Facility Contingencies when establishing
SOLs:
1.1.1

1.1.2

1.1.3

Simultaneous permanent loss of both poles of a direct current bipolar Facility
without an alternating current Fault.

1.1.4

1.1.5

A non-three phase Fault with Normal Clearing on common mode Contingency of
two adjacent circuits on separate towers unless the event frequency is determined
to be less than one in thirty years.

1.1.6

A common mode outage of two generating units connected to the same
switchyard, not otherwise addressed by FAC-011.

1.1.7

The loss of multiple bus sections as a result of failure or delayed clearing of a bus
tie or bus sectionalizing breaker to clear a permanent Phase to Ground Fault.

1.2. SOLs shall be established such that for multiple Facility Contingencies in E1.1.1 through
E1.1.5 operation within the SOL shall provide system performance consistent with the
following:
1.2.1

All Facilities are operating within their applicable Post-Contingency thermal,
frequency and voltage limits.

1.2.2

Cascading does not occur.

1.2.3

Uncontrolled separation of the system does not occur.

1.2.4

The system demonstrates transient, dynamic and voltage stability.

1.2.5

1.2.6

Interruption of firm transfer, Load or system reconfiguration is permitted through
manual or automatic control or protection actions.

Ad o p te d b y Bo a rd o f Tru s te e s : J u ne 24, 2008

Page 8 of 9

S ta n d a rd FAC-011-2 — S ys te m Op e ra tin g Lim its Me th o d o lo g y fo r th e Op e ra tio n s Ho rizo n

1.2.7

To prepare for the next Contingency, system adjustments are permitted, including
changes to generation, Load and the transmission system topology when
determining limits.

Cascading does not occur.

Date

Action

Change Tracking

November 1,
2006

Adopted by Board of Trustees

New

Changed the effective date to October 1,
2008
Changed “Cascading Outage” to
“Cascading”
Replaced Levels of Non-compliance with
Violation Severity Levels
Corrected footnote 1 to reference FAC-011
rather than FAC-010

Revised

June 24, 2008

Adopted by Board of Trustees: FERC Order
705

Revised

January 22,
2010

Updated effective date and footer to April
29, 2009 based on the March 20, 2009
FERC Order

Update

TBD

R5 and associated elements retired as part of
the Paragraph 81 project (Project 2013-02)

Ad o p te d b y Bo a rd o f Tru s te e s : J u ne 24, 2008
Effe c tive Da te : Ap ril 29, 2009

Page 9 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fe r Ca p a b ility fo r th e Ne a r-te rm
Tra n s m is s io n P la n n in g Ho rizo n

A. Introduction
1.

Title:
Assessment of Transfer Capability for the Near-Term Transmission
Planning Horizon

Number:

Purpose: To ensure that Planning Coordinators have a methodology for, and
perform an annual assessment to identify potential future Transmission System
weaknesses and limiting Facilities that could impact the Bulk Electric System’s (BES)
ability to reliably transfer energy in the Near-Term Transmission Planning Horizon.

Applicability:

FAC-013-2

4.1. Planning Coordinators
5.

Effective Date:
In those jurisdictions where regulatory approval is required, the latter of either the first
day of the first calendar quarter twelve months after applicable regulatory approval or
the first day of the first calendar quarter six months after MOD-001-1, MOD-028-1,
MOD-029-1, and MOD-030-2 are effective.
In those jurisdictions where no regulatory approval is required, the latter of either the
first day of the first calendar quarter twelve months after Board of Trustees adoption or
the first day of the first calendar quarter six months after MOD-001-1, MOD-028-1,
MOD-029-1 and MOD-030-2 are effective.

B. Requirements
R1. Each Planning Coordinator shall have a documented methodology it uses to perform an
annual assessment of Transfer Capability in the Near-Term Transmission Planning
Horizon (Transfer Capability methodology). The Transfer Capability methodology
shall include, at a minimum, the following information: [Violation Risk Factor:
Medium] [Time Horizon: Long-term Planning ]
1.1. Criteria for the selection of the transfers to be assessed.
1.2. A statement that the assessment shall respect known System Operating Limits
(SOLs).
1.3. A statement that the assumptions and criteria used to perform the assessment are
consistent with the Planning Coordinator’s planning practices.
1.4. A description of how each of the following assumptions and criteria used in
performing the assessment are addressed:
1.4.1. Generation dispatch, including but not limited to long term planned
outages, additions and retirements.
1.4.2. Transmission system topology, including but not limited to long term
planned Transmission outages, additions, and retirements.
1.4.3. System demand.
1.4.4. Current approved and projected Transmission uses.

Page 1 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fe r Ca p a b ility fo r th e Ne a r-te rm
Tra n s m is s io n P la n n in g Ho rizo n

1.4.5. Parallel path (loop flow) adjustments.
1.4.6. Contingencies
1.4.7. Monitored Facilities.
1.5. A description of how simulations of transfers are performed through the
adjustment of generation, Load or both.
R2. Each Planning Coordinator shall issue its Transfer Capability methodology, and any
revisions to the Transfer Capability methodology, to the following entities subject to
the following: [Violation Risk Factor: Lower] [Time Horizon: Long-term Planning]
2.1. Distribute to the following prior to the effectiveness of such revisions:
2.1.1. Each Planning Coordinator adjacent to the Planning Coordinator’s
Planning Coordinator area or overlapping the Planning Coordinator’s area.
2.1.2. Each Transmission Planner within the Planning Coordinator’s Planning
Coordinator area.
2.2. Distribute to each functional entity that has a reliability-related need for the
Transfer Capability methodology and submits a request for that methodology
within 30 calendar days of receiving that written request.
R3. If a recipient of the Transfer Capability methodology provides documented concerns
with the methodology, the Planning Coordinator shall provide a documented response
to that recipient within 45 calendar days of receipt of those comments. The response
shall indicate whether a change will be made to the Transfer Capability methodology
and, if no change will be made to that Transfer Capability methodology, the reason
why. [Violation Risk Factor: Lower][Time Horizon: Long-term Planning] (Retired)
R4. During each calendar year, each Planning Coordinator shall conduct simulations and
document an assessment based on those simulations in accordance with its Transfer
Capability methodology for at least one year in the Near-Term Transmission Planning
Horizon. [Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
R5. Each Planning Coordinator shall make the documented Transfer Capability assessment
results available within 45 calendar days of the completion of the assessment to the
recipients of its Transfer Capability methodology pursuant to Requirement R2, Parts
2.1 and Part 2.2. However, if a functional entity that has a reliability related need for
the results of the annual assessment of the Transfer Capabilities makes a written
request for such an assessment after the completion of the assessment, the Planning
Coordinator shall make the documented Transfer Capability assessment results
available to that entity within 45 calendar days of receipt of the request [Violation Risk
Factor: Lower] [Time Horizon: Long-term Planning]
R6. If a recipient of a documented Transfer Capability assessment requests data to support
the assessment results, the Planning Coordinator shall provide such data to that entity
within 45 calendar days of receipt of the request. The provision of such data shall be
subject to the legal and regulatory obligations of the Planning Coordinator’s area
regarding the disclosure of confidential and/or sensitive information. [Violation Risk
Factor: Lower] [Time Horizon: Long-term Planning]

Page 2 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fe r Ca p a b ility fo r th e Ne a r-te rm
Tra n s m is s io n P la n n in g Ho rizo n

C. Measures
M1. Each Planning Coordinator shall have a Transfer Capability methodology that includes
the information specified in Requirement R1.
M2. Each Planning Coordinator shall have evidence such as dated e-mail or dated
transmittal letters that it provided the new or revised Transfer Capability methodology
in accordance with Requirement R2
M3. Each Planning Coordinator shall have evidence, such as dated e-mail or dated
transmittal letters, that the Planning Coordinator provided a written response to that
commenter in accordance with Requirement R3. (Retired)
M4. Each Planning Coordinator shall have evidence such as dated assessment results, that it
conducted and documented a Transfer Capability assessment in accordance with
Requirement R4.
M5. Each Planning Coordinator shall have evidence, such as dated copies of e-mails or
transmittal letters, that it made its documented Transfer Capability assessment
available to the entities in accordance with Requirement R5.
M6. Each Planning Coordinator shall have evidence, such as dated copies of e-mails or
transmittal letters, that it made its documented Transfer Capability assessment data
available in accordance with Requirement R6.
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
Regional Entity
1.2. Data Retention
The Planning Coordinator shall keep data or evidence to show compliance as
identified below unless directed by its Compliance Enforcement Authority to
retain specific evidence for a longer period of time as part of an investigation:
•

The Planning Coordinator shall have its current Transfer Capability
methodology and any prior versions of the Transfer Capability methodology
that were in force since the last compliance audit to show compliance with
Requirement R1.

•

The Planning Coordinator shall retain evidence since its last compliance audit
to show compliance with Requirement R2.

•

The Planning Coordinator shall retain evidence to show compliance with
Requirements R3, R4, R5 and R6 for the most recent assessment. (R3 retired)

•

If a Planning Coordinator is found non-compliant, it shall keep information
related to the non-compliance until found compliant or for the time periods
specified above, whichever is longer.

The Compliance Enforcement Authority shall keep the last audit records and all
requested and submitted subsequent audit records.
Page 3 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fe r Ca p a b ility fo r th e Ne a r-te rm
Tra n s m is s io n P la n n in g Ho rizo n

1.3. Compliance Monitoring and Assessment Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Additional Compliance Information
None

Page 4 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term Tra n s m is s io n Pla n n in g Ho rizo n

2.
R#
R1

Violation Severity Levels
Lower VSL

Moderate VSL

The Planning Coordinator
has a Transfer Capability
methodology but failed to
address one or two of the
items listed in Requirement
R1, Part 1.4.

The Planning Coordinator has a
Transfer Capability
methodology, but failed to
incorporate one of the following
Parts of Requirement R1 into
that methodology:
•
•
•
•

Part
Part
Part
Part

High VSL
The Planning Coordinator has a
Transfer Capability
methodology, but failed to
incorporate two of the following
Parts of Requirement R1 into
that methodology:

1.1
1.2
1.3
1.5

•
•
•
•

Part
Part
Part
Part

1.1
1.2
1.3
1.5

The Planning Coordinator has a
Transfer Capability methodology
but failed to address three of the
items listed in Requirement R1,
Part 1.4.

The Planning Coordinator has a
Transfer Capability methodology
but failed to address four of the
items listed in Requirement R1,
Part 1.4.

Severe VSL
The Planning Coordinator did
not have a Transfer Capability
methodology.
OR
The Planning Coordinator has a
Transfer Capability
methodology, but failed to
incorporate three or more of the
following Parts of Requirement
R1 into that methodology:
•
•
•
•

Part
Part
Part
Part

1.1
1.2
1.3
1.5

OR
The Planning Coordinator has a
Transfer Capability methodology
but failed to address more than
four of the items listed in
Requirement R1, Part 1.4.

Page 5 of 9

Formatted Table
Formatted Table

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term Tra n s m is s io n Pla n n in g Ho rizo n
R2

The Planning Coordinator
notified one or more of the
parties specified in
Requirement R2 of a new or
revised Transfer Capability
methodology after its
implementation, but not more
than 30 calendar days after its
implementation.
OR
The Planning Coordinator
provided the transfer Capability
methodology more than 30
calendar days but not more
than 60 calendar days after the
receipt of a request.

R3
(Retired)

The Planning Coordinator
provided a documented
response to a documented
concern with its Transfer
Capability methodology as
required in Requirement R3
more than 45 calendar days,
but not more than 60 calendar
days after receipt of the
concern.

The Planning Coordinator
notified one or more of the
parties specified in
Requirement R2 of a new or
revised Transfer Capability
methodology more than 30
calendar days after its
implementation, but not more
than 60 calendar days after its
implementation.
OR
The Planning Coordinator
provided the Transfer
Capability methodology more
than 60 calendar days but not
more than 90 calendar days
after receipt of a request
The Planning Coordinator
provided a documented
response to a documented
concern with its Transfer
Capability methodology as
required in Requirement R3
more than 60 calendar days,
but not more than 75 calendar
days after receipt of the
concern.

The Planning Coordinator
notified one or more of the
parties specified in
Requirement R2 of a new or
revised Transfer Capability
methodology more than 60
calendar days, but not more
than 90 calendar days after its
implementation.
OR
The Planning Coordinator
provided the Transfer
Capability methodology more
than 90 calendar days but not
more than 120 calendar days
after receipt of a request.

The Planning Coordinator
provided a documented
response to a documented
concern with its Transfer
Capability methodology as
required in Requirement R3
more than 75 calendar days,
but not more than 90 calendar
days after receipt of the
concern.

The Planning Coordinator
failed to notify one or more of
the parties specified in
Requirement R2 of a new or
revised Transfer Capability
methodology more than 90
calendar days after its
implementation.
OR
The Planning Coordinator
provided the Transfer
Capability methodology more
than 120 calendar days after
receipt of a request.

The Planning Coordinator
failed to provide a documented
response to a documented
concern with its Transfer
Capability methodology as
required in Requirement R3 by
more than 90 calendar days
after receipt of the concern.
OR
The Planning Coordinator
failed to respond to a
documented concern with its
Transfer Capability
methodology.

Page 6 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term Tra n s m is s io n Pla n n in g Ho rizo n

R4.

The Planning Coordinator
conducted a Transfer Capability
assessment outside the
calendar year, but not by more
than 30 calendar days.

The Planning Coordinator
conducted a Transfer Capability
assessment outside the
calendar year, by more than 30
calendar days, but not by more
than 60 calendar days.

The Planning Coordinator
conducted a Transfer Capability
assessment outside the
calendar year, by more than 60
calendar days, but not by more
than 90 calendar days.

The Planning Coordinator failed
to conduct a Transfer Capability
assessment outside the
calendar year by more than 90
calendar days.
OR
The Planning Coordinator failed
to conduct a Transfer Capability
assessment.

Page 7 of 9

Formatted Table

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term Tra n s m is s io n Pla n n in g Ho rizo n

The Planning Coordinator
made its documented Transfer
Capability assessment
available to one or more of the
recipients of its Transfer
Capability methodology more
than 45 calendar days after the
requirements of R5,, but not
more than 60 calendar days
after completion of the
assessment.

The Planning Coordinator
made its Transfer Capability
assessment available to one or
more of the recipients of its
Transfer Capability
methodology more than 60
calendar days after the
requirements of R5, but not
more than 75 calendar days
after completion of the
assessment.

The Planning Coordinator
made its Transfer Capability
assessment available to one or
more of the recipients of its
Transfer Capability
methodology more than 75
calendar days after the
requirements of R5, but not
more than 90 days after
completion of the assessment.

The Planning Coordinator
provided the requested data as
required in Requirement R6
more than 45 calendar days
after receipt of the request for
data, but not more than 60
calendar days after the receipt
of the request for data.

The Planning Coordinator
provided the requested data as
required in Requirement R6
more than 60 calendar days
after receipt of the request for
data, but not more than 75
calendar days after the receipt
of the request for data.

The Planning Coordinator
provided the requested data as
required in Requirement R6
more than 75 calendar days
after receipt of the request for
data, but not more than 90
calendar days after the receipt
of the request for data.

The Planning Coordinator
failed to make its documented
Transfer Capability assessment
available to one or more of the
recipients of its Transfer
Capability methodology more
than 90 days after the
requirements of R5.
OR
The Planning Coordinator
failed to make its documented
Transfer Capability assessment
available to any of the
recipients of its Transfer
Capability methodology under
the requirements of R5.
The Planning Coordinator
provided the requested data as
required in Requirement R6
more than 90 after the receipt
of the request for data.
OR
The Planning Coordinator
failed to provide the requested
data as required in
Requirement R6.

Page 8 of 9

Formatted Table

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fe r Ca p a b ility fo r th e Ne a r-te rm
Tra n s m is s io n P la n n in g Ho rizo n

E. Regional Variances
None.
F. Associated Documents
Version History
Version

Date

Action

Change Tracking

08/01/05

1. Changed incorrect use of certain
hyphens (-) to “en dash (–).”
2. Lower cased the word “draft” and
“drafting team” where appropriate.
3. Changed Anticipated Action #5, page 1,
from “30-day” to “Thirty-day.”
4. Added or removed “periods.”

01/20/05

01/24/11

Approved by BOT

11/17/11

FERC Order issued approving FAC-013-2

5/17/12

FERC Order issued directing the VRF’s for
Requirements R1. and R4. be changed from
“Lower” to “Medium.”
FERC Order issued correcting the High and
Severe VSL language for R1.

TBD

R3 and associated elements retired as part of
the Paragraph 81 project (Project 2013-02)

Page 9 of 9

S ta n d a rd INT-007-1 — In te rc h a n g e Co n firm a tion

A. Introduction
1.

Title:

Interchange Confirmation

Number:

INT-007-1

Purpose:
To ensure that each Arranged Interchange is checked for reliability before it is
implemented.

Applicability
4.1. Interchange Authority.

Effective Date:

January 1, 2007

B. Requirements
R1.

The Interchange Authority shall verify that Arranged Interchange is balanced and valid prior to
transitioning Arranged Interchange to Confirmed Interchange by verifying the following:
R1.1.

Source Balancing Authority megawatts equal sink Balancing Authority megawatts
(adjusted for losses, if appropriate).

R1.2.

All reliability entities involved in the Arranged Interchange are currently in the NERC
registry. (Retired)

R1.3.

The following are defined:
R1.3.1. Generation source and load sink.
R1.3.2. Megawatt profile.
R1.3.3. Ramp start and stop times.
R1.3.4. Interchange duration.

R1.4.

Each Balancing Authority and Transmission Service Provider that received the
Arranged Interchange information from the Interchange Authority for reliability
assessment has provided approval.

C. Measures
M1. For each Arranged Interchange, the Interchange Authority shall show evidence that it has
verified the Arranged Interchange information prior to the dissemination of the Confirmed
Interchange.
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Regional Reliability Organization.
1.2. Compliance Monitoring Period and Reset Time Frame
The Performance-Reset Period shall be twelve months from the last noncompliance to
Requirement 1.
1.3. Data Retention
The Interchange Authority shall keep 90 days of historical data. The Compliance
Monitor shall keep audit records for a minimum of three calendar years.

Ad o p te d b y Bo a rd o f Tru s te e s : Ma y 2, 2006
Effe c tive Da te : J a n u a ry 1, 2007

Page 1 of 3

S ta n d a rd INT-007-1 — In te rc h a n g e Co n firm a tion

1.4. Additional Compliance Information
Each Interchange Authority shall demonstrate compliance to the Compliance Monitor
within the first year that this standard becomes effective or the first year the entity
commences operation by self-certification to the Compliance Monitor.
Subsequent to the initial compliance review, compliance may be:
1.4.1

Verified by audit at least once every three years.

1.4.2

Verified by spot checks in years between audits.

1.4.3

Verified by annual audits of noncompliant Interchange Authorities, until
compliance is demonstrated.

1.4.4

Verified at any time as the result of a complaint. Complaints must be lodged
within 60 days of the incident. Complaints will be evaluated by the Compliance
Monitor.

Each Interchange Authority shall make the following available for inspection by the
Compliance Monitor upon request:

1.4.5

For compliance audits and spot checks, relevant data and system log records for
the audit period which indicate an Interchange Authority’s verification that all
Arranged Interchange was balanced and valid as defined in R1. The Compliance
Monitor may request up to a three-month period of historical data ending with
the date the request is received by the Interchange Authority.

1.4.6

For specific complaints, only those data and system log records associated with
the specific Interchange event contained in the complaint which indicate an
Interchange Authority’s verification that an Arranged Interchange was balanced
and valid as defined in R1 for that specific Interchange

Levels of Non-Compliance
2.1. Level 1:
in R1.

One occurrence 1 where Interchange-related data was not verified as defined

2.2. Level 2:
in R1.

Two occurrences where Interchange-related data was not verified as defined

2.3. Level 3:
Three occurrences where Interchange-related data was not verified as
defined in R1.
2.4. Level 4:
Four or more occurrences where Interchange-related data was not verified as
defined in R1.
E. Regional Differences
None

This does not include instances of not verifying due to extenuating circumstances approved by the Compliance
Monitor.

Ad o p te d b y Bo a rd o f Tru s te e s : Ma y 2, 2006
Effe c tive Da te : J a n u a ry 1, 2007

Page 2 of 3

S ta n d a rd INT-007-1 — In te rc h a n g e Co n firm a tion

Version History
Version

Date

Action

TBD

R1.2 and associated elements retired as part
of the Paragraph 81 project (Project 201302)

Ad o p te d b y Bo a rd o f Tru s te e s : Ma y 2, 2006
Effe c tive Da te : J a n u a ry 1, 2007

Change Tracking

Page 3 of 3

Standard IRO-016-1 — Coordination of Real-time Activities Between Reliability Coordinators

A. Introduction
1.

Title:

Coordination of Real-time Activities Between Reliability Coordinators

Number:

IRO-016-1

Purpose:
To ensure that each Reliability Coordinator’s operations are coordinated such
that they will not have an Adverse Reliability Impact on other Reliability Coordinator Areas
and to preserve the reliability benefits of interconnected operations.

Applicability
4.1. Reliability Coordinator

Effective Date:

November 1, 2006

B. Requirements
R1.

The Reliability Coordinator that identifies a potential, expected, or actual problem that requires
the actions of one or more other Reliability Coordinators shall contact the other Reliability
Coordinator(s) to confirm that there is a problem and then discuss options and decide upon a
solution to prevent or resolve the identified problem.
R1.1.

If the involved Reliability Coordinators agree on the problem and the actions to take
to prevent or mitigate the system condition, each involved Reliability Coordinator
shall implement the agreed-upon solution, and notify the involved Reliability
Coordinators of the action(s) taken.

R1.2.

If the involved Reliability Coordinators cannot agree on the problem(s) each
Reliability Coordinator shall re-evaluate the causes of the disagreement (bad data,
status, study results, tools, etc.).
R1.2.1. If time permits, this re-evaluation shall be done before taking corrective
actions.
R1.2.2. If time does not permit, then each Reliability Coordinator shall operate as
though the problem(s) exist(s) until the conflicting system status is resolved.

R1.3.
R2.

If the involved Reliability Coordinators cannot agree on the solution, the more
conservative solution shall be implemented.

The Reliability Coordinator shall document (via operator logs or other data sources) its actions
taken for either the event or for the disagreement on the problem(s) or for both. (Retired)

C. Measures
M1. For each event that requires Reliability Coordinator-to-Reliability Coordinator coordination,
each involved Reliability Coordinator shall have evidence (operator logs or other data sources)
of the actions taken for either the event or for the disagreement on the problem or for both.
D. Compliance
1. Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Regional Reliability Organization
1.2. Compliance Monitoring Period and Reset Time Frame
The performance reset period shall be one calendar year.

Ad o p te d b y Bo a rd o f Tru s te e s : Fe b ru a ry 7, 2006
Effe c tive Da te : No ve m b e r 1, 2006

1 of 3

Standard IRO-016-1 — Coordination of Real-time Activities Between Reliability Coordinators

1.3. Data Retention
The Reliability Coordinator shall keep auditable evidence for a rolling 12 months. In
addition, entities found non-compliant shall keep information related to the non-compliance
until it has been found compliant. The Compliance Monitor shall keep compliance data for
a minimum of three years or until the Reliability Coordinator has achieved full compliance,
whichever is longer.
1.4. Additional Compliance Information
The Reliability Coordinator shall demonstrate compliance through self-certification
submitted to its Compliance Monitor annually. The Compliance Monitor shall use a
scheduled on-site review at least once every three years. The Compliance Monitor shall
conduct an investigation upon a complaint that is received within 30 days of an alleged
infraction’s discovery date. The Compliance Monitor shall complete the investigation and
report back to all involved Reliability Coordinators (the Reliability Coordinator that
complained as well as the Reliability Coordinator that was investigated) within 45 days
after the start of the investigation. As part of an audit or investigation, the Compliance
Monitor shall interview other Reliability Coordinators within the Interconnection and
verify that the Reliability Coordinator being audited or investigated has been coordinating
actions to prevent or resolve potential, expected, or actual problems that adversely impact
the Interconnection.
The Reliability Coordinator shall have the following available for its Compliance Monitor
to inspect during a scheduled, on-site review or within five working days of a request as
part of an investigation upon complaint:
1.4.1
2.

Evidence (operator log or other data source) to show coordination with other
Reliability Coordinators.

Levels of Non-Compliance
2.1. Level 1:
For potential, actual or expected events which required Reliability
Coordinator-to-Reliability Coordinator coordination, the Reliability Coordinator did
coordinate, but did not have evidence that it coordinated with other Reliability
Coordinators.
2.2. Level 2:

Not applicable.

2.3. Level 3:

Not applicable.

2.4. Level 4:
For potential, actual or expected events which required Reliability
Coordinator-to-Reliability Coordinator coordination, the Reliability Coordinator did not
coordinate with other Reliability Coordinators.
E. Regional Differences
None identified.
Version History
Version

Date

Action

Change Tracking

Version 1

August 10, 2005

01/20/06

Changed incorrect use of certain hyphens (-)
to “en dash (–).”
Hyphenated “30-day” and “Reliability
Coordinator-to-Reliability Coordinator”
when used as adjective.

Ad o p te d b y Bo a rd o f Tru s te e s : Fe b ru a ry 7, 2006
Effe c tive Da te : No ve m b e r 1, 2006

2 of 3

Standard IRO-016-1 — Coordination of Real-time Activities Between Reliability Coordinators

Changed standard header to be consistent
with standard “Title.”
4. Added “periods” to items where
appropriate.
5. Initial capped heading “Definitions of
Terms Used in Standard.”
6. Changed “Timeframe” to “Time Frame” in
item D, 1.2.
7. Lower cased all words that are not “defined”
terms — drafting team, and selfcertification.
8. Changed apostrophes to “smart” symbols.
9. Removed comma after word “condition” in
item R.1.1.
10. Added comma after word “expected” in
item 1.4, last sentence.
11. Removed extra spaces between words where
appropriate.

TBD

R2 and associated elements retired as part of
the Paragraph 81 project (Project 2013-02)

Ad o p te d b y Bo a rd o f Tru s te e s : Fe b ru a ry 7, 2006
Effe c tive Da te : No ve m b e r 1, 2006

3 of 3

S ta n d a rd NUC-001-2 — Nu c le a r P la nt In terfa c e Co o rd in atio n
A. Introduction
1.

Title:

Nuclear Plant Interface Coordination

Number:

NUC-001-2

Purpose:
This standard requires coordination between Nuclear Plant Generator Operators
and Transmission Entities for the purpose of ensuring nuclear plant safe operation and
shutdown.

Applicability:
4.1. Nuclear Plant Generator Operator.
4.2. Transmission Entities shall mean all entities that are responsible for providing services
related to Nuclear Plant Interface Requirements (NPIRs). Such entities may include one
or more of the following:
4.2.1

Transmission Operators.

4.2.2

Transmission Owners.

4.2.3

Transmission Planners.

4.2.4

Transmission Service Providers.

4.2.5

Balancing Authorities.

4.2.6

Reliability Coordinators.

4.2.7

Planning Coordinators.

4.2.8

Distribution Providers.

4.2.9

Load-serving Entities.

4.2.10 Generator Owners.
4.2.11 Generator Operators.
5.

Effective Date:

April 1, 2010

B. Requirements
R1.

The Nuclear Plant Generator Operator shall provide the proposed NPIRs in writing to the
applicable Transmission Entities and shall verify receipt [Risk Factor: Lower]

R2.

The Nuclear Plant Generator Operator and the applicable Transmission Entities shall have in
effect one or more Agreements 1 that include mutually agreed to NPIRs and document how the
Nuclear Plant Generator Operator and the applicable Transmission Entities shall address and
implement these NPIRs. [Risk Factor: Medium]

R3.

Per the Agreements developed in accordance with this standard, the applicable Transmission
Entities shall incorporate the NPIRs into their planning analyses of the electric system and shall
communicate the results of these analyses to the Nuclear Plant Generator Operator. [Risk
Factor: Medium]

R4.

Per the Agreements developed in accordance with this standard, the applicable Transmission
Entities shall: [Risk Factor: High]

1. Agreements may include mutually agreed upon procedures or protocols in effect between entities or between
departments of a vertically integrated system.
Ad o p te d b y NERC Bo a rd o f Tru s te e s : Au g u s t 5, 2009
Effe c tive Da te : Ap ril 1, 2010

S ta n d a rd NUC-001-2 — Nu c le a r P la nt In terfa c e Co o rd in atio n
R4.1.

Incorporate the NPIRs into their operating analyses of the electric system.

R4.2.

Operate the electric system to meet the NPIRs.

R4.3.

Inform the Nuclear Plant Generator Operator when the ability to assess the operation
of the electric system affecting NPIRs is lost.

R5.

The Nuclear Plant Generator Operator shall operate per the Agreements developed in
accordance with this standard. [Risk Factor: High]

R6.

Per the Agreements developed in accordance with this standard, the applicable Transmission
Entities and the Nuclear Plant Generator Operator shall coordinate outages and maintenance
activities which affect the NPIRs. [Risk Factor: Medium]

R7.

Per the Agreements developed in accordance with this standard, the Nuclear Plant Generator
Operator shall inform the applicable Transmission Entities of actual or proposed changes to
nuclear plant design, configuration, operations, limits, protection systems, or capabilities that
may impact the ability of the electric system to meet the NPIRs. [Risk Factor: High]

R8.

Per the Agreements developed in accordance with this standard, the applicable Transmission
Entities shall inform the Nuclear Plant Generator Operator of actual or proposed changes to
electric system design, configuration, operations, limits, protection systems, or capabilities that
may impact the ability of the electric system to meet the NPIRs. [Risk Factor: High]

R9.

The Nuclear Plant Generator Operator and the applicable Transmission Entities shall include,
as a minimum, the following elements within the agreement(s) identified in R2: [Risk Factor:
Medium]
R9.1.

Administrative elements: (Retired)
R9.1.1. Definitions of key terms used in the agreement. (Retired)
R9.1.2. Names of the responsible entities, organizational relationships, and
responsibilities related to the NPIRs. (Retired)
R9.1.3. A requirement to review the agreement(s) at least every three years.
(Retired)
R9.1.4. A dispute resolution mechanism. (Retired)

R9.2.

Technical requirements and analysis:
R9.2.1. Identification of parameters, limits, configurations, and operating scenarios
included in the NPIRs and, as applicable, procedures for providing any
specific data not provided within the agreement.
R9.2.2. Identification of facilities, components, and configuration restrictions that
are essential for meeting the NPIRs.
R9.2.3. Types of planning and operational analyses performed specifically to
support the NPIRs, including the frequency of studies and types of
Contingencies and scenarios required.

R9.3.

Ad o p te d b y NERC Bo a rd o f Tru s te e s : Au g u s t 5, 2009
Effe c tive Da te : Ap ril 1, 2010

S ta n d a rd NUC-001-2 — Nu c le a r P la nt In terfa c e Co o rd in atio n
R9.3.2. Identification of any maintenance requirements for equipment not owned or
controlled by the Nuclear Plant Generator Operator that are necessary to
meet the NPIRs.
R9.3.3. Coordination of testing, calibration and maintenance of on-site and off-site
power supply systems and related components.
R9.3.4. Provisions to address mitigating actions needed to avoid violating NPIRs
and to address periods when responsible Transmission Entity loses the
ability to assess the capability of the electric system to meet the NPIRs.
These provisions shall include responsibility to notify the Nuclear Plant
Generator Operator within a specified time frame.
R9.3.5. Provision for considering, within the restoration process, the requirements
and urgency of a nuclear plant that has lost all off-site and on-site AC
power. .
R9.3.6. Coordination of physical and cyber security protection of the Bulk Electric
System at the nuclear plant interface to ensure each asset is covered under at
least one entity’s plan.
R9.3.7. Coordination of the NPIRs with transmission system Special Protection
Systems and underfrequency and undervoltage load shedding programs.
R9.4.

Communications and training:
R9.4.1. Provisions for communications between the Nuclear Plant Generator
Operator and Transmission Entities, including communications protocols,
notification time requirements, and definitions of terms.
R9.4.2. Provisions for coordination during an off-normal or emergency event
affecting the NPIRs, including the need to provide timely information
explaining the event, an estimate of when the system will be returned to a
normal state, and the actual time the system is returned to normal.
R9.4.3. Provisions for coordinating investigations of causes of unplanned events
affecting the NPIRs and developing solutions to minimize future risk of
such events.
R9.4.4. Provisions for supplying information necessary to report to government
agencies, as related to NPIRs.
R9.4.5. Provisions for personnel training, as related to NPIRs.

C. Measures
M1. The Nuclear Plant Generator Operator shall, upon request of the Compliance Enforcement
Authority, provide a copy of the transmittal and receipt of transmittal of the proposed NPIRs to
the responsible Transmission Entities. (Requirement 1)
M2. The Nuclear Plant Generator Operator and each Transmission Entity shall each have a copy of
the Agreement(s) addressing the elements in Requirement 9 available for inspection upon
request of the Compliance Enforcement Authority. (Requirement 2 and 9)
M3. Each Transmission Entity responsible for planning analyses in accordance with the Agreement
shall, upon request of the Compliance Enforcement Authority, provide a copy of the planning
analyses results transmitted to the Nuclear Plant Generator Operator, showing incorporation of
the NPIRs. The Compliance Enforcement Authority shall refer to the Agreements developed
in accordance with this standard for specific requirements. (Requirement 3)
Ad o p te d b y NERC Bo a rd o f Tru s te e s : Au g u s t 5, 2009
Effe c tive Da te : Ap ril 1, 2010

S ta n d a rd NUC-001-2 — Nu c le a r P la nt In terfa c e Co o rd in atio n
M4. Each Transmission Entity responsible for operating the electric system in accordance with the
Agreement shall demonstrate or provide evidence of the following, upon request of the
Compliance Enforcement Authority:
M4.1

The NPIRs have been incorporated into the current operating analysis of the electric
system. (Requirement 4.1)

M4.2

The electric system was operated to meet the NPIRs. (Requirement 4.2)

M4.3

The Transmission Entity informed the Nuclear Plant Generator Operator when it
became aware it lost the capability to assess the operation of the electric system
affecting the NPIRs. (Requirement 4.3)

M5. The Nuclear Plant Generator Operator shall, upon request of the Compliance Enforcement
Authority, demonstrate or provide evidence that the Nuclear Power Plant is being operated
consistent with the Agreements developed in accordance with this standard. (Requirement 5)
M6. The Transmission Entities and Nuclear Plant Generator Operator shall, upon request of the
Compliance Enforcement Authority, provide evidence of the coordination between the
Transmission Entities and the Nuclear Plant Generator Operator regarding outages and
maintenance activities which affect the NPIRs. (Requirement 6)
M7. The Nuclear Plant Generator Operator shall provide evidence that it informed the applicable
Transmission Entities of changes to nuclear plant design, configuration, operations, limits,
protection systems, or capabilities that would impact the ability of the Transmission Entities to
meet the NPIRs. (Requirement 7)
M8. The Transmission Entities shall each provide evidence that it informed the Nuclear Plant
Generator Operator of changes to electric system design, configuration, operations, limits,
protection systems, or capabilities that would impact the ability of the Nuclear Plant Generator
Operator to meet the NPIRs. (Requirement 8)
D. Compliance
1.

Ad o p te d b y NERC Bo a rd o f Tru s te e s : Au g u s t 5, 2009
Effe c tive Da te : Ap ril 1, 2010

S ta n d a rd NUC-001-2 — Nu c le a r P la nt In terfa c e Co o rd in atio n
The Responsible Entity shall keep data or evidence to show compliance as identified below
unless directed by its Compliance Enforcement Authority to retain specific evidence for a
longer period of time as part of an investigation:
•

For Measure 1, the Nuclear Plant Generator Operator shall keep its latest
transmittals and receipts.

•

For Measure 2, the Nuclear Plant Generator Operator and each Transmission
Entity shall have its current, in-force agreement.

•

For Measure 3, the Transmission Entity shall have the latest planning analysis
results.

•

For Measures 4.3, 6 and 8, the Transmission Entity shall keep evidence for two
years plus current.

•

For Measures 5, 6 and 7, the Nuclear Plant Generator Operator shall keep
evidence for two years plus current.

If a Responsible Entity is found non-compliant it shall keep information related to the
noncompliance until found compliant.
The Compliance Enforcement Authority shall keep the last audit records and all
requested and submitted subsequent audit records.
1.5. Additional Compliance Information
None.
2.

Violation Severity Levels
2.1. Lower: Agreement(s) exist per this standard and NPIRs were identified and
implemented, but documentation described in M1-M8 was not provided.
2.2. Moderate:
Agreement(s) exist per R2 and NPIRs were identified and implemented,
but one or more elements of the Agreement in R9 were not met.
2.3. High: One or more requirements of R3 through R8 were not met.
2.4. Severe: No proposed NPIRs were submitted per R1, no Agreement exists per this
standard, or the Agreements were not implemented.

E. Regional Differences
The design basis for Canadian (CANDU) NPPs does not result in the same licensing requirements as
U.S. NPPs. NRC design criteria specifies that in addition to emergency on-site electrical power,
electrical power from the electric network also be provided to permit safe shutdown. This requirement
is specified in such NRC Regulations as 10 CFR 50 Appendix A — General Design Criterion 17 and
10 CFR 50.63 Loss of all alternating current power. There are no equivalent Canadian Regulatory
requirements for Station Blackout (SBO) or coping times as they do not form part of the licensing
basis for CANDU NPPs.
Therefore the definition of NPLR for Canadian CANDU units will be as follows:
Nuclear Plant Licensing Requirements (NPLR) are requirements included in the design basis
of the nuclear plant and are statutorily mandated for the operation of the plant; when used in this
standard, NPLR shall mean nuclear power plant licensing requirements for avoiding preventable
challenges to nuclear safety as a result of an electric system disturbance, transient, or condition.
F. Associated Documents

Ad o p te d b y NERC Bo a rd o f Tru s te e s : Au g u s t 5, 2009
Effe c tive Da te : Ap ril 1, 2010

S ta n d a rd NUC-001-2 — Nu c le a r P la nt In terfa c e Co o rd in atio n
Version History
Version

Date

Action

Change Tracking

May 2, 2007

Approved by Board of Trustees

New

To be determined

Modifications for Order 716 to Requirement R9.3.5
and footnote 1; modifications to bring compliance
elements into conformance with the latest version of
the ERO Rules of Procedure.

Revision

August 5, 2009

Adopted by Board of Trustees

Revised

January 22, 2010

Approved by FERC on January 21, 2010
Added Effective Date

Update

TBD

R9.1, R9.1.1, R9.1.2, R9.1.3, and R9.1.4 and
associated elements retired as part of the Paragraph 81
project (Project 2013-02)

Ad o p te d b y NERC Bo a rd o f Tru s te e s : Au g u s t 5, 2009
Effe c tive Da te : Ap ril 1, 2010

S ta n d a rd P RC-010-0 — As s e s s m e n t o f th e Des ig n a n d Effe ctive n e s s o f UVLS P ro gra m
A. Introduction
1.

Title:
Technical Assessment of the Design and Effectiveness of Undervoltage Load
Shedding Program.

Number:

Purpose:
Provide System preservation measures in an attempt to prevent system voltage
collapse or voltage instability by implementing an Undervoltage Load Shedding (UVLS)
program.

Applicability:

PRC-010-0

4.1. Load-Serving Entity that operates a UVLS program
4.2. Transmission Owner that owns a UVLS program
4.3. Transmission Operator that operates a UVLS program
4.4. Distribution Provider that owns or operates a UVLS program
5.

Effective Date:

April 1, 2005

B. Requirements
R1.

The Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall periodically (at least every five years or
as required by changes in system conditions) conduct and document an assessment of the
effectiveness of the UVLS program. This assessment shall be conducted with the associated
Transmission Planner(s) and Planning Authority(ies).
R1.1.

This assessment shall include, but is not limited to:
R1.1.1. Coordination of the UVLS programs with other protection and control
systems in the Region and with other Regional Reliability Organizations, as
appropriate.
R1.1.2. Simulations that demonstrate that the UVLS programs performance is
consistent with Reliability Standards TPL-001-0, TPL-002-0, TPL-003-0
and TPL-004-0.
R1.1.3. A review of the voltage set points and timing.

R2.

The Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall provide documentation of its current
UVLS program assessment to its Regional Reliability Organization and NERC on request (30
calendar days). (Retired)

C. Measures
M1. Each Transmission Owner’s and Distribution Provider’s UVLS program shall include the
elements identified in Reliability Standard PRC-010-0_R1.
M2. Each Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall have evidence it provided
documentation of its current UVLS program assessment to its Regional Reliability
Organization and NERC as specified in Reliability Standard PRC-010-0_R2. (Retired)

Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

1 of 2

S ta n d a rd P RC-010-0 — As s e s s m e n t o f th e Des ig n a n d Effe ctive n e s s o f UVLS P ro gra m

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Compliance Monitor: Regional Reliability Organizations. Each Regional Reliability
Organization shall report compliance and violations to NERC via the NERC Compliance
Reporting process.
1.2. Compliance Monitoring Period and Reset Timeframe
Assessments every five years or as required by System changes.
Current assessment on request (30 calendar days.)
1.3. Data Retention
None specified.
1.4. Additional Compliance Information
None.

Levels of Non-Compliance
2.1. Level 1:

Not applicable.

2.2. Level 2:

Not applicable.

2.3. Level 3:

Not applicable.

2.4. Level 4:
An assessment of the UVLS program did not address one of the three
requirements listed in Reliability Standard PRC-010-0_R1.1 or an assessment of the
UVLS program was not provided.
E. Regional Differences
1.

None identified.

Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

TBD

R2 and associated elements retired as part of
the Paragraph 81 project (Project 2013-02)

Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

2 of 2

Standard PRC-022-1 — Under-Voltage Load Shedding Program Performance
A. Introduction
1.

Title:

Under-Voltage Load Shedding Program Performance

Number:

PRC-022-1

Purpose:
Ensure that Under Voltage Load Shedding (UVLS) programs perform as
intended to mitigate the risk of voltage collapse or voltage instability in the Bulk Electric
System (BES).

Applicability
4.1. Transmission Operator that operates a UVLS program.
4.2. Distribution Provider that operates a UVLS program.
4.3. Load-Serving Entity that operates a UVLS program.

Effective Date:

May 1, 2006

B. Requirements
R1.

R2.

Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates a
UVLS program to mitigate the risk of voltage collapse or voltage instability in the BES shall
analyze and document all UVLS operations and Misoperations. The analysis shall include:
R1.1.

A description of the event including initiating conditions.

R1.2.

A review of the UVLS set points and tripping times.

R1.3.

A simulation of the event, if deemed appropriate by the Regional Reliability
Organization. For most events, analysis of sequence of events may be sufficient and
dynamic simulations may not be needed.

R1.4.

A summary of the findings.

R1.5.

For any Misoperation, a Corrective Action Plan to avoid future Misoperations of a
similar nature.

Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates a
UVLS program shall provide documentation of its analysis of UVLS program performance to
its Regional Reliability Organization within 90 calendar days of a request. (Retired)

C. Measures
M1. Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates a
UVLS program shall have documentation of its analysis of UVLS operations and
Misoperations in accordance with Requirement 1.1 through 1.5.
M2. Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates a
UVLS program shall have evidence that it provided documentation of its analysis of UVLS
program performance within 90 calendar days of a request by the Regional Reliability
Organization. (Retired)
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Regional Reliability Organization.
1.2. Compliance Monitoring Period and Reset Time Frame

Adopted by Board of Trustees: February 7, 2006
Effective Date: May 1, 2006

1 of 2

Standard PRC-022-1 — Under-Voltage Load Shedding Program Performance
One calendar year.
1.3. Data Retention
Each Transmission Operator, Load-Serving Entity, and Distribution Provider that
operates a UVLS program shall retain documentation of its analyses of UVLS operations
and Misoperations for two years. The Compliance Monitor shall retain any audit data for
three years.
1.4. Additional Compliance Information
Transmission Operator, Load-Serving Entity, and Distribution Provider shall demonstrate
compliance through self-certification or audit (periodic, as part of targeted monitoring or
initiated by complaint or event), as determined by the Compliance Monitor.
2.

Levels of Non-Compliance
2.1. Level 1: Not applicable.
2.2. Level 2: Documentation of the analysis of UVLS performance was provided but did not
include one of the five requirements in R1.
2.3. Level 3: Documentation of the analysis of UVLS performance was provided but did not
include two or more of the five requirements in R1.
2.4. Level 4: Documentation of the analysis of UVLS performance was not provided.

E. Regional Differences
None identified.
Version History
Version

Date

Action

December 1, 2005

January 20, 2006
1. Removed comma after 2004 in
“Development Steps Completed,” #1.
2. Changed incorrect use of certain hyphens (-)
to “en dash” (–) and “em dash (—).”
3. Lower cased the word “region,” “board,”
and “regional” throughout document where
appropriate.
4. Added or removed “periods” where
appropriate.
5. Changed “Timeframe” to “Time Frame” in
item D, 1.2.

TBD

R2 and associated elements retired as part of the
Paragraph 81 project (Project 2013-02)

Adopted by Board of Trustees: February 7, 2006
Effective Date: May 1, 2006

Change Tracking

2 of 2

Standard VAR-001-2 — Voltage and Reactive Control
A.

Introduction
1.

Title:

Voltage and Reactive Control

Number:

VAR-001-2

Purpose: To ensure that voltage levels, reactive flows, and reactive resources are
monitored, controlled, and maintained within limits in real time to protect equipment and the
reliable operation of the Interconnection.

Applicability:
4.1. Transmission Operators.
4.2. Purchasing-Selling Entities.
4.3. Load Serving Entities.

Requirements
R1.

Each Transmission Operator, individually and jointly with other Transmission Operators,
shall ensure that formal policies and procedures are developed, maintained, and
implemented for monitoring and controlling voltage levels and Mvar flows within their
individual areas and with the areas of neighboring Transmission Operators.

R2.

R3.

The Transmission Operator shall specify criteria that exempts generators from compliance
with the requirements defined in Requirement 4, and Requirement 6.1.
R3.1.

Each Transmission Operator shall maintain a list of generators in its area that are
exempt from following a voltage or Reactive Power schedule.

R3.2.

For each generator that is on this exemption list, the Transmission Operator shall
notify the associated Generator Owner.

R4.

Each Transmission Operator shall specify a voltage or Reactive Power schedule 1 at the
interconnection between the generator facility and the Transmission Owner's facilities to be
maintained by each generator. The Transmission Operator shall provide the voltage or
Reactive Power schedule to the associated Generator Operator and direct the Generator
Operator to comply with the schedule in automatic voltage control mode (AVR in service
and controlling voltage).

R5.

Each Purchasing-Selling Entity and Load Serving Entity shall arrange for (self-provide or
purchase) reactive resources – which may include, but is not limited to, reactive generation
scheduling; transmission line and reactive resource switching;, and controllable load– to
satisfy its reactive requirements identified by its Transmission Service Provider. (Retired)

The voltage schedule is a target voltage to be maintained within a tolerance band during a specified period.

Adopted by Board of Trustees: August 5, 2010

Page 1 of 3

Standard VAR-001-2 — Voltage and Reactive Control
R6.

The Transmission Operator shall know the status of all transmission Reactive Power
resources, including the status of voltage regulators and power system stabilizers.
R6.1.

When notified of the loss of an automatic voltage regulator control, the
Transmission Operator shall direct the Generator Operator to maintain or change
either its voltage schedule or its Reactive Power schedule.

R7.

The Transmission Operator shall be able to operate or direct the operation of devices
necessary to regulate transmission voltage and reactive flow.

R8.

Each Transmission Operator shall operate or direct the operation of capacitive and
inductive reactive resources within its area – which may include, but is not limited to,
reactive generation scheduling; transmission line and reactive resource switching;
controllable load; and, if necessary, load shedding – to maintain system and
Interconnection voltages within established limits.

R9.

Each Transmission Operator shall maintain reactive resources – which may include, but is
not limited to, reactive generation scheduling; transmission line and reactive resource
switching;, and controllable load– to support its voltage under first Contingency
conditions.
R9.1.

Each Transmission Operator shall disperse and locate the reactive resources so
that the resources can be applied effectively and quickly when Contingencies
occur.

R10. Each Transmission Operator shall correct IROL or SOL violations resulting from reactive
resource deficiencies (IROL violations must be corrected within 30 minutes) and complete
the required IROL or SOL violation reporting.
R11. After consultation with the Generator Owner regarding necessary step-up transformer tap
changes, the Transmission Operator shall provide documentation to the Generator Owner
specifying the required tap changes, a timeframe for making the changes, and technical
justification for these changes.
R12. The Transmission Operator shall direct corrective action, including load reduction,
necessary to prevent voltage collapse when reactive resources are insufficient.
C.

Measures
M1. The Transmission Operator shall have evidence it provided a voltage or Reactive Power
schedule as specified in Requirement 4 to each Generator Operator it requires to follow such a
schedule.
M2. The Transmission Operator shall have evidence to show that, for each generating unit in its
area that is exempt from following a voltage or Reactive Power schedule, the associated
Generator Owner was notified of this exemption in accordance with Requirement 3.2.
M3. The Transmission Operator shall have evidence to show that it issued directives as specified in
Requirement 6.1 when notified by a Generator Operator of the loss of an automatic voltage
regulator control.
M4. The Transmission Operator shall have evidence that it provided documentation to the
Generator Owner when a change was needed to a generating unit’s step-up transformer tap in
accordance with Requirement 11.

Compliance
1.

Compliance Monitoring Process

Adopted by Board of Trustees: August 5, 2010

Page 2 of 3

Standard VAR-001-2 — Voltage and Reactive Control
1.1. Compliance Enforcement Authority
Regional Entity.
1.2. Compliance Monitoring Period and Reset Time Frame
One calendar year.
1.3. Compliance Monitoring and Enforcement Processes:
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
The Transmission Operator shall retain evidence for Measures 1 through 4 for 12 months.
The Compliance Monitor shall retain any audit data for three years.
1.5. Additional Compliance Information
The Transmission Operator shall demonstrate compliance through self-certification or
audit (periodic, as part of targeted monitoring or initiated by complaint or event), as
determined by the Compliance Monitor.
2.
E.

Violation Severity Levels (no changes)

Regional Differences
None identified.

Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 2, 2006

BOT Adoption

Revised

July 3, 2007

Added “Generator Owners” and “Generator
Operators” to Applicability section.

Errata

August 23, 2007

Removed “Generator Owners” and “Generator
Operators” to Applicability section.

Errata

TBD

Modified to address Order No. 693 Directives
contained in paragraphs 1858 and 1879.

Revised.

TBD

R5 and associated elements retired as part of the
Paragraph 81 project (Project 2013-02)

Adopted by Board of Trustees: August 5, 2010

Page 3 of 3

Exhibit C

Implementation Plan for Project 2013-02

Implementation Plan
Project 2013-02 – Paragraph 81
Requested Approvals



None

Requested Retirements














BAL‐005‐0.2b R2
CIP‐003‐3 R1.2
CIP‐003‐3 R3
CIP‐003‐3 R3.1
CIP‐003‐3 R3.2
CIP‐003‐3 R3.3
CIP‐003‐3 R4.2
CIP‐003‐4 R1.2
CIP‐003‐4 R3
CIP‐003‐4 R3.1
CIP‐003‐4 R3.2
CIP‐003‐4 R3.3














CIP‐003‐4 R4.2
CIP‐005‐3a R2.6
CIP‐005‐4a R2.6
CIP‐007‐3 R7.3
CIP‐007‐4 R7.3
EOP‐005‐2 R3.1
FAC‐002‐1 R2
FAC‐008‐3 R4
FAC‐008‐3 R5
FAC‐010‐2.1 R5
FAC‐011‐2 R5
FAC‐013‐2 R3












INT‐007‐1 R1.2
IRO‐016‐1 R2
NUC‐001‐2 R9.1
NUC‐001‐2 R9.1.1
NUC‐001‐2 R9.1.2
NUC‐001‐2 R9.1.3
NUC‐001‐2 R9.1.4
PRC‐010‐0 R2
PRC‐022‐1 R2
VAR‐001‐2 R5

Note that when these Requirements are retired, the version numbers of the standards will NOT be
incremented, but the retired Requirements and associated elements will be clearly marked as retired.
After evaluating the options and consulting with the Standards Committee and Standards Committee
Process Subcommittee, the P81 drafting team determined that this was the most practical approach.
Incrementing the version numbers of each standard is impractical because, in some cases, a
subsequent version has already been developed. In addition, incrementing the version would require
renumbering Requirements where a retired Requirement created a gap in numbering, and this creates
an undesirable administrative burden for entities using certain systems to manage their compliance
programs.
Prerequisite Approvals



None

Revisions to Defined Terms in the NERC Glossary



None

Background

On September 30, 2011, the North American Electric Reliability Corporation (NERC) filed a petition with
the Federal Energy Regulatory Commission (FERC) requesting approval of its proposal to make
informational filings in a “Find, Fix, Track and Report” (FFT) spreadsheet of lesser‐risk, remediated
possible violations of Reliability Standards. On March 15, 2012, the FERC issued an order conditionally
accepting NERC’s FFT proposal. In paragraph 81 (P81) of that order, the FERC stated:
The Commission notes that NERC’s FFT initiative is predicated on the view that many
violations of requirements currently included in Reliability Standards pose lesser risk to
the Bulk‐Power System. If so, some current requirements likely provide little protection
for Bulk‐Power System reliability or may be redundant. The Commission is interested in
obtaining views on whether such requirements could be removed from the Reliability
Standards with little effect on reliability and an increase in efficiency of the ERO
compliance program. If NERC believes that specific Reliability Standards or specific
requirements within certain Standards should be revised or removed, we invite NERC to
make specific proposals to the Commission identifying the Standards or requirements
and setting forth in detail the technical basis for its belief. In addition, or in the
alternative, we invite NERC, the Regional Entities and other interested entities to
propose appropriate mechanisms to identify and remove from the Commission‐
approved Reliability Standards unnecessary or redundant requirements. We will not
impose a deadline on when these comments should be submitted, but ask that to the
extent such comments are submitted NERC, the Regional Entities, and interested
entities coordinate to submit their respective comments concurrently. North American
Electric Reliability Corporation, 138 FERC ¶ 61,193 at p 81 (March 15, 2012) (“P81”).
Consistent with P81, a draft Standards Authorization Request (SAR) was drafted to set forth criteria and
a process to identify Reliability Standard requirements that either: (a) provide little protection to the
Bulk Electric System; (b) are unnecessary or (c) are redundant; and, thereafter, to have NERC file to
retire the identified Reliability Standard requirements with appropriate governmental authorities.
Standards Process Input Group (SPIG)
In addition to addressing P81, the SAR was drafted consistent with what the SPIG developed as
Recommendation No. 4, as set forth in NERC’s Recommendations to Improve The Standards
Development Process on page 12 (April 2012), which states:
Recommendation 4: Standards Product Issues — The NERC board is encouraged to
require that the standards development process address: . . . The retirement of
standards no longer needed to meet an adequate level of reliability.

Implementation Plan
Project 2013-02 – Paragraph 81

Collaborative Process
The draft SAR and a suggested list of Reliability Standard requirements embedded in the SAR for
consideration in the Initial Phase was the product of collaborative discussions among the following
entities and their members: Edison Electric Institute, American Public Power Association, National Rural
Electric Cooperative Association, Large Public Power Council, Electricity Consumers Resource Council,
The Electric Power Supply Association, Transmission Access Policy Study Group, the North American
Electric Reliability Corporation, and the Regional Entity Management Group. The draft SAR was posted
for comment, which were due September 4, 2012. The P81 Standards Drafting Team reviewed the
comments and finalized the SAR and the proposed list of Reliability Standard requirements for
retirement.
Applicable Entities



















Balancing Authority
Distribution Provider
Generator Operator
Generator Owner
Interchange Authority
Load Serving Entity
NERC
Planning Authority
Planning Coordinator
Purchasing‐Selling Entity
Regional Entity
Regional Reliability Organization
Reliability Coordinator
Transmission Service Provider
Transmission Operator
Transmission Owner
Transmission Planner

Effective Date of Retirements

All of the Requirements will be retired on the day of approval by applicable regulatory authorities, or in
those jurisdictions where regulatory approval is not required, the first day of the first calendar quarter
after approval by the NERC Board of Trustees, or as otherwise made effective pursuant to the laws
applicable to such ERO governmental authorities.
Note that no complete standard is being proposed for retirement and all of the other Requirements in
each of the affected standards will remain in continuous effect.

Implementation Plan
Project 2013-02 – Paragraph 81

Exhibit D

Consideration of Comments

Project 2013-02
Paragraph 81
Related Files
Status:
Adopted by the NERC Board of Trustees on February 7, 2013 and pending
regulatory approval.
Purpose/Industry Need:
This project is in response to paragraph 81 of FERC’s March 15, 2012 Order issued
on NERC’s Find, Fix and Track process. The purpose of the project is to retire or
modify FERC-approved Reliability Standard requirements that as FERC noted,
"provide little protection to the reliable operations of the BES", are redundant or
unnecessary, or to retire or modify a FERC-approved Reliability Standard
requirement to increase the efficiency of the ERO’s compliance programs. Phase 1
of the project identifies Reliability Standard requirements that clearly meet the
criteria set forth in the SAR and do not require extensive technical research.
Subsequent phases will address Reliability Standard requirements that need
additional technical research before retirement or modification.

Draft

Redline of Standards
with Proposed
Retirements
Implementation Plan

Action
Updated
Info>>
Initial Ballot >>
Join Ballot
Pool>>

Dates

Results

11/30/12 12/10/12
(closed)

Summary>>

Consideration of
Comments

Full Record>>

10/25/12 11/23/12

Supporting Materials:
Final SAR
Clean | Redline to draft
SAR
Technical White Paper
Redline of VSL Matrix
Spreadsheet with
Proposed Retirements
Comment Form (Word)

Comment
Period
Info>>
Submit
Comments>>

10/25/12 12/10/12
(closed)

Comments
Received>>

Consideration of
Comments (2)

Proposed SAR
Draft SAR Version 1
Supporting Materials:
Complete Set of
Standards with
Proposed Retirements
for Phase 1
Spreadsheet with
Proposed Retirements
Comment Form (Word)

Comment
Period
Info>>
Submit
Comments>>

08/03/12 09/04/12
(closed)

Comments
Received>>

Consideration of
Comments (1)

Consideration of Comments
Project 2013-02 Paragraph 81

The Paragraph 81 Drafting Team thanks all commenters who submitted comments on the Project 201302 Paragraph 81 - Retirement of Reliability Standard Requirements. The complete set of standards with
proposed retirements for Phase 1 were posted for a 30-day public comment period from August 3,
2012 through September 4, 2012. Stakeholders were asked to provide feedback on the set of
standards through a special electronic comment form. There were 43 sets of comments, including
comments from approximately 98 different people from approximately 65 companies representing all
of the 10 Industry Segments as shown in the table on the following pages.
All comments submitted may be reviewed in their original format on the standard’s project page.
If you feel that your comment has been overlooked, please let us know immediately. Our goal is to give
every comment serious consideration in this process! If you feel there has been an error or omission,
you can contact the Vice President and Director of Standards, Mark Lauby, at 404-446-2560 or at
[email protected]. In addition, there is a NERC Reliability Standards Appeals Process.1

The appeals process is in the Standard Processes Manual: http://www.nerc.com/files/Appendix_3A_StandardsProcessesManual_20120131.pdf

Index to Questions, Comments, and Responses

Do you agree with the criteria listed in the SAR to identify Reliability Standard requirements for
retirement? If not, please explain in the comment area. ....................................................... 8

The Initial Phase of the P81 project is designed to identify all FERC-approved Reliability Standard
requirements that easily satisfy the criteria. Do you agree that the suggested list of Reliability
Standard requirements included in the draft SAR easily satisfy the criteria listed in the draft SAR? If
you disagree, please provide a statement supporting what Reliability Standard requirements you
would add or subtract from the Initial Phase, including a citation to at least one element of
Criterion B, as applicable. ...............................................................................................24

The subsequent phases of the P81 project are designed to identify all FERC-approved Reliability
Standard requirements that could not be included in the Initial Phase due to the need for
additional analysis or an editing of language. Please list any Reliability Standard requirements that
you believe should be revised or retired in a subsequent phase, and include a brief supporting
statement and citation to at least one element of Criterion B for each requirement listed. .........67

If you have any other comments or suggestions on the draft SAR that you have not already
provided in response to the previous questions, please provide them here. ............................94

Consideration of Comments: Project 2013-02 Paragraph 81

The Industry Segments are:
1 — Transmission Owners
2 — RTOs, ISOs
3 — Load-serving Entities
4 — Transmission-dependent Utilities
5 — Electric Generators
6 — Electricity Brokers, Aggregators, and Marketers
7 — Large Electricity End Users
8 — Small Electricity End Users
9 — Federal, State, Provincial Regulatory or other Government Entities
10 — Regional Reliability Organizations, Regional Entities

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

Group
Additional Member

Lee Pedowicz

Northeast Power Coordinating Council

Additional Organization

Region Segment Selection

Alan Adamson

New York State Reliability Council, LLC NPCC 10

Greg Campoli

New York Independent System Operator NPCC 2

Sylvain Clermont

Hydro-Quebec TransEnergie

NPCC 1

Ben Wu

Orange and Rockland Utilities

NPCC 1

Gerry Dunbar

Northeast Power Coordinating Council

NPCC 10

Carmen Agavriloai

Independent Electricity System Operator NPCC 2

Mike Garton

Dominion Resources Services, Inc.

NPCC 5

Kathleen Goodman

ISO - New England

NPCC 2

Michael Jones

National Grid

NPCC 1

New Brunswick System Operator

NPCC 2

10. Donald Weaver

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

11. Michael R. Lombardi Northeast Utilities

NPCC 1

12. Randy MacDonald

New Brunswick Power Transmission

NPCC 9

13. Bruce Metruck

New York Power Authority

NPCC 6

14. Silvia Parada Mitchell NextEra Energy, LLC

NPCC 5

15. Robert Pellegrini

The United Illuminating Company

NPCC 1

16. Si-Truc Phan

Hydro-Quebec TransEnergie

NPCC 1

17. David Ramkalawan

Ontario Power Generation, Inc.

NPCC 5

18. Brian Robinson

Utility Services

NPCC 8

19. Michael Schiavone

National Grid

NPCC 1

20. Wayne Sipperly

New York Power Authority

NPCC 5

Jim Kelley

Group
Additional Member

SERC EC Planning Standards Subcommittee

Additional Organization
Ameren

SERC

2. Bob Jones

Southern Company Services SERC

3. Pat Huntley

SERC

4. Darrin Church

TVA

SERC

Group

Emily Pennel

Southwest Power Pool Regional Entity

Chris Higgins

Bonneville Power Administration

1. Tedd

Snodgrass

WECC 1

2. Tim

Loepker

WECC 1

3. Erika

Doot

WECC 3, 5, 6

4. Alfredo

Bocanegra

WECC 1

Group

Additional Member Additional Organization Region Segment Selection

No additional members listed.
4.

Region Segment Selection

1. John Sullivan

Connie Lowe

Dominion

Additional Member Additional Organization Region Segment Selection
1. Louis Slade

RFC

2. Mike Garton

NPCC 5, 6

5, 6

3. Randi Heise

MRO

5, 6

4. Mike Crowley

SERC

1, 3

Consideration of Comments: Project 2013-02 Paragraph 81

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

Group

Robert Rhodes

Additional Member

SPP Standards Review Group

Additional Organization

Region Segment Selection

Michelle Corley

Cleco Power

SPP

1, 3, 5

Eric Ervin

Westar Energy

SPP

1, 3, 5, 6

Greg Froehling

Rayburn Country Electric Cooperative SPP

Jonathan Hayes

Southwest Power Pool

SPP

Louis Guidry

Cleco Power

SPP

1, 3, 5

Bo Jones

Westar Energy

SPP

1, 3, 5, 6

Tiffany Lake

Westar Energy

SPP

1, 3, 5, 6

John Mason

City of Independence, MO

SPP

Valerie Pinamonti

American Electric Power

SPP

1, 3, 5

10. Patrick Smith

Westar Energy

SPP

1, 3, 5, 6

11. Ashley Stringer

Oklahoma Municipal Power Authority SPP

David Thorne

Group

Pepco Holdings Inc & Affiliates

Additional Member Additional Organization Region Segment Selection
1. Mark Godfrey

Pepco Holdings Inc

Group

Jason Marshall

Additional Member

RFC

1, 3

ACES Power Marketing Standards
Collaborators

Additional Organization

1. Clem Cassmeyer

Western Farmers Electric Cooperative

2. Scott Brame

North Carolina Electric Membership Corporation RFC

1, 3, 4, 5

3. Bill Watson

Old Dominion Electric Cooperative

3, 4

Group

Mark S. Gray

Region Segment Selection
SPP
SERC

1, 5

The Edison Electric Institute (EEI), the
National Rural Electric Cooperative
Association (NRECA), the Electric Power
Supply Association (EPSA), the Transmission
Access Policy Study Group (TAPS), Electricity
Consumers Resource Council (ELCON), the
American Public Power Association (APPA),
the Large Public Power Council (LPPC) and,
the Canadian Electricity Association (CEA)

Consideration of Comments: Project 2013-02 Paragraph 81

X
5

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

(collectively, the Trade Associations).

www.eei.org/ for members
10.

Group

Stephen J. Berger

Additional
Member

PPL Corporation NERC Registered Affiliates
Additional Organization

Region

Brenda L. Truhe

PPL Electric Utilities Corporation

RFC

Brent Ingebrigtson

LG&E and KU Services Company

SERC

Annette M. Bannon

PPL Generation, LLC on behalf of its Supply NERC Registered
Entities

RFC

Segment
Selection

WECC 5

MRO

Elizabeth A. Davis

NPCC

SERC

SPP

RFC

10.

WECC 6

11.

Group

PPL Energy Plus, LLC

Steve Rueckert

Western Electricity Coordinating Council

Additional Member Additional Organization Region Segment Selection
1. Phil O'Donnell

WECC

WECC 10

2. Brent Castagnetto

WECC

WECC 10

3. Tim Reynolds

WECC

WECC 10

4. Tyson Jarrett

WECC

WECC 10

12.

Individual

Bob Steiger

Salt River Project

13.

Individual

Al DiCaprio

SRC

14.

Individual

Ron Donahey

Tampa Electric Company

15.

Individual

Nazra Gladu

Manitoba Hydro

X
X

16.

Individual

Scott McGough

Georgia System Operations Corporation

17.

Individual

Ronnie C. Hoeinghaus

City of Garland

18.

Individual

Dan Miller

Entergy Services, Inc.

19.

Individual

Michael Falvo

Independent Electricity System Operator

Consideration of Comments: Project 2013-02 Paragraph 81

X
X

X
6

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

Michelle Clements

Wolverine Power Supply Cooperative, Inc.

Individual
22. Individual

Thomas C. Duffy
John Tolo

Central Husdon Gas & Electric Corporation
Tucson Electric Power

23.

Individual

paul haase

seattle city light

24.

Individual

Thad Ness

25.

Individual

26.

20.

Individual

21.

American Electric Power

X
X

John Seelke

Public Service Enterprise Group

Individual

Jose H Escamilla

CPS Energy

27.

Individual

Laura Lee

Duke Energy

28.

Individual

Rich Salgo

NV Energy

29.

Individual

John Falsey

Edison Mission Marketing & Trading

30.

Individual

Bob Thomas

Illinois Municipal Electric Agency

31.

Individual

Michelle R. D'Antuono

Occidental Energy Ventures Corp.

32.

Individual

Patrick Brown

Essential Power, LLC

33.

Individual

Becky Stewart

Idaho Power Company

34.

Individual

Kimberly Tolbert

Occidental Power Services, Inc.

35.

Individual

Andrew Gallo

City of Austin dba Austin Energy

36.

Individual

RoLynda Shumpert

South Carolina Electric and Gas

37.

Individual

Eric Olson

Transmission Agency of Northern California

Individual
39. Individual

Kirit Shah
Jason Snodgrass

Ameren
Georgia Transmission Corporation

40.

Individual

Kristin Iwanechko

NERC Staff Technical Review

41.

Individual

Cheryl Moseley

Electric Reliability Council of Texas, Inc.

42.

Individual

Brett Holland

Kansas City Power & Light

43.

Individual

Judy VanDeWoestyne

MidAmerican Energy Company

38.

Consideration of Comments: Project 2013-02 Paragraph 81

X
X
X

X
X

X
X
X

X
X

Do you agree with the criteria listed in the SAR to identify Reliability Standard requirements for retirement? If not, please
explain in the comment area.

Summary Consideration: 2
The majority of commenters supported the Criteria A, B and C included in the draft SAR, with a few commenters suggesting changes.
A. Comments on Criterion A
The P81 standards drafting team (P81 SDT), in conjunction with NERC’s technical staff review, believes it is appropriate to rephrase
Criterion A to be similar to Criterion B 9, which comports with the FFT Order, and, at the same time, to eliminate Criterion B 8 and
Criterion B 9 to avoid any confusion between Criterion A and Criterion B. The P81 SDT believes the following provides a more suitable
overarching Criterion A:
“The Reliability Standard requirement requires responsible entities to conduct an activity or task that does little, if anything, to benefit
or protect the reliable operation of the BES.”
Comments
The Western Electricity Coordinating Council (WECC) and Northeast Power Coordinating Council (NPCC) requested clarification or
alternative wording of Criterion A, while Independent Electricity System Operator and NPCC also saw Criterion A and Criterion B 9 as
redundant or duplicative. Manitoba Hydro also believed there was a need to clarify Criterion B 9 and Occidental Energy Ventures Corp.
desires that Criterion A implicate Section 215 of the Federal Power Act, while Occidental, like others, also believes Criterion B 8 and
Criterion B 9 need clarification.
Response
The P81 SDT believes the above revision of Criterion A and elimination of Criterion B 8 and Criterion B 9 addresses the commenters’
concerns, while still including the Section 215 term reliable operation.
B. Comments on Criterion B
2

Although responses to informal comments are not required in the detail found in the P81 SDT responsive comments, the P81 SDT believed it was
appropriate to provide more detail given the level of interest in this Standards Development Project. The format and detail of these responses are
not precedent setting with respect to how other SDTs respond to an informal comment period.

Consideration of Comments: Project 2013-02 Paragraph 81

Comment
WECC states it only agrees with Criterion B 1 if each administrative requirement meets all the sub-requirements listed (administrative in
nature, does not support reliability and needlessly burdensome). In addition, ACES Power Marketing Standards Collaborators states that
in Criterion B 1 it would be best to strike “and is needlessly burdensome.”
Response
The list of requirements was meant to apply to each candidate and uses the term “and” not “or” to ensure all three are required. The
wording of Criterion B 1 was carefully considered in the collaborative process, and it was believed that the current wording, which tends
to match with WECC’s understanding, is appropriate. Thus, the P81 SDT believes that no changes to Criterion B 1 are necessary.
Comment
WECC disagrees with Criteria B 3, B 4 and B 5 unless it may be demonstrated that there is no benefit to reliability at all.
Response
WECC’s comment seems misaligned with FERC’s intention which the P81 SDT believes was for NERC and stakeholders to investigate
what requirements provide little protection to the BES, are unnecessary or redundant. WECC’s approach seems much stricter and
seems to suggest that if any plausible argument can be made, the requirement cannot be retired. Such an argument is not in line with
the rest of the commenters and, therefore, will not be adopted. In addition, as the project proceeds through the standard drafting
process, sufficient technical justifications will be put forward for industry review for each proposed requirement for retirement. The
industry will have further opportunity to evaluate the technical justifications as the P81 project moves forward.
Comment
SRC believes that the SAR captures the right categories, but states that Criteria B 2 through B 5 could be sub-items of B1. In a similar
light, NERC staff states there is significant overlap between Criterion B 3 (Purely Documentation) and Criterion B 5 (Periodic Updates)
and these criteria could be combined. Independent Electricity System Operator and SRC also disagree with Criterion B 5.
Response
While annual reviews may be necessary, there may be other ways to ensure periodic reviews are done. Criterion B 5 was contemplated
by the P81 SDT more in the context of future phases which would allow for the modification of requirements, not an easily identified
retirement. Thus, while to some extent we share the concerns of SRC, NERC staff and Independent Electricity System Operator, we
believe that the use of Criterion B 5 may be useful in facilitating review of further requirements by the stakeholders.
Comment

Consideration of Comments: Project 2013-02 Paragraph 81

WECC disagrees with the use of Criterion B 2 because data and evidence collection is necessary to demonstrate compliance.
Response
The P81 SDT believes that this concern appears to miss the essential aspect of the P81 project in its initial phase which is to retire
requirements that do little to protect BES reliability. Thus, hardwiring in data retention mandatory requirements does not seem aligned
with generally accepted methods of auditing or promoting an effective and efficient ERO. It is incumbent on the entities to maintain
sufficient evidence to support compliance with requirements, and the P81 SDT believes that any requirements that strictly support
compliance assessments without a benefit to reliability should be evaluated for revision or retirement.
Comment
WECC disagrees with Criterion B 7 because it would allow other regulators to enforce a requirement.
Response
The P81 SDT agrees with WECC’s overarching concern; however, that situation exists today. If there is a requirement that is already part
of a regulatory order or under the purview of another governmental authority and is consistently understood and applied across North
America, then the P81 SDT believes it should remain a candidate for retirement to remove this potential for double jeopardy. It is
important to note, however, that it must be consistently covered across the whole continent and mandatory so as to ensure no “gaps”
exist.
Comment
Independent Electricity System Operator suggests that another word be used other then “Technical” to describe Criterion B.
Response
Based on this concern, the P81 SDT changed “Technical” to “Identifying.”
C. Comments of Criterion C
Comment
WECC believes Criterion C 1, C 2, C 4, C 6 and C 7 all need to be made more specific or improved.
Response
The concern seems predicated on Criterion C determining whether or not to retire a requirement, which is not the intent. Instead,
these criteria will be used to ensure additional pertinent information and considerations are used to assist in the determination of
whether a Reliability Standard requirement satisfies both Criterion A and Criterion B. The P81 SDT shall consider these data and

Consideration of Comments: Project 2013-02 Paragraph 81

reference points to make a more informed decision. Also, note that these criteria are conceptual only and were developed to assist the
industry and the P81 SDT with their analysis. The P81 SDT thanks WECC for their thorough review; however, it will retain the criteria as
written.
Comment
Independent Electricity System Operator states it is confusing as to how the section C, “Additional Data and Reference Points” will be
used by the drafting team to determine retirement of Reliability Standards even though they have satisfied Criterion A and Criterion B.
Response
The P81 SDT believes that a review of the technical white paper, which will be issued and will contain the initial list of requirements to
be retired, will promote an understanding on how Criterion C was used. Criterion C is only meant to provide additional considerations
to provide further justifications that the proposed retirements do not have any other underlying reliability related need.
D. Miscellaneous Comments on Phase I vs. Subsequent Phases
Comment
ACES Power Marketing Standards Collaborators suggest that the scope of the SAR should be changed to include current standards under
development.
Response
At this time it appears that including requirements from current standards under development would overly complicate the P81 project
and intrude on other standard drafting teams. With that said, the P81 SDT does intend to work with and coordinate with other standard
drafting teams to help ensure that new requirements are not being drafted that appear to meet the P81 criteria. Also, the P81 SDT will
be working with the Standards Committee to draft guidelines to help standard drafting teams draft requirements that are more resultsbased, and not requirements that would meet the P81 criteria.
Comment
ERCOT indicates that the criteria used for future phases should remain flexible.
Response
The initial list should not preclude the use of additional criteria for future phases where additional criteria support the elimination of
requirements in those efforts. Given the amount of commenters who requested numerous requirements be considered in future
phases, it appears reasonable that P81 project should remain flexible to meet the needs of stakeholders. Thus, the P81 SDT has revised
the SAR to apply to Phase I only.

Consideration of Comments: Project 2013-02 Paragraph 81

Comment
SRC urges the SAR simply suggest that the proposed requirements be considered and evaluated by the SDT as opposed to making a
presumption (and hence setting a high expectation for the industry) that the proposed list will be retired.
Response
The P81 SDT did not intend for the list of requirements proposed in the draft SAR to come across as a list without flexibility.
Comment
ACES Power Marketing Standards Collaborators suggests that requirements that are assigned to the wrong functional entities should be
added as a criterion for revision or retirement.
Response
The P81 SDT believes that ACES’s suggestion should be considered during the development of a Phase 2 SAR. In many instances,
applicability can be a complex undertaking and there may be large diversity, irrespective of an entity having some common high-level
responsibilities as listed in the NERC Registry and Functional Model.
Comment
NERC staff suggests that any technical justifications that rely on Criterion B 6 should address how NAESB, etc. would handle the
requirement.
Response
As a general matter, many commenters suggest that the P81 project develop thorough justifications and remain in line with the
suggested Criteria. NERC staff’s concern of reliance on Criterion B 6 will also be considered when developing the justifications. The P81
SDT removed references to NAESB, but notes that when relying on B 6, sufficient reference will be made to other mandatory
requirements which effectively ensure there will be no gap on a continent-wide basis and in addition, what will ensure that on an
ongoing basis, this gap will remain addressed by something other than a NERC standard requirement. The technical white paper will
consider these concerns. In addition, the P81 SDT believes that ongoing training for drafting teams will ensure that these types of
requirements are no longer developed.

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Question 1 Comment
12

Organization
Western Electricity Coordinating Council

Yes or No

Question 1 Comment

WECC offers the following related to the criteria listed in the SAR.WECC
beleives the OVERARCHING CRITERIA listed under "A" needs clarification
and that as currently identified is too vague. The Overarching Criterion
statement is too broad and is contrary to the FPA Section 215. “Impact” is
an ambiguous term. There is no measure as to how to quantify a
Requirement’s “impact” and to distinguish between “little” impacts as
opposed to some other metric of “impact.” More importantly, however, a
Requirement that has any impact on the reliable operation of the BES
cannot be dismissed as inconsequential, even if it is determined to have
“little” impact. The "impact" must be weighed against the "burden" of the
standard and potential for efforts to demonstrate compliance hindering or
preventing other more "impactful" reqiurements. Further, the Standard
Requirements work in concert with one another. For many Standard
Requirements, it is impossible to reasonably assess the “impact” of a single
Standard Requirement. For example, the “purpose” statement for CIP
Standard Requirements reads that “[CIP Standard Requirements] should be
read as part of a group of standards numbered Standards CIP-002 through
CIP-009.” To examine the “impact” of a single Standard Requirement,
therefore, contradicts the intent and purpose of many Standard
Requirements that are crafted to operate in concerns with one
another.WECC believes the B1 Administrative Technical Criteria needs
claificaiton and is vague as currently written. The term “administrative” is
ambiguous and could cover a broad range of activities. Further,
“administrative requirements” often require evidence of program or
procedure creation. However, WECC does agree with this criteria, but only
in the case where all three criteria listed (administrative, does not support
reliability, and needlessly burdensome) are met.WECC disagrees witht he
B2 Technical Criteria Data Collection/Data Retention. Data Collection/Data
Retention is often the only means by which a Responsible Entity can
objectively demonstrate compliance. As to mandatory data retention

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment
periods, an explicit mandate to retain data may be required to meet
compliance obligations unique to a particular Standard Requirement.
However, if treated correctly, a requirement for the data
collection/retention for compliance purposes could be removed from the
Requirmeetns and made part of the Measures or RSAWs.WECC Disagrees
with the B3 criteria Purley Documentation unless it can be clearly
demonstrated that the dcoumentation does not protect the reliabiltity of
the BES in any way. In some cases Plans/Policies/Procedures are necessary
for employees to have a guide for not only protection but maintaining and
restoring BES assets (i.e. Restoration Plans). Documentation of plans,
policies and procedures, is key in defining the parameters of compliance.
Further, plans/policies and procedures are often the only means by which
Compliance and Enforcement can assess a responsible entity’s compliance
with a Standard Requirement.WECC Disagrees with the B4 criteria Purely
Reporting unless no purpose for the reporting can be identified. Reporting
helps overarching organizations (ex. ES ISAC) detect potential issues earlier,
by giving them more information and from multiple entities. These issues
may seem small or insignificant when viewed by a singular entity but may
have a more a drastic impact when viewed from the perspective of the
entire BES. WECC Disagrees with the B5 criteria Periodic Updates unless it
can be clearly demonstrated that the reproting has no operational benefit
to reliability. Without these requirements there is nothing in place to
ensure entityies are maintaining, and periodically verifying the accuracy of
these documents. With the criteria established as it is, there is no real way
of measuring the effect of “operational benefit to reliability”. Is it
measured by the size of impact (MW), by time (something that will take
over a 1hr), or by Time Horizon (Same-Day operations vs. Real Time
Operations). It is recommended to establish a more accurate means to
measure these criteria. If proberly handled, these reporting requirements
that that demonstrate the entities are maintaining certain necessary

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment
documents could be moved from the Requirements to the Measures or
RSAWs.WECC agrees with the B6 criteria of Business Practices.B7 criteria
Redundant: Although WECC agrees requirements should not be redundant
with each other, if compliance is left to other regulators (Open Access
Transmission Tariff, NAESB, etc.) compliance may not be held up to NERC
expectations or interpretations. In identifying redundant standards, only
NERC Reliability Standards should be considered.WECC agrees with B*
criteria,WECC believes the B9 criteria needs clarification and as written is
vague. How will the determination that teh Requirements do little, if
anything, to promote the protection of the BES be determined?WECC
disagrees with C1. The FFT determination is not predicated on any
particular Standard Requirement. The FFT determination is fact specific.
Even a requirement that is critical to the BES may have an FFT’d violation if
the manner in which the requirement was violated was minor.WECC
beleives C2 is vague and needs clarification. Not certan what it means if the
requirement is being revieweed in an on-going Standards Development
Project. Is this the same as B7 Redundant?WECC agrees C3 is a factor that
should be considered.WECC agrees with C4 but beleives information on
how the tiers will be viewed should be included.WECC agrees with C5.WECC
believes C6 and C7 are vague as written and believes that these last two
reference points are intended to indicate that if the answer is yes, then the
requirement or standard would NOT be eligable for retirement. This should
be clarified.

Independent Electricity System
Operator

(1) The IESO supports this proposed effort and agrees with most of the
criteria, with some exceptions (except #5): “The Reliability Standard
requirement requires responsible entities to periodically update (e.g.,
annually) documentation, such as a plan, procedure or policy without an
operational benefit to reliability.”Take for example the system restoration
plan. An annual review is necessary to ensure that the plan recognizes BES
facility changes that occurred since the last review/update. Another

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment
example is the exceptions to the cyber security policy that needs to be
reviewed and approved by the senior manager or delegate(s) to ensure the
exceptions are still required and valid. Applying this criterion in a broad
brush manner without looking at each requirement may result in removing
requirements that are still needed for reliability.(2) Generally, the nine
criteria listed in the SAR are simple and sufficient to be used to determine
retirement of reliability standard requirements. It is recommended that the
word “Technical” in the heading of the B section “Technical Criteria” be
erased as the criteria aren’t based on technical data. Also, it is unclear and
confusing as to how the section C “Additional Data and Reference Points”
will be used by the drafting team to determine retirement of reliability
standards even though they have satisfied Criteria A and B. Criterion B.9
can potentially be deleted as its purpose seems to be the duplication of
Criterion A.(3) The SAR narrative for TOP-001-1a R3 states the requirement
is redundant with IRO-001-1a R8. IRO-001-1a does not exist; we believe, it
should be IRO-001-1.1 R8 instead.

NERC Technical Staff Review

(1) Revise Criteria A to focus on the content of the Reliability Standards.
NERC Staff suggests the following language for Criteria A: “The Reliability
Standard requirement requires responsible entities to conduct an activity or
task that does little, if anything, to protect reliable operation of the BES.”
This language is currently included as Criteria B9. NERC notes that both
Criterion B8 (hinders the protection or reliable operation of the BES) and B9
(little, if any value as a reliability requirement) are duplicative with Criterion
A and should be eliminated. Since any requirement that meets Criterion B8
or B9 would necessarily meet Criterion A, this creates an unintended
consequence by undermining the objective that requirements for
consideration must satisfy both the overarching Criterion A and a separate
technical criteria. For these reasons, NERC Staff supports the elimination of
both Criteria B8 and B9 and the re-phrasing of Criteria A. (2) There is
significant overlap between Criteria B3 (Purely Documentation) and B5

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment
(Periodic Updates) and these criteria could be combined. Criteria B3
addresses requirements for entities to develop a document that is not
necessary and Criteria B5 addresses the requirement for entities to
periodically update such documentation. NERC Staff suggests renaming
Criteria B3 “Documentation” and suggests the following language: “The
Reliability Standard requirement requires responsible entities to develop
and/or periodically update a document (e.g., plan, policy or procedure)
which is not necessary to protect BES reliability.” (3) The explanation of
Criterion B6 (Commercial or Business Practice) states that the Reliability
Standard requirement “is a commercial or business practice, e.g., better
served as a NAESB standard or as part of NAESB Electric Industry Registry
(EIR).” However, the technical justifications provided for the application of
the B6 criteria do not state that the standard/requirement should be
addressed in another manner, e.g., with a NAESB standard. Please clarify
or otherwise modify this criterion appropriately. Further, the technical
justification should address the fact that such business practices may not be
applicable to the same entities and may not be mandatory or enforceable.

Northeast Power Coordinating Council

Yes

NPCC participating members support the P81 initiative and agree with the
criteria listed in the SAR to identify Reliability Standard requirements for
retirement. The criteria are also consistent with FERC’s guidance in
Paragraph 81 of the FFT Order. With respect to the words in Criterion A
wording, it could be interpreted as an indication that the original reliability
standard requirement was a mistake. Suggest the SDT consider alternative
wording to indicate that the experience with the requirement, over time,
has proven not to be useful to accomplish its initially intended reliability
objective, or has not produced clear results for the initially intended
reliability objective.Criterion A, and Technical Criteria B9 “Little, if any,
value as a reliability requirement” are redundant.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment

Yes

In general, we agree with the criteria. However, we do offer two
suggestions. First, in criterion B.1, we suggest striking “and is needlessly
burdensome”. If the activity does not support reliability the burden is
irrelevant. Second, we suggest if there are current standards under
development that are already proposing to retire requirements that those
requirements should be considered for inclusion in this project. In order to
include those requirements, the proposed reason for retirement should
align with one of the criteria in this project. This would accelerate the
retirement of unnecessary requirements. Third, we suggest requirements
that are assigned to the wrong functional entities should be added as a
criterion for revision/retirement.

Yes

The Trade Associations agree with the criteria listed in the SAR to identify
Reliability Standard requirements for retirement. As noted above, the
criteria were the product of intense discussions among numerous
stakeholders, including the Trade Associations, NERC, and the Regional
Entities. The criteria are also consistent with FERC’s guidance in paragraph
81 of the FFT Order.

SPP Standards Review Group

Yes

We concur that the proposed criteria are a good starting point for the
evaluation of requirements to be retired.

Salt River Project

Yes

We like the criteria and methodology.

ACES Power Marketing Standards
Collaborators

The Edison Electric Institute (EEI), the
National Rural Electric Cooperative
Association (NRECA), the Electric Power
Supply Association (EPSA), the
Transmission Access Policy Study Group
(TAPS), Electricity Consumers Resource
Council (ELCON), the American Public
Power Association (APPA), the Large Public
Power Council (LPPC) and, the Canadian
Electricity Association (CEA) (collectively,
the Trade Associations).

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment

SRC

Yes

The criteria listed in the SAR capture the right categories; however,
consider restructuring B1. B2 through B5 are examples of administrative
requirements and should possibly be sub-items of B1. While we generally
support this proposed effort and agrees with most of the criteria, the
exception is B5: “The Reliability Standard requirement requires responsible
entities to periodically update (e.g., annually) documentation, such as a
plan, procedure or policy without an operational benefit to reliability.”Take
for example the system restoration plan. An annual review is necessary to
ensure that the plan recognizes BES facility changes that occurred since the
last review/update. Another example is the exceptions to the cyber security
policy that needs to be reviewed and approved by the senior manager or
delegate(s) to ensure the exceptions are still required and valid. Applying
this criterion in a broad brush manner without looking at each requirement
may result in removing requirements that are still needed for reliability. In
addition, the acid test for retirement of a requirement is when the standard
drafting team reviews the overall reliability impact of removing a particular
requirement from a standard, and how it may affect other related
standards. In brief, it may be a bit premature to pass on this judgment at
the SAR stage. We urge the SAR proponent to simply suggest that the
proposed requirements be considered and evaluated by the SDT as
opposed to making a presumption (and hence setting a high expectation for
the industry) that the proposed list will be retired. And, in order to meet
the requirements for regulatory approval, we suggest the SDT to provide
strong technical basis to justify each retirement.

Manitoba Hydro

Yes

The technical criteria B.9, "Little if any, value as a reliability requirement", is
very subjective and should be redefined or clarified.

Georgia System Operations Corporation

Yes

Georgia System Operations agrees with the criteria listed in the SAR to
identify Reliability Standard requirements for either modification or

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment
withdrawal.

seattle city light

Yes

Seattle City Light supports the consolidated comments of the industry Trade
Organizations.

NV Energy

Yes

We agree with the Overarching Criterion and the specific Technical Criteria,
and believe that the types of requirements specified in the Technical
Criteria can be eliminated without any impact to reliable operation of the
interconnected transmission system.

Occidental Energy Ventures Corp.

Yes

Occidental Energy Ventures Corp. ("OEVC") fully supports the efforts taken
by the Trades, NERC, and the Regional Entity Management Group to
develop the criteria to identify requirements that may be eligible for
retirement and modification. The overarching criterion is extremely
important in our view, as it serves to remind us all that FERC’s original
purpose as defined by Section 215(a)(4) of the Federal Power Act is to
oversee wide-area reliability of the bulk power system. In recent years, the
Commission’s authority has expanded into distribution systems and
localized load shedding - important issues, but already regulated by the
PUCs. In our view, this is duplicative work that increases costs without
serving improved reliability.OEVC also believes that the technical criteria
are appropriate and complete for now. However, in our view, Item #8
“Hinders the protection or reliable operation of the BES” and Item #9
“Little, if any, value as a reliability requirement” will need further
refinement in future phases of this project. Both are quite subjective, and
FERC in our opinion will only respond to fact-based quantitative data that
shows that BPS reliability is not improved by a given reliability requirement.
A painful reminder may be the requirement for secondary Facility Ratings
(FAC-008-3) which FERC clearly perceives to be a reliability imperative
despite overwhelming industry rejection of the concept. It is unlikely that
this view will change unless tangible cost/benefit evidence to the contrary

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment
is provided to the Commission.

South Carolina Electric and Gas

Yes

I support removing redundancy and any items that are not related to
reliability impacts.

Georgia Transmission Corporation

Yes

Georgia Transmission Corporation agrees with the criteria listed in the SAR
to identify Reliability Standard requirements for either modification or
withdrawal.

Electric Reliability Council of Texas, Inc.

Yes

ERCOT agrees with the ISO/RTO SRC comments. However, in addition for
SRC comments, ERCOT offers the following:
ERCOT agrees with the
criteria listed in the SAR to identify Reliability Standard requirements for
retirement in Phase 1. However, the criteria used for future phases should
remain flexible. The initial list should not preclude the use of additional
criteria for future phases where additional criteria support the elimination
of requirements in those efforts.

SERC EC Planning Standards
Subcommittee

Yes

Southwest Power Pool Regional Entity

Yes

Bonneville Power Administration

Yes

Dominion

Yes

Pepco Holdings Inc & Affiliates

Yes

PPL Corporation NERC Registered
Affiliates

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Tampa Electric Company

Yes

City of Garland

Yes

Entergy Services, Inc.

Yes

Wolverine Power Supply Cooperative,
Inc.

Yes

Central Husdon Gas & Electric
Corporation

Yes

Tucson Electric Power

Yes

American Electric Power

Yes

Public Service Enterprise Group

Yes

CPS Energy

Yes

Duke Energy

Yes

Edison Mission Marketing & Trading

Yes

Illinois Municipal Electric Agency

Yes

Essential Power, LLC

Yes

Idaho Power Company

Yes

Occidental Power Services, Inc.

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Question 1 Comment

Organization

Yes or No

City of Austin dba Austin Energy

Yes

Transmission Agency of Northern
California

Yes

Ameren

Yes

Kansas City Power & Light

Yes

MidAmerican Energy Company

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Question 1 Comment

The Initial Phase of the P81 project is designed to identify all FERC-approved Reliability Standard requirements that easily satisfy
the criteria. Do you agree that the suggested list of Reliability Standard requirements included in the draft SAR easily satisfy the
criteria listed in the draft SAR? If you disagree, please provide a statement supporting what Reliability Standard requirements
you would add or subtract from the Initial Phase, including a citation to at least one element of Criterion B, as applicable.

Summary Consideration:
A. Support for Initial List
The majority of commenters support the initial list of requirements suggested for retirement in the draft SAR. Supporters include SPP
Standards Review Group, The Edison Electric Institute (EEI), the National Rural Electric Cooperative Association (NRECA), the Electric
Power Supply Association (EPSA), the Transmission Access Policy Study Group (TAPS), Electricity Consumers Resource Council (ELCON),
the American Public Power Association (APPA), the Large Public Power Council (LPPC), the Canadian Electricity Association (CEA)
(collectively, the Trade Associations), Salt River Project, SRC, Georgia System Operations Corporation, Seattle City Light, Duke Energy, NV
Energy, Occidental Energy Ventures Corp., South Carolina Electric and Gas, Ameren, Electric Reliability Council of Texas, Inc., SERC EC
Planning Standards Subcommittee, Dominion, Pepco Holdings Inc & Affiliates, PPL Corporation NERC Registered Affiliates, Tampa
Electric Company, Manitoba Hydro, City of Garland, Entergy Services, Inc., Wolverine Power Supply Cooperative, Inc., Central Hudson
Gas & Electric Corporation, Tucson Electric Power, CPS Energy, Edison Mission Marketing & Trading, Illinois Municipal Electric Agency,
Idaho Power Company, City of Austin dba Austin Energy, Transmission Agency of Northern California, and Kansas City Power & Light.
Also, the following entities appear to generally support the current list, while requesting additional requirements to be added: Georgia
Transmission Corporation, Occidental Power Services, Inc., American Electric Power, and ACES Power Marketing Standards
Collaborators. This level of support appears to be a testament to the hard work of the collaborative process and provides significant
context in which to consider the merits of those stakeholders who requested that certain requirements be added or removed from the
initial list.
B. Concerns with requirements included in the initial list
Comment
Northeast Power Coordinating Council (NPCC), Southwest Power Pool Regional Entity (SPP RE), Western Electricity Coordinating Council
(WECC), NERC staff technical review (NERC staff) presented concerns with retiring requirements related to PRC-008-0 and PRC-009-0.
Response

Consideration of Comments: Project 2013-02 Paragraph 81

As SRC points out, PRC-009-0 is already scheduled to be retired. More specifically, in Order No. 763 at Paragraph 103 3 the Commission
accepted the retirement of PRC-009-0 as appropriately replaced with PRC-006-1. Consistent with Order No. 763, PRC-009-0 will become
inactive on September 30, 2013 and will be replaced by PRC-006-1. Similarly, under Standards Development Project 2007-17 Protection
System Maintenance, which recently passed stakeholders vote on August 27, 2012, PRC-008-0 is scheduled to be retired and replaced
with PRC-005-2. PRC-005-2 will likely be presented to the NERC Board of Trustees in November for approval. To avoid confusion and
promote regulatory efficiency, the P81 SDT intends to present PRC-008-0 and PRC-009-0 in the final SAR for informational purposes
only. Accordingly, PRC-008-0 and PRC-009-0 will not be included in the P81 project for purposes of comment and ballot.
Comment
NPCC is concerned that it may only receive information related to UVLS program assessment and performance after an event if PRC010-0 R2 and PRC-022-1 R2 are retired.
Response
The P81 SDT believes it is appropriate to retire PRC-010-0 R2 and PRC-022-1 R2 because the Regional Entities’ current compliance and
monitoring processes provide for the review of UVLS program assessment and performance during a spot check, compliance audit, etc.,
which makes PRC-010-0 R2 and PRC-022-1 R2 unnecessary. Thus, the P81 SDT believes that PRC-010-0 R2 and PRC-022-1 R2 should
remain within the scope of P81 for purposes of comment and ballot.
Comment
WECC and SPP RE requested that CIP-007-3 R7.3 not be retired, based on concerns related to demonstrating compliance with other
requirements.
Response
These concerns appear to miss the essential aspect of the P81 project which is to retire requirements that do little to protect BES
reliability. The P81 SDT believes that data retention in and of itself has little to do with protecting BES reliability, particularly when the
Regions have authority to request data to show compliance with any mandatory Reliability Standard. Thus, hardwiring in data retention
into mandatory Reliability Standard requirements does not seem aligned with generally accepted methods of auditing or promoting an
effective and efficient ERO compliance program. In other words, it seems to adopt the position of WECC and SPP RE on this matter
could essentially be an endorsement that every Reliability Standard requirement should be accompanied with a mandatory data
retention requirement, which would seem counterintuitive given the processes set for in the Compliance Monitoring and Enforcement
Program. Thus, the P81 SDT believes that CIP-007-3 R7.3 should remain within the scope of P81 for purposes of comment and ballot.
3

Automatic Underfrequency Load Shedding and Load Shedding Plans Reliability Standards, 139 F.E.R.C. ¶ 61,098 (2012).

Consideration of Comments: Project 2013-02 Paragraph 81

Comment
WECC also disagrees with the inclusion of IRO-016-1 R2 with a concern that Reliability Coordinators must be required to document their
actions for compliance and enforcement purposes.
Response
Reliability Coordinator actions are conducted over recorded lines or via written directives, and, thus, the documentation is already
available for a Regional Entity to inspect. Further, during a spot check or compliance audit a Regional Entity has the authority to request
information, as well as the entity has the burden to prove compliance – if the entity chooses to prove compliance via recorded phone
lines or logs is not necessarily an appropriate subject for a mandatory Reliability Standard. Thus, the P81 SDT believes that IRO-016-1 R2
should remain within the scope of P81 for purposes of comment and ballot.
Comment
WECC and NERC staff express concerns with including MOD-004-1. Specifically, WECC states:
MOD-004 is not redundant to TOP-002 even though the CBM itself may be a tariff issue and rarely used. The reliability piece is that if the
CBM is used by a TSP then the details of it must be available for use in system studies. Without the awareness of a transmission
holdback for CBM when it exists, a network study could be run and show no issues but if at some time the CBM were implemented an
overload could result. This might not always be the case but unless the CBM parameters are known and modeled it could impact
reliability.
NERC staff suggests that MOD-004-1 may be more appropriate for a subsequent phase unless a solid technical justification can be
developed for MOD-004-1 that addresses relevant FERC’s ruling.
Response
One of the tenants of the initial phase of P81 is that the requirement does not need significant technical justifications or editing.
Notwithstanding the apparent support for MOD-004-1 to be part of the P81 project, it is also apparent to the P81 SDT that at this time
MOD-004-1 needs additional review and consideration prior to any decision to retire all or part of its requirements. It is also
noteworthy that there are a large number of requests to consider other MOD standards in subsequent phases, and it is likely
appropriate to consider the MOD Standards as a whole so that MOD-004-1 can be more thoroughly analyzed. For example, CBM is
referenced in a number of MOD Standards, such as MOD-001-1a, MOD-008-1 and MOD-028-1. Thus, the P81 SDT has removed MOD004-1 from the list of requirements proposed for the initial phase and MOD-004-1 will be considered in a subsequent phase of the P81
project.
Comment

Consideration of Comments: Project 2013-02 Paragraph 81

WECC, Public Service Enterprise Group and Essential Power, LLC state that CIP-002-1a R4 should not be retired. WECC makes several
points, including:
“An entity has many enforcement agencies to contact without the FBI listed in the operating instructions they could easily be
overlooked. . . . . Retiring R4 will remove the incentive of having a working relationship with the FBI, especially among the smaller
entities. Retiring R4 may effectively delay or prevent the FBI from rapidly locating those responsible for sabotage.”
Also, Public Service Enterprise Group and Essential Power, LLC state:
“If the entity owns or operates a BES asset, there is a clear reliability benefit to have appropriate law enforcement contacts and
procedures to address sabotage or other security incidents. Similarly, the federal agencies feel that this is a good idea. In a coordinated
attack environment, sabotage reporting to these Law enforcement agencies from the BES operators and owners would improve the
ability of a coordinated response.”
Response
The P81 SDT believes that the practices and procedures discussed by WECC, Public Service Enterprise Group and Essential Power, LLC
are accomplished via R1 through R3 of CIP-002-1a, not R4. For example, consistent with R2,4 it is common practice to contact local law
enforcement authorities when there is any suspicion that sabotage has occurred at a BES facility. The entity’s corporate security and
site personnel will consult with local law enforcement to assess the situation and facts to determine whether a suspected or actual act
of sabotage has occurred. If they find a suspected or actual act of sabotage has occurred, reliability entities as well as the Federal
Bureau of Investigation (FBI) or Royal Canadian Mounted Police (RCMP), as appropriate, will be contacted in accordance with R2. Thus,
pursuant to R1 through R3, when there is an instance of sabotage that warrants contacting the FBI or RCMP or any other federal or
national governmental authority, entities will contact them. Conversely, the requirement in R4 to establish communication contacts
with the FBI or RCMP, as applicable, is purely an administrative, documentation and data collection task requirement – there is no
operational or results-based aspect of R4, like there is with R1 through R3. Accordingly, in CIP-001-2a R1 through R3 serve the resultsbased reliability function, while R4 is a static, administrative requirement that has no direct or clear nexus to protecting BES reliability.
For these reasons, the P81 SDT believes that CIP-001-2a R4 should remain within the scope of P81 for purposes of comment and ballot.
Comment
Bonneville Power Administration, WECC and NERC staff do not support the proposed retirement of TOP-001-1a R3.
4

Consideration of Comments: Project 2013-02 Paragraph 81

Response
Bonneville Power Administration, WECC and NERC staff all make valid points. Although there is redundancy between TOP-001-1a R3
and IRO-001-1a R8 related to Reliability Coordinators, this redundancy was addressed in Standards Development Project 2007-03 (Realtime Operations). Specifically, Project 2007-03 eliminated the redundancy in the current version of TOP-001-2 R1 that replaces TOP001-1a R3 and reads as follows:
Each Balancing Authority, Generator Operator, Distribution Provider, and Load-Serving Entity shall comply with each Reliability Directive
issued and identified as such by its Transmission Operator(s), unless such action would violate safety, equipment, regulatory, or
statutory requirements.
TOP-001-2 has been approved by the NERC Board of Trustees and will be filed with the Commission for approval; therefore, the P81 SDT
intends to present TOP-001-1a R3 in the final SAR for informational purposes only. Accordingly, TOP-001-1a R3 will not be included in
the P81 project for purposes of comment and ballot.
Comment
SRC and NERC staff state that VAR-002-WECC-1 R2 and VAR-501-WECC-1 R2 should not be included in the P81 project until they have
first been processed for retirement via the WECC regional standards process.
Response
SRC and NERC staff make a valid point that regional standards proposed for retirement need to first proceed through their region prior
to being considered for retirement via a NERC standards development project. For these procedural concerns, VAR-002-WECC-1 R2 and
VAR-501-WECC-1 R2 have been removed from the P81 project; however, the P81 SDT encourages WECC to consider the deliberations of
the collaborative process and act on retiring VAR-002-WECC-1 R2 and VAR-501-WECC-1 R2, as appropriate.
Comment
Central Hudson Gas & Electric Corporation, Public Service Enterprise Group, and American Electric Power and Essential Power, LLC
express concern with the inclusion of CIP-003-3 R4 and its sub-requirements in the P81 project. AEP states:
“AEP recommends instead that CIP-003 R1 be removed in which case CIP-003 R3 (and CIP-003 R2.4) can also be removed. However, if
the drafting team does not agree with this recommendation, CIP-003 R3 must be retained in order for entities to take targeted
exception(s) where applicable (for example, in circumstances where an entity’s program is more stringent than the CIP requirements).”
Public Service Enterprise Group and Essential Power, LLC indicate that “[t]he exceptions language in R3, though rarely used, allows for
those instances where an entity is unable to conform with it's cyber security policy.”
Response
Consideration of Comments: Project 2013-02 Paragraph 81

The reason for retiring CIP-003-3, -4 R3 and its sub-requirements is directly applicable to the concerns expressed. In other words,
although the CIP exception requirements have never been available for use to exempt an entity from compliance with any requirement
of any NERC Reliability Standard, entities apparently are reading the CIP exception requirements out of context. These requirements
only apply to exceptions to internal corporate policy, and only in cases where the policy exceeds a NERC Reliability Standard
requirement or addresses an issue that is not covered in a NERC Reliability Standard. For example, if an internal corporate policy
statement requires that all passwords be a minimum of eight characters in length, and be changed every 30 days, this provision could be
used for internal governance purposes to lessen the corporate requirement back to the password requirements in CIP-007 R5.3, or in
conjunction with a Technical Feasibility Exception (TFE) to something else. Therefore, removal of this requirement has no effect on the
TFE process or compliance with any other CIP requirement. Also, the retirement of the CIP exception requirements would not impact an
entity’s ability to maintain such a process within their corporate policy governance procedures. Consequently, the CIP exception
requirements provide little protection for BES reliability and are an internal administrative and documentation requirement that is
outside the scope of the other CIP requirements. Thus, the P81 SDT believes that CIP-003-3, -4 R3 and its sub-requirements should
remain within the scope of P81 for purposes of comment and ballot.
Comment
Public Service Enterprise Group and Essential Power, LLC also request the P81 project not include EOP-004-1 R1 because it will soon be
replaced by EOP-004-2.
Response
The P81 SDT notes that the past ballot of EOP-004-2 did not pass and it is currently in the balloting stage. The P81 SDT has coordinated
its efforts with the chair of Project 2009-01 and both agree there is no conflict between retiring EOP-004-1 R1 and the direction of
Project 2009-01. At such time that the EOP-004-2 project does obtain stakeholder approval and is scheduled for NERC Board of Trustees
review, P81 SDT will reconsider the need to include EOP-004-1 R1. Thus, at this time, the P81 SDT believes that EOP-004-1 R1 should
remain within the scope of P81 for purposes of comment and ballot.
Comment
Public Service Enterprise Group and Essential Power, LLC further request that FAC-002-1 R2 be removed from the P81 project based on
the concern that the three year study retention requirement could be increased to six years via compliance and monitoring data
retention.
Response
The concern of Public Service Enterprise Group and Essential Power, LLC, however, appears to miss the essential aspect of the P81
project in its initial phase which is to retire requirements that do little to protect BES reliability. Thus, hardwiring in data retention

Consideration of Comments: Project 2013-02 Paragraph 81

mandatory requirements does not seem aligned with generally accepted methods of auditing or promoting an effective and efficient
ERO compliance program. Accordingly, the P81 SDT believes that FAC-002-1 R2 should remain within the scope of P81 for purposes of
comment and ballot.
Comment
NERC staff questioned the inclusion of FAC-008-1 R2, FAC-008-1 R3, FAC-008-3 R4, FAC-008-3 R5 and FAC-013-2 R3 in the P81 project.
Specifically, NERC staff states:
“These requirements, combined with others, provide checks and balances on the Facility Rating Methodology and Transfer Capability
methodology established by the responsible entities. This provides a reliability benefit by requiring the responsible entity to consider
areas in which their methodology may not be sufficient to support reliable operation of the interconnected transmission system. There
may be better ways of assuring that entities have sufficient methodologies and alternatives should be considered during Phase II. NERC
Staff suggests that the SDT reconsider whether discussing the methodology (and not the numerical rating of a facility) has commercial or
market related implications. With respect to FAC-013-2 R3, NERC Staff suggests that the SDT reconsider whether the requirement
relates to “a back and forward on transfer capability” as noted in the draft SAR, as the requirement pertains only to the methodology for
determining transfer capability.”
Response
The P81 SDT notes that Page 5 of NERC’s Standards Process Manual states:
“A Reliability Standard includes a set of Requirements that define specific obligations of owners, operators, and users of the North
American Bulk Power Systems. The Requirements shall be material to reliability and measurable.”
It appears difficult to read into the plain language of FAC-008-1 R2, FAC-008-1 R3, FAC-008-3 R4, FAC-008-3 R5 and FAC-013-2 R3 specific
obligations that are material to reliability and measurable or provide more than a little amount of protection to BES reliability. For
instance, in practice, while the owners of ratings and transmission capability methodologies have made these documents available for
comment during the duration of the mandatory Reliability Standard regime, experience shows that little, if any, technical comments
have not been submitted on these documents. In the regional processes, entities are on a variety of committees and have professional
relationships, and, therefore, if they have a concern with a methodology, they have ample opportunity to seek out professional
technical critique as a best practice. FAC-008-1 R2, FAC-008-1 R3, FAC-008-3 R4, FAC-008-3 R5 and FAC-013-2 R3 seem toonly formalize
a vehicle for professional technical critique without an exacting nexus between it and reliability. Given that entities that develop these
methodologies must comply with rigorous requirements in FAC-008 and FAC-013, the P81 SDT believes that the addition of a mandatory
best practice technical critique process does not seem necessary, material or measurable. It is also noteworthy that there is no
obligation for any entity to request a methodology nor is there any obligation on the owner of the methodology to respond to any

Consideration of Comments: Project 2013-02 Paragraph 81

comments with any level or burden of technical thoroughness. Thus, the P81 SDT believes that FAC-008-1 R2, FAC-008-1 R3, FAC-008-3
R4, FAC-008-3 R5 and FAC-013-2 R3 should remain within the scope of P81 for purposes of comment and ballot.
C. Suggested additions to the initial list
Comment
NPCC suggests adding FAC-003-1 R3, FAC-003-1 R4, CIP-005-3 R4, and CIP-007-3 R8.
Response
While the P81 SDT believes there appears to be merit in considering the FAC-003 and CIP requirements suggested by NPCC, these
requirements were discussed in the collaborative process and it was generally agreed that these requirements need additional technical
review prior to any consideration of retirement. Thus, these requirements will be considered in a subsequent phase of the P81 project.
Comment
NPCC and SRC suggest adding IRO-014-2 R2 and it sub-requirements. According to NPCC, these requirements are administrative
requirements only and do not enhance reliability, while SRC states that these requirements satisfy Criterion B1 and Criterion B5.
Response
While IRO-014-2 R2 seems like a valid candidate for P81, it is not a FERC-approved Reliability Standard. At this time, it has been adopted
by the NERC Board of Trustees and has yet to be filed with FERC for approval. As the P81 project matures or a more formalized
approach to P81 is adopted by NERC in its Rules of Procedures or processes, the consideration of Reliability Standards not yet approved
may be practical. However, at this time, the scope of the P81 project remains FERC-approved Reliability Standards. The exception to
this is if a FERC-approved requirement being proposed for retirement is duplicated in a standard that has only been adopted by the
NERC Board of Trustees. Thus, at this time, IRO-014-2 R2 is not ripe for consideration in P81.
Comment
ACES Power Marketing Standards Collaborators suggests adding FAC-010-2.1 R5 and FAC-011-2 R5 in the initial phase for the following
reasons:
“FAC-010-2.1 R5 is an administrative requirement for the Planning Authority to respond to comments on its SOL methodology. Failure
to provide a written response to technical comments does not impact reliability. The PC is already required to distribute its
methodology in R4. Any functional entity that would have provided technical comments will see any adjustments. This requirement
meets Criteria B.1 and B.9.(7) FAC-011-2 R5 is an administrative requirement for the Reliability Coordinator to respond to comments on
its SOL methodology. Failure to provide a written response to technical comments does not impact reliability. The RC is already
required to distribute its methodology in R4.”
Consideration of Comments: Project 2013-02 Paragraph 81

Response
ACES Power Marketing Standards Collaborators’ position is similar to the reasons that FAC-008-1 R2, FAC-008-1 R3, FAC-008-3 R4, FAC008-3 R5 and FAC-013-2 R3 were included in the draft SAR as satisfying the criteria and appropriate for retirement. Further, the
language in all of these Reliability Standard requirements is very similar. Thus, the P81 SDT has added FAC-010-2.1 R5 and FAC-011-2 R5
to the initial phase of P81.
Comment
ACES Power Marketing Standards Collaborators suggests that IRO-005-3 R11 is redundant with MOD-028-1 R6.1, MOD-029-1a R3, and
MOD-030-2 R2.4 and that the MOD standards already require the Transmission Service Provider to consider IROLs and SOLs when
determining Available Transfer Capability/Available Flowgate Capability and Total Transfer Capability. Specifically, IRO-005-3 R11 reads:
“The Transmission Service Provider shall respect SOLs and IROLs in accordance with filed tariffs and regional Total Transfer Calculation
and Available Transfer Calculation processes.”
Response
It appears that while IRO-005-3 R11 may be redundant for the reasons stated by ACES Power Marketing Standards Collaborators;
however, this requirement has been retired in IRO-005-4, which was approved by the Board of Trustees and is pending a filing at FERC.
Thus, recognizing that that Project 2006-06 Reliability Coordination has already received many of the necessary approvals to retire IRO005-3 R11, it does not seem to serve regulatory efficiency to include IRO-005-3 R11 in the P81 project as well. Thus, the P81 SDT did not
add IRO-005-3 R11 to the initial phase of P81.
Comment
ACES Power Marketing Standards Collaborators suggests COM-001-1.1 should be retired because English is the dominant language used.
Response
To retire such a requirement would possibly need coordination with the Canadian authorities in French speaking provinces and those in
areas of the United States were Spanish is a first language. Such coordination would seem to complicate the retirement of COM-0011.1, and, thus, the P81 SDT believes it is more appropriately considered in a subsequent phase.
Comment
With regard to VAR-001-2 R5, ACES Power Marketing Standards Collaborators states that it:
“. . . is redundant with FERC’s pro forma tariff and was originally included in the NERC policies to align them with said tariff. The
requirement compels the PSE and LSE to arrange for reactive resources to satisfy the reactive requirements of the Transmission Service

Consideration of Comments: Project 2013-02 Paragraph 81

Provider. PSEs and LSEs cannot purchase transmission service without purchasing reactive service or demonstrating to the transmission
provider that they have arranged for reactive resources. From a practical perspective, this means they always purchase reactive service
from the Transmission Provider. Furthermore, it is the Transmission Operator that actually ensures reactive resources are dispatched
per VAR-001-2 R2.”
Response
The P81 SDT notes that when approving VAR-001, in Order No. 693 at Paragraph 1858,5 the Commission recognized:
“. . . that all transmission customers of public utilities are required to purchase Ancillary Service No. 2 under the OATT or self-supply,
but the OATT does not require them to provide information to transmission operators needed to accurately study reactive power needs.
The Commission directs the ERO to address the reactive power requirements for LSEs on a comparable basis with purchasing-selling
entities.”
ACES Power Marketing Standards Collaborators states VAR-001-2 R5 appears to be redundant with Ancillary Service No. 2 under the
OATT. Moreover, VAR-001-2 R5 is very limited to this OATT obligation and regional process, and, therefore, does not speak to the
Commission’s concern related to providing information to Transmission Operators for accurate reactive power studies. Therefore, it
appears that VAR-001-2 R5 satisfies the P81 criteria by doing little to protect BES reliability and being redundant with the OATT. Thus,
the P81 SDT has added VAR-001-2 R5 to the initial phase of P81.
Comment
ACES Power Marketing Standards Collaborators also suggests adding BAL-002 R1, BAL-002 R3, BAL-005-0.1b R1 and its subrequirements, INT-004-2 R1, and TOP-005-2a R3.
Response
The P81 SDT notes that during the collaborative process the linkage between the BAL and INT standards was discussed and there seems
to be merit considering whether some BAL and INT standards could be combined. The Trade Associations, among others, suggested this
be conducted in a subsequent phase of P81. Given the complexity related to the linkage between the BAL and INT standards, along with
TOP-005-2a R3, the P81 SDT believes that additional review should be conducted in a subsequent phase of P81 prior to retiring the
suggested BAL and INT standards.
Comment

VAR-001-2 was approved via a Letter Order issued on January 10, 2011.

Consideration of Comments: Project 2013-02 Paragraph 81

ACES Power Marketing Standards Collaborators also suggests including PRC-011-0 R2, PRC-015-0 R3, PRC-016-0.1 R3, PRC-017-0.1 R2,
PRC-021-0.1 R2, PRC-023-1 R2, and PRC-023-2 R3. American Electric Power suggests the following additions: PRC-021-1 R2; PRC-018-1
R5; PRC-016-0.1 R3; PRC-015-0 R3; PRC-011-0 R2; PRC-007-0 R3; CIP-006 R1.5; CIP-004-3 R4; CIP-007 R5.1.1; CIP-007 R5.1.3; CIP-007
R6.3; CIP-007 R6.4; CIP-003-3, CIP-003-4 R1; CIP-003-3, CIP-003-4 R1.2; CIP-003-3, CIP-003-4 R1.3; CIP-003-3, CIP-003-4 R2.4; CIP-003-3,
CIP-003-4 R3. Tampa Electric recommends that the P81 SDT ensure that the CIP requirements proposed for removal via P81 are also
removed from v5 of the NERC CIP standards. Tampa Electric also supports the consideration of the following for NERC CIP standards:
(1) Removal of data collection requirements (CIP-005-3a,-4a R5.3, CIP-006-3c,-4c R7 and R8.3, CIP-007-3,-4 R5.1.2, R6.4and R7.3, CIP008-3,-4 R2); and (2) Removal of annual review requirements (CIP-002-3,-4 R4, CIP-003-3,-4 R1.3, R4.3, R5.1.2, and R5.3, CIP-006-3c,-4c
R1.8, CIP-007-3,-4 R9, and CIP-009-3,-4 R1).
Response
There was much discussion around the PRC and CIP standards during the collaborative process. There are several issues that impact the
retirement of these requirements including not creating a reporting gap by retiring PRC standards and the coordination of CIP standards
with the Version 5 SDT. Given these complications, the P81 SDT believes it is best to consider these CIP and PRC Standards as part of a
subsequent phase of the P81 project. To address Tampa Electric’s other concern, the P81 SDT has been coordinating its activities with
the CIP Version 5 SDT, and will continue to do so, so that the agreed upon retirements do not reemerge in CIP Version 5.
Comment
Occidental Power Services, Inc. requests the removal of the PSE function from the applicable sections of the following: INT-001-3 R1,
INT-004-2 R2, IRO-001-1.1 R3, IRO-001-1.1 R8, IRO-005-3 R10, TOP-005-2 R3, and VAR-001 R5. ACES Power Marketing Standards
Collaborators also suggests removing PSE and LSE the applicable sections of IRO-005-3 R10.
Response
The removal of applicable from the requirements is an interesting suggestion that would take some more technical review and
modification of the requirements. Thus, the P81 SDT believes this suggestion is more appropriate for consideration in a subsequent
phase of P81.
Comment
Georgia Transmission Corporation suggests the following additions: MOD-016-1.1 R1, MOD-016-1.1 R1.1, MOD-016-1.1 R3, MOD-0170.1 R1, MOD-017-0.1 R1.1, MOD-017-0.1 R1.2, MOD-017-0.1 R1.3, MOD-017-0.1 R1.4, MOD-018-0 R1, MOD-018-0 R1.2, MOD-018-0
R1.3, MOD-018-0 R2, MOD-019-0.1 R1, MOD-020-0 R1, MOD-021-1 R1, MOD-021-1 R2, MOD-021-1 R3, PRC-005-1b R2, PRC-005-1b
R2.1, PRC-005-1b R2.2, PRC-006-1 R7, PRC-006-1 R8, PRC-006-1 R14, PRC-007-0 R2, PRC-007-0 R3, PRC-011-0 R2, PRC-015-0 R3, PRC017-0 R2, PRC-018-1 R5, PRC-021-1 R2, PRC-023-1 R3.3, and TOP-001-1a R4.

Consideration of Comments: Project 2013-02 Paragraph 81

Response
Georgia Transmission Corporation points out many of the same requirements that the trade associations suggest for subsequent phases
of the P81 project. As mentioned above, for example, we are deferring the consideration of MOD-004-1 to a subsequent phase so it may
be considered in the context of other MOD Standards. The P81 SDT believes it is more appropriate to consider Georgia Transmission
Corporation’s suggestions in a subsequent phase.
Comment
South Carolina Electric and Gas asked if the measures associated with requirements being proposed for retirement would be modified
or removed as well.
Response
The relevant measures and other associated elements will be marked as retired in the standard. These will be identified in the redlines
of the standards that will be posted with the requirements during the next comment period.
Comment
ERCOT states that the justification statement for BAL-005-0.1b R2 could benefit from additional clarification regarding how it is
redundant with BAL-001 R1 and R2 and the justification for EOP-009-2 R2 should also be enhanced.
Response
The P81 SDT notes that additional clarification for BAL-005-0.1b R2, EOP-009-0 R2 and other requirements will be included in the
technical white paper being developed by the P81 SDT.
In summary, of the initial list in the draft SAR, MOD-004-1, VAR-002-WECC-1 R2 and VAR-501-WECC-1 R2 have been deferred to a
subsequent phase. Of the suggested additions, it appears that only VAR-001-2 R5, FAC-010-2.1 R5 and FAC-011-2 R5 satisfy the P81
criteria without significant technical review, and, thus, are appropriate to be added to the final SAR for the initial phase. As a general
note, any requirements suggested for the initial phase, but not adopted, shall be considered by the P81 SDT in a subsequent phase of
the project, and, therefore, the entities do not need to resubmit the requirements.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization
Northeast Power Coordinating
Council

Yes or No

Question 2 Comment

From page 25 of the SAR, “Since PRC-008-0 R1; PRC-008-0 R2; PRC-009-0 R1; PRC009-0 R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC-009-0 R1.4; PRC-009-0 R2; PRC-0100 R2; PRC-022-1 R2 provides little protection to the BES and better handled under
event analysis and lessons learned papers, it should be removed.” is not valid due to
that fact that as of this posting the Event Analysis Program (EAP) has not become part
of the RoP and is therefore a voluntary program. The requirements that are covered
by these standards are mandatory cannot be replaced by a voluntary program. Refer
to the following:Additionally, the EAP process is an after-the-fact Analysis of an event
or events. These standard requirements (PRC-008-0 R1; PRC-008-0 R2; PRC-009-0 R1;
PRC-009-0 R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC-009-0 R1.4; PRC-009-0 R2;
PRC-010-0 R2; PRC-022-1 R2) address different needs which can be determined only
if such an event occurs. For example, from PRC-008-0--”R1. The Transmission Owner
and Distribution Provider with a UFLS program (as required by its Regional Reliability
Organization) shall have a UFLS equipment maintenance and testing program in
place. This UFLS equipment maintenance and testing program shall include UFLS
equipment identification, the schedule for UFLS equipment testing, and the schedule
for UFLS equipment maintenance.” This requirement addresses the need to have an
equipment maintenance and testing program in place prior to an event. Discovering
that an entity did not have this as a result of an event analysis would, in this case, be
after the damage is done and would not serve reliability. Analyzing why the UFSL
program did not operate properly would come under the purview of the EAP but that
is different from the Standard’s intent. PRC-008-0--”R2. The Transmission Owner and
Distribution Provider with a UFLS program (as required by its Regional Reliability
Organization) shall implement its UFLS equipment maintenance and testing program
and shall provide UFLS maintenance and testing program results to its Regional
Reliability Organization and NERC on request (within 30 calendar days).” If the EAP
was relied upon to meet this requirement the receipt or confirmation of this program
would only occur after an event. PRC-009-0--”R1. The Transmission Owner,
Transmission Operator, Load-Serving Entity and Distribution Provider that owns or
operates a UFLS program (as required by its Regional Reliability Organization) shall

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
analyze and document its UFLS program performance in accordance with its Regional
Reliability Organization’s UFLS program. The analysis shall address the performance
of UFLS equipment and program effectiveness following system events resulting in
system frequency excursions below the initializing set points of the UFLS program.
The analysis shall include, but not be limited to:R1.1 A description of the event
including initiating conditions.R1.2 A review of the UFLS set points and tripping
times.R1.3 A simulation of the event.R1.4 A summary of the findings."Although this
Standard appears that it could be covered under EAP, it is a highly detailed technical
study and needs to be carried out on its own accord. Event Analysis will focus
primarily what caused the event that triggered the UFLS program but not necessarily
the program itself. Because of the importance of the UFLS program to the reliability
of the system, its performance should not be analyzed only on a voluntary basis and
not only by those entities that actually shed load as a result of the event, but against
the whole regional program.PRC-009-0--”R2. The Transmission Owner, Transmission
Operator, Load-Serving Entity, and Distribution Provider that owns or operates a UFLS
program (as required by its Regional Reliability Organization) shall provide
documentation of the analysis of the UFLS program to its Regional Reliability
Organization and NERC on request 90 calendar days after the system event.”This is
administrative, refer to the response for R1 preceding. PRC-010-0--”R2. The LoadServing Entity, Transmission Owner, Transmission Operator, and Distribution Provider
that owns or operates a UVLS program shall provide documentation of its current
UVLS program assessment to its Regional Reliability Organization and NERC on
request (30 calendar days).” This should not triggered only after an event, see
preceding response for R1 preceding. PRC-022-1--”R2. Each Transmission Operator,
Load-Serving Entity, and Distribution Provider that operates a UVLS program shall
provide documentation of its analysis of UVLS program performance to its Regional
Reliability Organization within 90 calendar days of a request.”This is the same
situation as for the UFLS program. Refer to the responses preceding. IRO-014-2 --The
following requirements in Standard IRO-014-2 are administrative requirements only
and do not enhance reliability, and should be considered for removal in the Initial

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
Phase. “R2. Each Reliability Coordinator shall maintain its Operating Procedures,
Operating Processes, or Operating Plans identified in Requirement R1 as follows:
[Violation Risk Factor: Lower] [Time Horizon: Same Day Operations and Operations
Planning]2.1. Review and update annually with no more that 15 months between
reviews. 2.2. Obtain written agreement from all of the Reliability Coordinators
required to take the indicated action(s) for each update.2.3. Distribute to all
Reliability Coordinators that are required to take the indicated action(s) within 30
days of an update.”FAC-003-1 Requirements R3, and R4 (shown below) and their subrequirements are administrative (reporting) requirements only and do not enhance
reliability, and should be considered for removal in the Initial Phase. R3. The
Transmission Owner shall report quarterly to its RRO, or the RRO’s designee,
sustained transmission line outages determined by the Transmission Owner to have
been caused by vegetation.R4. The RRO shall report the outage information provided
to it by Transmission Owner’s, as required by Requirement 3, quarterly to NERC, as
well as any actions taken by the RRO as a result of any of the reported outages.In
addition, as shown below, CIP-005-3 R4 and CIP-007-3 R8 are essentially the same.
Suggest to eliminate CIP-005-3 R4 and include assessment of access points in CIP007-3 R8.CIP-005-3 R4:"R4. Cyber Vulnerability Assessment - The Responsible Entity
shall perform a cyber vulnerability assessment of the electronic access points to the
Electronic Security Perimeter(s) at least annually. The vulnerability assessment shall
include, at a minimum, the following: R4.1. A document identifying the vulnerability
assessment process; R4.2. A review to verify that only ports and services required for
operations at these access points are enabled; R4.3. The discovery of all access points
to the Electronic Security Perimeter; R4.4. A review of controls for default accounts,
passwords, and network management community strings; R4.5. Documentation of
the results of the assessment, the action plan to remediate or mitigate vulnerabilities
identified in the assessment, and the execution status of that action plan." CIP-007-3
R8:"R8. Cyber Vulnerability Assessment - The Responsible Entity shall perform a cyber
vulnerability assessment of all Cyber Assets within the Electronic Security Perimeter
at least annually. The vulnerability assessment shall include, at a minimum, the

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
following: R8.1 A document identifying the vulnerability assessment process; R8.2 A
review to verify that only ports and services required for operation of the Cyber
Assets within the Electronic Security Perimeter are enabled; R8.3 A review of controls
for default accounts; and, R8.4 Documentation of the results of the assessment, the
action plan to remediate or mitigate vulnerabilities identified in the assessment, and
the execution status of that action plan."

Southwest Power Pool
Regional Entity

SPP RE does not agree that PRC-008 R1 and R2 should be retired or that they provide
"little protection to the BES and [are] better handled under event analysis and
lessons learned papers". UFLS equipment maintenance and testing programs ARE
important to BES reliability, in a preventative mode, and are NOT covered under the
Event Analysis process. Preventative maintenance is very important to reliability;
without it, events are more likely. Industry should not wait for an event to happen to
collect information and consider maintenance and testing. UFLS is the last line of
"defense in depth protection of the BES" (Criteria C6). SPP RE’s comment follows the
discussion around removing PRC-005 and its relationship to BES reliability.SPP RE
does not agree that CIP-007-3 R7.3 should be retired. R7.3 requires the Responsible
Entity to maintain records of how data storage media was erased or destroyed prior
to disposal or redeployment of the Cyber Asset (which could be simply the media
previously removed from the Cyber Asset). In the absence of such records, the
Responsible Entity cannot demonstrate compliance with CIP-007-3 R7.1 and CIP-0073 R7.2, rendering those requirements not auditable. Elimination of this requirement
could also result in a loss of visibility of Cyber Assets that have been disposed of or
redeployed, also hampering the ability of the Responsible Entity to demonstrate
compliance and the Compliance Enforcement Authority to audit compliance with the
remaining requirements.

Bonneville Power
Administration

BPA does not support the proposed retirement of TOP-001-1a R3. BPA does not
agree that TOP-001-1a R3 is redundant with IRO-001-1a R8 because IRO-001-1a R8
only addresses RC directives, whereas TOP-001-1a R3 addresses both RC directives
and TOP directives. BPA believes that retiring TOP-001-1a R3 before TOP-001-2 R1 is

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
effective would create a gap because no requirement would address TOP directives.
BPA supports the additional proposed retirements and thanks the drafting team for
their efforts.

ACES Power Marketing
Standards Collaborators

(1) We believe there are other requirements that easily meet the criteria. (2) VAR001-2 R5 is redundant with FERC’s pro forma tariff and was originally included in the
NERC policies to align them with said tariff. The requirement compels the PSE and
LSE to arrange for reactive resources to satisfy the reactive requirements of the
Transmission Service Provider. PSEs and LSEs cannot purchase transmission service
without purchasing reactive service or demonstrating to the transmission provider
that they have arranged for reactive resources. From a practical perspective, this
means they always purchase reactive service from the Transmission Provider.
Furthermore, it is the Transmission Operator that actually ensures reactive resources
are dispatched per VAR-001-2 R2. Thus, VAR-001-2 R5 satisfies criteria B.1, B.6, B.7,
and B.9.(3) BAL-002 R1 and R3 are redundant. R1 compels the BA to have access to
and operate Contingency Reserve to respond to disturbances. R3 requires the BA to
activate sufficient Contingency Reserve to comply with DCS. We suggest removing R1
because it is redundant (Criterion B.7). This applies to both versions 0 and 1 of the
standard.(4) BAL-005-0.1b R1 and its sub-requirements are not necessary. All
generation, transmission and load is currently contained within the metered
boundaries of a BA. It is impossible to add new generation, transmission and load
and not be within the metered boundaries of a BA. To do so, would require the
equipment owner to carve out an area from the BA. For example, if a TO added a
new transmission line, it would have to put a meter on both ends to carve it out of
any BA footprint. In the process, they, in effect, create a new BA. The only way these
requirements can’t be met would be if BAs started removing metering equipment en
masse. Given removing metering equipment has significant financial consequences
due to inaccurate energy accounting; it is not going to happen. Thus, it meets
Criterion B.9. Furthermore, TOs are already required to identify metering
requirements in FAC-001-0 R2.1.6 as part of its facility connection requirements. It
also meets Criterion B.7.(5) COM-001-1.1 is unnecessary and the audit of it has

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
largely become a demonstration that it is an administrative requirement. English is
the primary language across the vast majority of the Interconnections under NERC’s
purview and it is the primary language in all of the areas under FERC’s jurisdiction.
For the few companies in areas where English is not predominant, those companies
will be unable to meet other requirements if they use a different language to speak
with companies from predominantly speaking English languages. Furthermore,
audits have regulated this to predominantly an administrative requirement. The
auditors largely look for statement that the English language is required despite the
fact that all evidence has been provided in English, observations of control center
conversations have shown English is used, and the audit has been conducted in
English. If there is a need for this requirement, it should be relegated to a regional
requirement for those regions that include areas that do not speak predominantly
English. Thus, this requirement meets Criteria B.1 and B.9.(6) FAC-010-2.1 R5 is an
administrative requirement for the Planning Authority to respond to comments on its
SOL methodology. Failure to provide a written response to technical comments does
not impact reliability. The PC is already required to distribute its methodology in R4.
Any functional entity that would have provided technical comments will see any
adjustments. This requirement meets Criteria B.1 and B.9.(7) FAC-011-2 R5 is an
administrative requirement for the Reliability Coordinator to respond to comments
on its SOL methodology. Failure to provide a written response to technical
comments does not impact reliability. The RC is already required to distribute its
methodology in R4. Any functional entity that would have provided technical
comments will see any adjustments when they receive the methodology. This
requirement meets criteria B.1 and B.9.(8) INT-004-2 R1 has nothing to do with
reliability and should be included in the list of retirements. Failing to reload an
Interchange Transaction that was curtailed for a reliability event has no reliability
impact. It is a remnant from the NERC Policies that was added at the request of
market participants because once transactions were cut, reliability entities did not
always allow the transaction to resume once the reliability issue had been addressed.
This is strictly a commercial issue. Thus, this requirement meets Criterion B.9.(9)

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
IRO-005-3 R10 should be modified to reflect the functional model. In cases where
there are differences in derived limits, PSEs and LSE cannot operate to the most
limiting parameters. They are not in a position to even have information on the
parameters such as facility ratings. Rather, their role is to follow directives. Thus,
inclusion of PSE and LSE in the requirement does not support reliability. Thus, this
requirement meets Criterion B.9. (10) IRO-005-3 R11 is redundant with MOD-028-1
R6.1, MOD-029-1a R3, and MOD-030-2 R2.4. The MOD standards already require the
TSP to consider IROLs and SOLs when determining Available Transfer
Capability/Available Flowgate Capability and Total Transfer Capability. This
requirement meets Criterion B.7. (11) PRC-011-0 R2 should be retired. A
requirement is not needed to compel the TO and DP to provide data on its UVLS
equipment maintenance program to the Regional Entity. The Regional Entity’s CMEP
and NERC’s Rules of Procedure compel the TO and DP to provide information
regarding enforceable requirements per the Regional Entity’s request. This
requirement meets Criteria B.1, B.4, and B.9.(12) PRC-015-0 R3 should be retired. A
requirement is not needed to compel the TO, GO and DP to provide data on their
Special Protection Systems (SPS) to the Regional Entity. The Regional Entity’s CMEP
and NERC’s Rules of Procedure compel the TO, GO and DP to provide information
regarding enforceable requirements per the Regional Entity’s request. This
requirement meets Criteria B.1, B.4, and B.9.(13) PRC-016-0.1 R3 should be retired.
A requirement is not needed to compel the TO, GO and DP to provide data on their
SPS Misoperations analyses and corrective action plans to the Regional Entity. The
Regional Entity’s CMEP and NERC’s Rules of Procedure compel the TO, GO and DP to
provide information regarding enforceable requirements per the Regional Entity’s
request. This requirement meets Criteria B.1, B.4, and B.9.(14) PRC-017-0.1 R2
should be retired. A requirement is not needed to compel the TO, GO and DP to
provide documentation of the SPS maintenance and testing program to the Regional
Entity. The Regional Entities CMEP and NERC’s Rules of Procedure compel the TO,
GO and DP to provide information regarding enforceable requirements per the
Regional Entity’s request. This requirement meets Criteria B.1, B.4, and B.9.(15) PRC-

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
021-0.1 R2 should be retired. A requirement is not needed to compel the TO and DP
to provide UVLS program data to the Regional Entity. The Regional Entities CMEP and
NERC’s Rules of Procedure compel the TO and DP to provide information regarding
enforceable requirements per the Regional Entity’s request. This requirement meets
Criteria B.1, B.4, and B.9.(16) PRC-023-1 R2 and PRC-023-2 R3 are redundant with
FAC-008-1 R1.2.1 and FAC-008-3 Part 2.4.1. FAC-008-1 R1.2.1 and FAC-008-3 Part
2.4.1 already require the GO and TO to consider relay protective devices when
determining facility ratings. The DP cannot limit the Facility Rating because a DP does
not have Transmission Facilities. They only have relays that impact Facility Ratings
that must ultimately be considered by the TO. This requirement meets Criterion
B.7(17) TOP-005-2a R3 is redundant with the INT standards and should be retired. In
the NERC Functional Model, the only role for the PSE is to facilitate Arranged
Interchange. The INT standards already govern Arranged Interchange and contain
the necessary information that the PSE must provide. Furthermore, Project 2007-03
Real-Time Operations has proposed retirement of this requirement as it is redundant
with NAESB e-Tag specifications. Beyond the E-tag data there is no additional
information that a PSE or LSE could provide for the BA or TOP to conduct operational
assessments. This requirement meets Criteria B.6, B.7 and B.9.(18) PRC-006-1 R7
should be retired. Failure by a Planning Coordinator to provide data to another
Planning Coordinator within 30 days is not a reliability issue because Planning
Assessments have long time lines to complete the studies. Furthermore, any failure
to provide data within 30 calendar days is most likely a simple oversight. If a Planning
Coordinator refuses to provide data, the requesting Planning Coordinator may get
involved and which will compel them to provide the data. This can be done without
the need for this requirement. This requirement meets criterion B.4.

Western Electricity
Coordinating Council

WECC supports the majority of the Standards Requirements identified, but notes
concerns with the following. WECC recommends eliminating CIP-003 R1 in its
entirety.WECC disagrees with the inclustion of CIP-007, R7.3. This requirement is
necessary for entity’s to demonstrate compliance with the other sub-requirements of
CIP 007 R7. However, this requirement could be moved to a Measure or RSAW to

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
demonstrate compliance with the other sub-requirements of CIP-007, R7.WECC
disagrees with the includsion of IRO-016-1, R2. Required documentation of the RC’s
actions to remedy an event is necessary for quality and efficient root cause analysis,
including insight into the RC’s wide view of actions during an event or disagreement.
The language in the SAR statement for IRO-016-1 R2 points to this information being
monitored through Spot Checks or other compliance monitoring methods. If this
standard is removed yet the information is to be included in future compliance
monitoring there must be some sort of methodology that requires the entity to retain
the associated data to be kept for the duration of the required cycle for monitoring
(i.e. audit cycle if monitored through audits). It is important that entities document
the actions taken that analyze the effect on the system as well as the BES for either
an even or/and for the disagreement on the problem. Therefore, it is important that
this information is part of the overall compliance monitoring program.MOD-004 is
not redundant to TOP-002 even though the CBM itself may be a tariff issue and rarely
used. The reliability piece is that if the CBM is used by a TSP then the details of it
must be available for use in system studies. Without the awareness of a transmission
holdback for CBM when it exists, a network study could be run and show no issues
but if at some time the CBM were implemented an overload could result. This might
not always be the case but unless the CBM parameters are known and modeled it
could impact reliability.WECC disagrees with the recommendations with PRC-008-0
R1 and PRC-008-0 R2. Unless these standards are being superseded, WECC does not
agree that they provide “little protection to the BES.” They are not administrative in
nature like the other standards in this group. They insure that maintenance and
testing program is established and implemented for an entity’s UFLS protection
systems. Without these standards, there is reduced assurance that UFLS protection
systems will operate correctly when called upon for an under-frequency event. UFLS
has a vital role in its effectiveness for preserving system stability and elimination of
these standards may reduce its effectiveness. This standard is about making sure the
equipment is maintained not about collecting data. If and when PRC-005-2 is
adopted, and if it were to include the UFLS devices, then this standard should be

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
considered for removal.WECC believes the statements associated with TOP-001-1a,
R3 are incorrect. Removing TOP-001-1a would result in no NERC requirement for
parties to follow TOP directives. The current TOP-001-1a R3 requires BOTH TOP and
RC directives to be followed. The proposed IRO-001-3 R2 requires ONLY RC directives
to be followed. In addition, the SAR statement is incorrect. TOP-001-1a R3 applies to
directives issued by the TOP (and also the RC). IRO-001-1a applies only to directives
from the RC. If the intent, as they state, is to replace TOP-001-1a R3 with IRO-001-3,
that leaves a void for an entity to comply with a directive from the TOP. Only the part
about following an RC directive is redundant. Requirement should be modified to
eliminate the redundancy, but not retired. WECC disagrees witht he inclusion of CIP001, R4. An entity has many enforcement agencies to contact without the FBI listed in
the operating instructions they could easily be overlooked. This Requirement has
encouraged entities to establish a current communication line with the FBI. In fact,
several other larger entities are members of InfraGardÂ®, which is a partnership
between the FBI and the private sector. Retiring R4 will remove the incentive of
having a working relationship with the FBI, especially among the smaller entities.
Retiring R4 may effectively delay or prevent the FBI from rapidly locating those
responsible for sabotage. The requirement is not “needlessly burdensome”, which is
a criteria for deletion.WECC believes the requirements VAR-002-WECC-1, R2, and
VAR-502-WECC-1, R2, are probably the best way of demonstrating compliance with
the accociated R1 requirments. The two VAR R2 requirements do not say the entity
has to submit the information to WECC (Regional Entity), only that it shall have the
documentation to prove exclusion for the sub requirements in R1. We’ve had cases
where entities don’t meet the 98% availability and if the entity was claiming exclusion
time, WECC would want to review the documentation that proves the exclusion. It is
in the entity’s best interest to keep exclusion documentation in case its units don’t
make the 98%, but this is beter suited for a Measure or RSAW.

Independent Electricity
System Operator

(1) We generally agree that most of the identified standards/requirements would
meet the proposed criteria. However, as indicated under Q1, we believe that the
“annual review” criterion is too broad which could result in retiring some

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
requirements that are still needed for reliability. In addition, the acid test for
retirement a requirement is when the standard drafting team reviews the overall
reliability impact of removing a particular requirement from a standard, and how it
may affect other related standards. In brief, it is premature to pass on this judgment
at the SAR stage. We urge the SAR proponent to simply suggest that the proposed
requirements be considered and evaluated by the SDT as opposed to making a
presumption (and hence setting a high expectation for the industry) that the
proposed list will be retired. And, in order to meet the requirements for regulatory
approval, we suggest the SDT to provide strong technical basis to justify each
retirement.

American Electric Power

AEP does not disagree with a majority of the requirements proposed by the drafting
team, though we recommend the team reconsider the inclusion of CIP-003 R3 and
associated sub-requirements. AEP recommends instead that CIP-003 R1 be removed
in which case CIP-003 R3 (and CIP-003 R2.4) can also be removed. However, if the
drafting team does not agree with this recommendation, CIP-003 R3 must be
retained in order for entities to take targeted exception(s) where applicable (for
example, in circumstances where an entity’s program is more stringent than the CIP
requirements).AEP would like the team to consider the following additional Reliability
Standard requirements as candidates for retirement on this initial, or subsequent,
request for comment. Standard: PRC-021-1Requirement: R2Requirement Text: Each
Transmission Operator and Distribution Provider that owns a UVLS program shall
provide its UVLS program data to the Regional Reliability Organization within 30
calendar days of a request.Criterion: B4,9Standard: PRC-018-1Requirement:
R5Requirement Text: The Transmission Owner and Generator Owner shall each
archive all data recorded by DMEs for Regional Reliability Organization-identified
events for at least three years.Criterion: B2Standard: PRC-016-0.1Requirement:
R3Requirement Text: The Transmission Owner, Generator Owner, and Distribution
Provider that owns an SPS shall provide documentation of the misoperation analyses
and the corrective action plans to its Regional Reliability Organization and NERC on
request (within 90 calendar days).Criterion: B4Standard: PRC-015-0Requirement:

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
R3Requirement Text: The Transmission Owner, Generator Owner, and Distribution
Provider that owns an SPS shall provide documentation of SPS data and the results of
Studies that show compliance of new or functionally modified SPSs with NERC
Reliability Standards and Regional Reliability Organization criteria to affected
Regional Reliability Organizations and NERC on request (within 30 calendar
days).Criterion: B4Standard: PRC-011-0Requirement: R2Requirement Text: The
Transmission Owner and Distribution Provider that owns a UVLS system shall provide
documentation of its UVLS equipment maintenance and testing program and the
implementation of that UVLS equipment maintenance and testing program to its
Regional Reliability Organization and NERC on request (within 30 calendar
days).Criterion: B4Standard: PRC-007-0Requirement: R3Requirement Text: The
Transmission Owner and Distribution Provider that owns a UFLS program (as required
by its Regional Reliability Organization) shall provide its documentation of that UFLS
program to its Regional Reliability Organization on request (30 calendar
days).Criterion: B4Standard: CIP-006Requirement: R1.5Requirement Text: Review of
access authorization requests and revocation of access authorization, in accordance
with CIP-004-3 Requirement R4.Criterion: B7Standard: CIP-007Requirement:
R5.1.1Requirement Text: The Responsible Entity shall ensure that user accounts are
implemented as approved by designated personnel. Refer to Standard CIP-003-3
Requirement R5.Criterion: B7Standard: CIP-007Requirement: R5.1.3Requirement
Text: The Responsible Entity shall review, at least annually, user accounts to verify
access privileges are in accordance with Standard CIP-003-3 Requirement R5 and
Standard CIP-004-3 Requirement R4.Criterion: B7Standard: CIP-007Requirement:
R6.3Requirement Text: The Responsible Entity shall maintain logs of system events
related to cyber security, where technically Feasible, to support incident response as
required in Standard CIP-008-3.Criterion: B7Standard: CIP-007Requirement:
R6.4Requirement Text: The Responsible Entity shall retain all logs specified in
Requirement R6 for ninety calendar days.Criterion: B1, B3Standard: CIP-003-3, CIP003-4Requirement: R1Requirement Text: Cyber Security Policy - The Responsible
Entity shall document and implement a cyber security policy that represents

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
management’s commitment and ability to secure its Critical Cyber Assets. The
Responsible Entity shall, at minimum, ensure the following:Criterion: B1, B3, B7,
B9Standard: CIP-003-3, CIP-003-4Requirement: R1.2Requirement Text: The cyber
security policy is readily available to all personnel who have access to, or are
responsible for, Critical Cyber Assets. Criterion: B1, B3, B7, B9Standard: CIP-003-3,
CIP-003-4Requirement: R1.3Requirement Text: Annual review and approval of the
cyber security policy by the senior manager assigned pursuant to R2. Criterion:
B5Standard: CIP-003-3, CIP-003-4Requirement: R2.4Requirement Text: The senior
manager or delegate(s), shall authorize and document any exception from the
requirements of the cyber security policy. Criterion: B7Comment: Although AEP does
not necessarily agree with removal of this requirement (see R3 comment below),
R2.4 is redundant with R3.3 (which is being removed) and should probably be
removed along with R3.Standard: CIP-003-3, CIP-003-4Requirement: R3 (R3.1, R3.2,
R3.3)Requirement Text: Exceptions - Instances where the Responsible Entity cannot
conform to its cyber security policy must be documented as exceptions and
authorized by the senior manager or delegate(s). Criterion: Comment: If R1 is not
removed, R3 (or some exception process) is necessary. For example, if the Cyber
Security Policy goes above and beyond the standards, then an exception may be
needed even though the standards are met.

Public Service Enterprise
Group

For these requirements, KEEP:CIP-001-2a R4. If the entity owns or operates a BES
asset, there is a clear reliability benefit to have appropriate law enforcement contacts
and procedures to address sabotage or other security incidents. Similarly, the federal
agencies feel that this is a good idea. In a coordinated attack environment, sabotage
reporting to these Law enforcement agencies from the BES operators and owners
would improve the ability of a coordinated response. Thus we feel that this
requirement should be kept within the standards.CIP-003-3 R3. The exceptions
language in R3, though rarely used, allows for those instances where an entity is
unable to conform with it's cyber security policy. In addition, the requirement has
been approved by the industry and FERC more than once. It's removal may have a
negative impact on the industry. CIP-003-4 R3. The exceptions language in R3, though

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
rarely used, allows for those instances where an entity is unable to conform with it's
cyber security policy. In addition, the requirement has been approved by the
industry and FERC more than once. It's removal may have a negative impact on the
industry. TOP-005-2a R1. "TOP-003-2 requires operating entities such as GOs and TOs
to provide operating data to BAs ands TOPs. In TOP-005-2a, R2 and R3 requires BAs
and TOPs to exchange this data with other BAs and TOPs . R1 requires BA and TOP
recipients of such data to execute a confidentiality agreement so that its
confidentiality is protected. This requirement ultimately protects the confidentiality
of data provided by entities under TOP-003-2.For these requirements, KEEP BUT
MODIFY:FAC-002-1 R2. We believe the three year limitation on documentation sets a
limit; otherwise six years may be required (the period between audits. We do
suggest removing the language " and shall provide the documentation to the
Regional Reliability Organization(s) and NERC on request (within 30 calendar days)."
because we see no reliability benefit.For these rerquirements, KEEP UNTIL
REPLACED:EOP-004-1 R1. NERC's Event Analysis Process was approved by NERC's BOT
on February 9, 2012. This process has already been adopted as RFC's process under
EOP-004-1, R1. Draft standard EOP-004-2 will replace Regional reporting
requirements in R1 with consistent NERC-wide requirements; however, while the
draft does not presently require the use of the NERC Event Analysis Process, that
process is embedded in proposed NERC ROP changes filed with FERC on May 7, 2012.
Keep until these NERC ROP changes are approved by FERC and become effective.PRC008-0 R1. This is required for reliability. Such a testing program has been
incorporated into draft PRC-005-2 When this is adopted, PRC-008-0 can be
retired.PRC-009-0 R1. The NERC Event Analysis Process is embedded in proposed
NERC ROP changes filed with FERC on May 7, 2012. Keep until these NERC ROP
changes are approved by FERC and become effective.PRC-009-0 R1.1. See R1
above.PRC-009-0 R1.2. See R1 above.PRC-009-0 R1.3. See R1 above.PRC-009-0 R1.4.
See R1 above.

Essential Power, LLC

CIP-001-2a, R4. This requirement should be removed from the Paragraph 81 project.
If an entity owns or operates a BES asset, there is a clear reliability benefit to have

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
appropriate law enforcement contacts and procedures to address sabotage or other
security incidents. Similarly, the federal agencies feel that this is a good idea. In a
coordinated attack environment, sabotage reporting to these law enforcement
agencies from the BES operators and owners would improve the ability of a
coordinated response. Thus we feel that this requirement should be kept within the
standards.CIP-003-3, R3. This requirement should be removed from the Paragraph 81
project. The exceptions language in R3, though rarely used, allows for those instances
where an entity is unable to conform to its cyber security policy. In addition, the
requirement has been approved by the industry and FERC more than once. Its
removal may have a negative impact on the industry.CIP-003-4, R3. This requirement
should be removed from the Paragraph 81 project. The exceptions language in R3,
though rarely used, allows for those instances where an entity is unable to conform
to its cyber security policy. In addition, the requirement has been approved by the
industry and FERC more than once. Its removal may have a negative impact on the
industry.EOP-004-1, R1. This requirement should be removed from Phase 1 of the
Paragraph 81 project, until replaced by EOP-004-2. NERC's Event Analysis Process was
approved by NERC's BOT on February 9, 2012. This process has already been adopted
as RFC's process under EOP-004-1, R1. Draft standard EOP-004-2 will replace
Regional reporting requirements in R1 with consistent NERC-wide requirements;
however, while the draft does not presently require the use of the NERC Event
Analysis Process, which is embedded in proposed NERC ROP changes filed with FERC
on May 7, 2012. This requirement should be kept until these NERC ROP changes are
approved by FERC.FAC-002-1, R2. This requirement should be removed from the
Paragraph 81 project, and modified instead. We believe the three year limitation on
documentation sets a limit; otherwise six years may be required (the period between
audits). We do suggest removing the language “and shall provide the documentation
to the Regional Reliability Organization(s) and NERC on request (within 30 calendar
days)." because we see no reliability benefit to this element of the requirement.

Occidental Power Services,

OPSI recommends the following additions for Phase 1 implementation: 1. INT-001-3,
R1. The Load Serving, Purchasing-Selling Entity shall ensure that Arranged

Consideration of Comments: Project 2013-02 Paragraph 81

Organization
Inc.

Yes or No

Question 2 Comment
Interchange is submitted to the Interchange Authority for all Dynamic Schedules at
the expected average MW profile for each hour.Criteria: B6, B9Statement: This
requirement is at best a business practice of markets (protocol). These schedules can
be rejected if not correctly submitted, can be cut if not executed correctly, and the
PSE can be penalized if there are offenses.Recommendation: Remove PSE from R1
and from the Applicability section.2. INT-004-2, R2. The Purchasing-Selling Entity
responsible for tagging a Dynamic Interchange Schedule shall ensure the tag is
updated for the next available scheduling hour and future hours when any one of the
following occurs:o R2.1 The average energy profile in an hour is greater than 250
MW and in that hour the actual hourly integrated energy deviates from the hourly
average energy profile indicated on the tag by more than Â±10%o R2.2 The average
energy profile in an hour is less than or equal to 250 MW and in that hour the actual
hourly integrated energy deviates from the hourly average energy profile indicated
on the tag by more than Â±25 megawatt-hourso R2.3 A Reliability coordinator or
Transmission Operator determines the deviation, regardless of magnitude, to be a
reliability concern and notifies the Purchasing-Selling Entity of that determination
and the reasons. Criteria: B6,B9Statement: This requirement is at best a business
practice of markets (protocol). These schedules can be rejected if not correctly
submitted, can be cut if not executed correctly, and the PSE can be penalized if there
are offenses.Recommendation: Remove PSE from R2 and from the Applicability
section.3. IRO-001-1.1, R3 and R8.R3. The Reliability Coordinator shall have clear
decision-making authority to act and to direct actions to be taken by Transmission
Operators, Balancing Authorities, Generator Operators, Transmission Service
Providers, Load-Serving Entities, and Purchasing- Selling Entities within its Reliability
Coordinator Area to preserve the integrity and reliability of the Bulk Electric System.
These actions shall be taken without delay, but no longer than 30 minutes.R8.
Transmission Operators, Balancing Authorities, Generator Operators, Transmission
Service Providers, Load-Serving Entities, and Purchasing-Selling Entities shall comply
with Reliability Coordinator directives unless such actions would violate safety,
equipment, or regulatory or statutory requirements. Under these circumstances, the

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
Transmission Operator, Balancing Authority, Generator Operator, Transmission
Service Provider, Load-Serving Entity, or Purchasing-Selling Entity shall immediately
inform the Reliability Coordinator of the inability to perform the directive so that the
Reliability Coordinator may implement alternate remedial actions.Criteria:
B9Statement: PSEs do not generally receive Reliability Directives from
RCsRecommendation: Remove PSE from R3 and R8 and from the Applicability
section.4. IRO-005-3, R10. In instances where there is a difference in derived limits,
the Transmission Operators, Balancing Authorities, Generator Operators,
Transmission Service Providers, Load-Serving Entities, and Purchasing-Selling Entities
shall always operate the Bulk Electric System to the most limiting parameter.Criteria:
B9Statement: PSEs do not generally derive limits for the transmission of power over
the BES.Recommendation: Remove PSE from R10 and from the Applicability
section.5. TOP-005-2, R3. Each Purchasing-Selling Entity shall provide information as
requested by its Host Balancing Authorities and Transmission Operators to enable
them to conduct operational reliability assessments and coordinate reliable
operations.Criteria: B6,B9Statement: PSEs have to supply this information as a
requirement for participating in market functions.Recommendation: Remove PSE
from R3 and from the Applicability section.6. VAR-001, R5. Each Purchasing-Selling
Entity shall arrange for (self-provide or purchase) reactive resources to satisfy its
reactive requirements identified by its Transmission Service Provider.Criteria:
B6,B9Statement: This is a requirement to participate in competitive markets
(generally, it is included in the transmission rate) or is required by tariffs in noncompetitive markets. The PSE has no option but to purchase the reactive power in
order to make the transaction.Recommendation: Remove PSE from R5 and from the
Applicability section.

Georgia Transmission
Corporation

GTC agrees that the suggested list easily satisfies the criteria in the draft SAR, but GTC
also believes this is an incomplete list for Phase I. GTC also believes the following
Reliability Standard requirements easily satisfy the criteria listed in the draft SAR and
recommends reconsidering and adding to the list in the initial Phase I.MOD-0161.1;R1:The Planning Authority and Regional Reliability Organization shall have

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
documentation identifying the scope and details of the actual and forecast (a)
Demand data, (b) Net Energy for Load data, and (c) controllable DSM data to be
reported for system modeling and reliability analyses. [Meets Criteria A, B1, B2, B3,
B9]MOD-016-1.1 R1.1 The aggregated and dispersed data submittal requirements
shall ensure that consistent data is supplied for Reliability Standards TPL-005, TPL006, MOD-010, MOD-011, MOD-012, MOD-013, MOD-014, MOD-015, MOD-016,
MOD-017, MOD-018, MOD-019, MOD-020, and MOD-021. The data submittal
requirements shall stipulate that each Load-Serving Entity count its customer
Demand once and only once, on an aggregated and dispersed basis, in developing its
actual and forecast customer Demand values. Meets Criteria A, B1, B3, B4, B9MOD016-1.1 R3 The Planning Authority shall distribute its documentation required in R1
for reporting customer data and any changes to that documentation, to its
Transmission Planners and Load-Serving Entities that work within its Planning
Authority Area. Meets Criteria A, B1, B3, B9MOD-016-1.1 R3.1 The Planning Authority
shall make this distribution within 30 calendar days of approval. Meets Criteria A, B1,
B3, B9MOD-017-0.1 R1 The Load-Serving Entity, Planning Authority and Resource
Planner shall each provide the following information annually on an aggregated
Regional, subregional, Power Pool, individual system, or Load-Serving Entity basis to
NERC, the Regional Reliability Organizations, and any other entities specified by the
documentation in Standard MOD-016-1_R1. Meets Criteria A, B1, B4, B9MOD-0170.1 R1.1 Integrated hourly demands in megawatts (MW) for the prior year. Meets
Criteria A, B1, B4, B9MOD-017-0.1 R1.2 Monthly and annual peak hour actual
demands in MW and Net Energy for Load in gigawatthours (GWh) for the prior year.
Meets Criteria A, B1, B4, B9MOD-017-0.1 R1.3 Monthly peak hour forecast demands
in MW and Net Energy for Load in GWh for the next two years. Meets Criteria A, B1,
B4, B9MOD-017-0.1 R1.4 Annual Peak hour forecast demands (summer and winter) in
MW and annual Net Energy for load in GWh for at least five years and up to ten years
into the future, as requested. Meets Criteria A, B1, B4, B9MOD-018-0 R1 The LoadServing Entity, Planning Authority, Transmission Planner and Resource Planner’s
report of actual and forecast demand data (reported on either an aggregated or

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
dispersed basis) shall: Meets Criteria A, B1, B3, B9MOD-018-0 R1.1 Indicate whether
the demand data of nonmember entities within an area or Regional Reliability
Organization are included, and Meets Criteria A, B1, B3, B9MOD-018-0 R1.2 Address
assumptions, methods, and the manner in which uncertainties are treated in the
forecasts of aggregated peak demands and Net Energy for Load. Meets Criteria A, B1,
B3, B9MOD-018-0 R1.3 Items (MOD-018-0_R 1.1) and (MOD-018-0_R 1.2) shall be
addressed as described in the reporting procedures developed for Standard MOD016-1_R 1. Meets Criteria A, B1, B3, B9MOD-018-0 R2. The Load-Serving Entity,
Planning Authority, Transmission Planner, and Resource Planner shall each report
data associated with Reliability Standard MOD-018-0_R1 to NERC, the Regional
Reliability Organization, Load-Serving Entity, Planning Authority, and Resource
Planner on request (within 30 calendar days). Meets Criteria A, B1, B4, B9MOD-0190.1 R1. The Load-Serving Entity, Planning Authority, Transmission Planner, and
Resource Planner shall each provide annually its forecasts of interruptible demands
and Direct Control Load Management (DCLM) data for at least five years and up to
ten years into the future, as requested, for summer and winter peak system
conditions to NERC, the Regional Reliability Organizations, and other entities (LoadServing Entities, Planning Authorities, and Resource Planners) as specified by the
documentation in Reliability Standard MOD-016-1_R 1. Meets Criteria A, B1, B4,
B9MOD-020-0 R1. The Load-Serving Entity, Transmission Planner, and Resource
Planner shall each make known its amount of interruptible demands and Direct
Control Load Management (DCLM) to Transmission Operators, Balancing Authorities,
and Reliability Coordinators on request within 30 calendar days. Meets Criteria A, B1,
B4, B9MOD-021-1 R1. The Load-Serving Entity, Transmission Planner and Resource
Planner’s forecasts shall each clearly document how the Demand and energy effects
of DSM programs (such as conservation, time-of-use rates, interruptible Demands,
and Direct Control Load Management) are addressed. Meets Criteria A, B1, B3,
B9MOD-021-1 R2. The Load-Serving Entity, Transmission Planner and Resource
Planner shall each include information detailing how Demand-Side Management
measures are addressed in the forecasts of its Peak Demand and annual Net Energy

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
for Load in the data reporting procedures of Standard MOD-016-0_R1. Meets Criteria
A, B1, B3, B9MOD-021-1 R3. The Load-Serving Entity, Transmission Planner and
Resource Planner shall each make documentation on the treatment of its DSM
programs available to NERC on request (within 30 calendar days). Meets Criteria A,
B1, B3, B9PRC-005-1b R2. Each Transmission Owner and any Distribution Provider
that owns a transmission Protection System and each Generator Owner that owns a
generation Protection System shall provide documentation of its Protection System
maintenance and testing program and the implementation of that program to its
Regional Reliability Organization on request (within 30 calendar days). The
documentation of the program implementation shall include: Meets Criteria A, B1,
B3, B9PRC-005-1b R2.1. Evidence Protection System devices were maintained and
tested within the defined intervals. Meets Criteria A, B1, B3, B9PRC-005-1b R2.2. Date
each Protection System device was last tested/maintained. Meets Criteria A, B1, B3,
B9PRC-006-1 R7. Each Planning Coordinator shall provide its UFLS database
containing data necessary to model its UFLS program to other Planning Coordinators
within its Interconnection within 30 calendar days of a request. Meets Criteria A, B1,
B4, B9PRC-006-1 R8. Each UFLS entity shall provide data to its Planning Coordinator(s)
according to the format and schedule specified by the Planning Coordinator(s) to
support maintenance of each Planning Coordinator’s UFLS database. Meets Criteria
A, B1, B4, B9PRC-006-1 R14. Each Planning Coordinator shall respond to written
comments submitted by UFLS entities and Transmission Owners within its Planning
Coordinator area following a comment period and before finalizing its UFLS program,
indicating in the written response to comments whether changes will be made or
reasons why changes will not be made to the following:14.1. UFLS program, including
a schedule for implementation 14.2. UFLS design assessment 14.3. Format and
schedule of UFLS data submittal Meets Criteria A, B1, B3, B9PRC-007-0 R2. The
Transmission Owner, Transmission Operator, Distribution Provider, and Load-Serving
Entity that owns or operates a UFLS program (as required by its Regional Reliability
Organization) shall provide, and annually update, its underfrequency data as
necessary for its Regional Reliability Organization to maintain and update a

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
UFLSprogram database. Meets Criteria A, B1, B4, B9PRC-007-0 R3. The Transmission
Owner and Distribution Provider that owns a UFLS program (as required by its
Regional Reliability Organization) shall provide its documentation of that UFLS
program to its Regional Reliability Organization on request (30 calendar days). Meets
Criteria A, B1, B3, B4, B9PRC-011-0 R2. The Transmission Owner and Distribution
Provider that owns a UVLS system shall provide documentation of its UVLS
equipment maintenance and testing program and the implementation of that UVLS
equipment maintenance and testing program to its Regional Reliability Organization
and NERC on request (within 30 calendar days). Meets Criteria A, B1, B3, B4, B9PRC015-0 R3. The Transmission Owner, Generator Owner, and Distribution Provider that
owns an SPS shall provide documentation of SPS data and the results of studies that
show compliance of new or functionally modified SPSs with NERC Reliability
Standards and Regional Reliability Organization criteria to affected Regional
Reliability Organizations and NERC on request (within 30 calendar days). Meets
Criteria A, B1, B4, B9PRC-017-0 R2. The Transmission Owner, Generator Owner, and
Distribution Provider that owns an SPS shall provide documentation of the program
and its implementation to the appropriate Regional Reliability Organizations and
NERC on request (within 30 calendar days). Meets Criteria A, B1, B3, B4, B9PRC-018-1
R5. The Transmission Owner and Generator Owner shall each archive all data
recorded by DMEs for Regional Reliability Organization-identified events for at least
three years. Meets Criteria A, B1, B2, B3, B9PRC-021-1 R2. Each Transmission Owner
and Distribution Provider that owns a UVLS program shall provide its UVLS program
data to the Regional Reliability Organization within 30 calendar days of a request.
Meets Criteria A, B1, B4, B9PRC-023-1 R3.3. The Planning Coordinator shall provide a
list of facilities to its Reliability Coordinators, Transmission Owners, Generator
Owners, and Distribution Providers within 30 days of the establishment of the initial
list and within 30 days of any changes to the list. Meets Criteria A, B1, B4, B9TOP-0011a R4. Each Distribution Provider and Load-Serving Entity shall comply with all
reliability directives issued by the Transmission Operator, including shedding firm
load, unless such actions would violate safety, equipment, regulatory or statutory

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
requirements. Under these circumstances, the Distribution Provider or Load-Serving
Entity shall immediately inform the Transmission Operator of the inability to perform
the directive so that the Transmission Operator can implement alternate remedial
actions. Same requirement as R3 which made the Phase I list, only difference is
applicability.

NERC Staff Technical Review

After further review, NERC Staff recommends that the SDT review the following
standard requirements and consider moving them from Phase I to Phase II. If the SDT
determines the following standard requirements still fall into Phase I, a more robust
technical justification would be needed.(1) FAC-008-1 R2, R3, FAC-008-3 R4, R5 and
FAC-013-2 R3: These requirements, combined with others, provide checks and
balances on the Facility Rating Methodology and Transfer Capability methodology
established by the responsible entities. This provides a reliability benefit by requiring
the responsible entity to consider areas in which their methodology may not be
sufficient to support reliable operation of the interconnected transmission system.
There may be better ways of assuring that entities have sufficient methodologies and
alternatives should be considered during Phase II. NERC Staff suggests that the SDT
reconsider whether discussing the methodology (and not the numerical rating of a
facility) has commercial or market related implications. With respect to FAC-013-2
R3, NERC Staff suggests that the SDT reconsider whether the requirement relates to
“a back and forward on transfer capability” as noted in the draft SAR, as the
requirement pertains only to the methodology for determining transfer capability.(2)
PRC-008-0 R2: Maintenance and testing of underfrequency load shedding (UFLS)
relays is necessary to assure reliable operation of a UFLS program and this
requirement is included in PRC-005-2 as part of Project 2007-17, Protection System
Maintenance and Testing. NERC Staff recommends that the language in R2 relating
to implementing its UFLS equipment maintenance and testing program remain to
avoid a reliability gap prior to the effective date of PRC-005-2. NERC Staff recognizes
that the second part of R2 does meet the criteria in the SAR and recommends that
the SDT consider revising the requirement in a future phase to remove the language
that requires an entity to “provide UFLS maintenance and testing program results to

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
its Regional Reliability Organization and NERC on request (within 30 calendar days).”
(3) TOP-001-1a R3: The technical justification states that this requirement is
redundant with IRO-001-1a R8. NERC Staff notes that the requirement is only
partially redundant until IRO-001-3 is approved by FERC and therefore, it is
premature to consider it for Phase I; it should be considered for Phase II.(4) MOD004-1: NERC Staff notes that there are a number of Commission directives associated
with MOD-004-1 and the technical justification provided for the elimination of this
standard should directly address these directives. If a solid technical justification
cannot be made, NERC Staff suggests that the requirements should not be included in
Phase I. In addition to the above, NERC Staff recommends that the SDT consider
removing the following standard requirements from the scope of the P81 project:(1)
PRC-008-0 R1: The requirement to have a maintenance and testing program for UFLS
is necessary to assure reliable operation of a UFLS program and this requirement is
included in PRC-005-2 as part of Project 2007-17, Protection System Maintenance
and Testing. NERC Staff recommends retaining R1 to avoid a reliability gap prior to
the effective date of PRC-005-2.(2) PRC-009-0 R1: Analysis to assess the performance
of UFLS equipment and program effectiveness following system events provides a
reliability benefit by identifying whether the UFLS program is effective and whether
modifications are necessary. A requirement similar to R1 is included in FERCapproved standard PRC-006-1 and NERC Staff recommends retaining R1 to avoid a
reliability gap prior to the effective date of PRC-006-1. If the SDT believes this
requirement is not necessary, the justification for removing R1 should discuss
Commission comments in Order No. 763 pertaining to Requirement R11 in PRC-0061.(3) VAR-002-WECC-1 and VAR-501-WECC-1: NERC Staff notes that the regional
standards should be removed from the scope of the P81 project because they must
first be eliminated via the regional standards development process prior to being
processed through the NERC standard development process.

MidAmerican Energy
Company

FERC Order 706 clearly states that an exception forms alternative obligations for the
responsible entity to meet the requirements; an exception is not an exemption from
the requirements. We believe a Responsible Entity should still be allowed to have

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
exceptions to its cyber security policy. MidAmerican Energy Company agrees with the
proposed removal of CIP-003-3 (CIP-003-4) R3, R3.1, R3.2, R3.3, as long as CIP-003-3
(CIP-003-4) R2.4 remains and allows for possible exceptions to a Responsible Entities’
cyber security policy. R2.4 states “The senior manager or delegate(s), shall authorize
and document any exception from the requirements of the cyber security policy.”
When removing requirements eligible for TFEs, revisions to the Rules of Procedure
Appendix 4D - Procedures for Requesting and Receiving Technical Feasibility
Exceptions to NERC Critical Infrastructure Protection Standards will be necessary. For
example, CIP-005-3, R2.6 should be deleted from the list of requirements with TFEs in
the Scope section on page 1 if the requirement is removed as part of this process.

SPP Standards Review Group

The Edison Electric Institute (EEI),
the National Rural Electric
Cooperative Association
(NRECA), the Electric Power
Supply Association (EPSA), the
Transmission Access Policy Study
Group (TAPS), Electricity
Consumers Resource Council
(ELCON), the American Public
Power Association (APPA), the
Large Public Power Council
(LPPC) and, the Canadian
Electricity Association (CEA)
(collectively, the Trade
Associations).

Yes

From our review of the list we feel that this is again, a good starting point, but would
hope that the drafting team could add or subtract requirements as needed as Phase 1
of the project develops.

Yes

The Trade Associations agree with the suggested list of Reliability Standard
requirements contained in the SAR for the Initial Phase of P81.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment

Salt River Project

Yes

SRC

Yes

o PRC-009-0 R1 - R2 are in the process of being retired by PRC-006-1 as such these
requirements will eventually go away. o VAR-002-WECC-1 R2 - Regional
standards/requirements for retirement should go through the regional standards
process not the NERC continent wide process. o VAR-501-WECC-1 R2 - Regional
standards/requirements for retirement should go through the regional standards
process not the NERC continent wide process. o Consider adding IRO-014-2 R2
requirements: R2 Each Reliability Coordinator shall maintain its Operating
Procedures, Operating Processes, or Operating Plans identified in Requirement R1 as
follows: [Violation Risk Factor: Lower] [Time Horizon: Same Day Operations and
Operations Planning]2.1. Review and update annually with no more that 15 months
between reviews. 2.2. Obtain written agreement from all of the Reliability
Coordinators required to take the indicated action(s) for each update.These meet
criteria B1 and B5.

Georgia System Operations
Corporation

Yes

Georgia System Operations agrees with the suggested list of Reliability Standard
requirements contained in the SAR for the Initial Phase of P81.

seattle city light

Yes

Seattle City Light supports the consolidated comments of the industry Trade
Organizations.

Duke Energy

Yes

The initial phase of the P81 project should contain only requirements that can quickly
gain industry and regulatory support and that there is adequate time to prepare a
strong technical justification for. Duke Energy asks the P81 Standards Drafting Team
to ensure these parameters are taken into consideration as the list is finalized, and
move to a subsequent phase any requirements that could take additional time to
develop a strong technical justification and consensus for.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment

NV Energy

Yes

Our review of the rationale for each of the suggested requirements of the draft SAR
supports the conclusion that these requirements should be subject to retirement.

Occidental Energy Ventures
Corp.

Yes

OEVC believes that the phased approach proposed in the SAR is prudent and likely
the most effective. Only the most obvious candidates for retirement or modification
should be presented at this early date. If the industry moves too-far, too-fast, the
result may be a blanket rejection of every proposal. Once FERC is comfortable that
the industry is in-tune to their sense of risk - which includes public perception of their
oversight effectiveness - we believe they will be prepared to deal with requirements
that seem important on the surface, but whose contribution to reliability is illusory.

South Carolina Electric and
Gas

Yes

Will the measures associated with requirements that are up for retirement be
modified or removed?Eg. Removing R2 of a standard but not removing the text in
M1 which refers to R2 of that same standard.

Ameren

Yes

We appreciate the excellent work done by the P81 Project team in developing the
criteria and agree with the list of suggested standards/requirements that easily
satisfy the criteria in this initial phase.

Electric Reliability Council of
Texas, Inc.

Yes

ERCOT agrees with the ISO/RTO SCR comments. However, in addition to the SRC
comments, ERCOT offers the following:ERCOT agrees that all the requirements
included in the SAR warrant retirement based on the relevant criteria, as supported
by the corresponding justification statements. ERCOT offers the following additional
comments related to the justification statements for the SDT’s consideration:BAL005-0.1b R2 - The justification statement could benefit from additional clarification
regarding the reason why this requirement is redundant, because it isn’t readily
apparent why this is redundant with BAL-001 R1 and R2. Maintaining CPS requires
the use of regulation. Therefore, it is implicit that the relevant functional entities
have regulation to comply with BAL-001 R1 and 2. Also, the justification should
clarify the point of the discussion related to equating compliance based on

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
compliance of BAL-001 R 1 and 2 and how that argument justifies retirement. CIP001-2a R4 - The justification statement should clarify that this requirement is
redundant to the communications obligations in R1-3.CIP-003-3, 4 R1.2 - In addition
to the justifications presented in the SAR, the term “readily available” is ambiguous
and creates the opportunity for the use of CEA subjective judgment during
compliance assessments. This is problematic for compliance risk generally, but is
especially problematic when the requirement is administrative in nature. Entities
should not be subject to unnecessary compliance risk based on ambiguity that can
result in subjective compliance determinations based on the opinion of CEA
personnel, as opposed to the four corners of the requirements, especially when the
underlying requirement provides no reliability value. Further evidence that this
requirement serves no purpose is the fact that it is not included in CIP v5. CIP-003-3
R3, 3.1, 3.2 and 3.3 - In addition to the justifications presented in the SAR, this issue is
already fully addressed in the TFE process in Appendix 4D of the ROP, which is not
only adequate, but is the appropriate place for this type of administrative function
related to documentation. There are a specific set of defined requirements that
allow an exception, and those exceptions have be to be filed according to the TFE
process. Thus, the requirements proposed for retirement are redundant to that
process. CIP-003-3, -4 R4.2 - In addition to the justification presented in the SAR, the
phrase “based on sensitivity”, is ambiguous and creates the opportunity to insert
subjective judgment into compliance assessments. This is problematic for
compliance risk generally, but especially when the requirement is administrative in
nature AND redundant. Entities should not be subject to unnecessary compliance
risk based on ambiguity resulting in subjective compliance determinations, as
opposed to the four corners of the requirements, especially when the underlying
requirement provides no operational reliability value. Further evidence that this
requirement serves no purpose is the fact that it is not included in CIP v5. CIP-005-3a,
-4a R2.6 - The justification statement could benefit from additional clarification as to
why the banner is not useful. An appropriate use banner has not been useful over
time, because people who intend to use sites inappropriately will simply ignore the

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
banner. Banners are generally considered to be a legal protection and not a security
protection. Further evidence that this requirement serves no purpose is the fact that
it has been removed from CIP v5 because the use of banners does not meet a
reliability objective.CIP-007-3, -4 R7.3 - In addition to the justification presented in
the SAR, it should be noted that to demonstrate that an entity performed the data
destruction under R7.1 and R7.2, the entity needs to collect evidence. Having a
separate requirement for evidence is redundant and not needed. COM-001-1.1 R6 In addition to the justification presented in the SAR, the justification statement could
note that this policy should be documented in the ROP for information within
NERCNet that is considered sensitive or impacting to the BES. It should be a
voluntary best practice or business practice for other information so that entities may
use it, or use some other policy that better fits its circumstances. The justification
should state that the NERCNet policy should be a voluntary best practice type of issue
for information that is not considered sensitive or impacting to the BES. EOP-009-0
R2 - This is a reporting obligation and a documentation issue. The justification
statement should also note that both documentation and reporting on this does not
rise to the level of a reliability standard. The statement could note that this may be a
best practices issue, but just for documentation. Reporting test results to REs isn’t a
best practice. Additionally, the justification should not state that the relevant
information is better considered / obtained during an audit. If it’s not relevant to the
mandatory requirements, then it has no place in CMEP proceedings.FAC-002-1 R2 The justification should not include that the relevant information is better considered
/ obtained during an audit. If it’s not relevant to the mandatory requirements, then it
has no place in CMEP proceedings.FAC-008-1 R1.3.5 - In addition to the justification
presented in the SAR, the justification statement could note that the term “other
assumptions” is ambiguous and introduces the potential for inefficient/ineffective
administration of the CMEP due to introduction of subjectivity and opinions into
compliance assessments. This is problematic for compliance risk generally, but
especially when the requirement is administrative in nature AND redundant. Entities
should not be subject to unnecessary compliance risk based on ambiguity resulting in

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
subjective compliance determinations, as opposed to the four corners of the
requirements, especially when the underlying requirement provides no operational
reliability value.FAC-008-1 R2; FAC-008-1 R3; FAC-008-3 R4; FAC-008-3 R5 - In
addition to the justification presented in the SAR, the justification statement could
note that it is inappropriate for entities other than the owners of equipment to
establish facility ratings. The owners don’t have to change their ratings, but the
scheme is far more effective if the respective functional roles are distinct and not
blurred by the review process contemplated in the requirements proposed for
retirement. The owners should set the ratings and the RCs receive them and perform
their functions in accordance with those ratings. The RC should not be involved with
the TO/GO business-management of their equipment. Also, by keeping the roles
distinct, it mitigates any liability risk of the third party if the owner uses its input and
then the equipment breaks because of the new rating;FAC-013-2 R3 - Same comment
as above.MOD-004-1 R1; MOD-004-1 R1.1; MOD-004-1 R1.2; MOD-004-1 R1.3; MOD004-1 R2; MOD-004-1 R3; MOD-004-1 R3.1; MOD-004-1 R3.2; MOD-004-1 R4; MOD004-1 R4.1; MOD-004-1 R4.2; MOD-004-1 R5; MOD-004-1 R5.1; MOD-004-1 R5.2;
MOD-004-1 R6; MOD-004-1 R6.1; MOD-004-1 R6.2; MOD-004-1 R7; MOD-004-1 R8;
MOD-004-1 R9; MOD-004-1 R9.1; MOD-004-1 R9.2; MOD-004-1 R10; MOD-004-1
R11; MOD-004-1 R12; MOD-004-1 R12.1; MOD-004-1 R12.2; MOD-004-1 R12.3 ERCOT agrees with the comments/justifications.PRC-008-0 R1; PRC-008-0 R2; PRC009-0 R1; PRC-009-0 R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC-009-0 R1.4; PRC-0090 R2; PRC-010-0 R2; PRC-022-1 R2 - In addition to the justification presented in the
SAR, the justification statement could note that the tasks required in these standards
are administrative/documentation/reporting in nature and they don’t affect
reliability from a standards perspective. These could either be best practices or
evidentiary in RSAWs - e.g. provide UFLS/UVLS program documentation - which could
be relative to requirements that have actionable UVLS/UFLS requirements;TOP-0011a R3 - ERCOT agrees with the justification with regard to the RC function, but the
TOP standard also requires BAs/GOPs to follow the directives of the TOP, so the two
relevant requirements are not apples to apples. Modification to one or the other

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
may be needed to ensure appropriate authority and corresponding obligation to
follow that authority is reflected in one or the other standard, or both, but eliminate
overlaps.TOP-005-2a R1 - ERCOT agrees with the justification. This should either be
in the ROP or just via the ISN access process/agreement.VAR-002-WECC-1 R2; VAR501-WECC-1 R2 - ERCOT agrees with the justification, but if the
documentation/reporting are not relevant for the requirement, then the SAR should
not suggest the REs should seek the info in CMEP proceedings, which should solely
focus on compliance with the substance of the standards.

SERC EC Planning Standards
Subcommittee

Yes

Dominion

Yes

Pepco Holdings Inc & Affiliates

Yes

PPL Corporation NERC
Registered Affiliates

Yes

Tampa Electric Company

Yes

Manitoba Hydro

Yes

City of Garland

Yes

Entergy Services, Inc.

Yes

Wolverine Power Supply
Cooperative, Inc.

Yes

Central Husdon Gas & Electric

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment

Corporation
Tucson Electric Power

Yes

CPS Energy

Yes

Edison Mission Marketing &
Trading

Yes

Illinois Municipal Electric
Agency

Yes

Idaho Power Company

Yes

City of Austin dba Austin
Energy

Yes

Transmission Agency of
Northern California

Yes

Kansas City Power & Light

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

The subsequent phases of the P81 project are designed to identify all FERC-approved Reliability Standard requirements that
could not be included in the Initial Phase due to the need for additional analysis or an editing of language. Please list any
Reliability Standard requirements that you believe should be revised or retired in a subsequent phase, and include a brief
supporting statement and citation to at least one element of Criterion B for each requirement listed.

Summary Consideration:
The P81 SDT is very appreciative of the time and effort the commenters spent developing their responses to Question 3. The
commenters proposed numerous requirements for consideration in a subsequent phase, including requirements in BAL, CIP, INT, FAC,
MOD, and PRC Reliability Standards, among others. As a general observation, the commenters suggested several ways to handle
Reliability Standard requirements in the subsequent phases, including (i) retiring a requirement; (ii) modifying the requirement; (iii)
changing the functional applicability of a requirement; and (iv) combining requirements or standards. Also, several commenters, such
as ERCOT, Independent Electricity System Operator and SPP Standards Review Group requested the ability to raise additional Reliability
Standard requirements during the subsequent phases. Given the level of interest in the subsequent phases of the P81 project, it is
appropriate for the P81 SDT to carefully consider how best to propose a process for the subsequent phases. To some extent, ERCOT
said it well:
“The SDT should establish a prospective process that provides adequate time and opportunity for entities to perform a meaningful
review of remaining requirements to determine which additional requirements warrant retirement and to develop appropriate criteria,
if relevant, that may be incremental to the ones proposed in this SAR, and to develop appropriate retirement justifications based on the
relevant retirement criteria.”
Consequently, while all the requests for consideration of Reliability Standard requirements in subsequent phases will receive
consideration (including those requirements suggested for Phase I, but deferred to a subsequent phase), the process by which that
consideration will be undertaken needs to be developed in light of the requirements suggested for subsequent phases. Accordingly,
based on the comments, the P81 SDT intends to develop and suggest options to the Standards Committee in the near future on how to
move forward with the subsequent phases.

Organization

Yes or No

ACES Power Marketing

Question 3 Comment
(1) EOP-002-3 R6 and R7 and their sub-requirements are redundant with BAL-001-

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Standards Collaborators

Question 3 Comment
0.1a R1 and R2 and BAL-002 R4. BAL-001-0.1a R1 compels a BA to meet CPS1. BAL001-0.1a R2 compels a BA to meet CPS2. BAL-002 R4 compels a BA to respond meet
the DCS for all reportable events less than MSSC. EOP-002-3 R6 and R7 do not make
the BA any more or less responsible to meet these requirements but rather creates
an opportunity for double jeopardy. Furthermore, EOP-002-3 R6 and R7 do not make
any sense in context with the CPS1 and CPS2 calculations. They are averages over a
long term and would never require the emergency actions listed in the subrequirements to comply with them. These requirements have already proven to
incent behavior that is contrary to reliability (criterion B.8). At the August NERC BOT
meeting, the NERC OC Chair explained that a BA shed load to meet the DCS criterion
even though there were no other concerns (i.e. voltage, frequency, IROL or SOL
violations) on the transmission system at the time. These requirements meet
criterion B.7. (2) EOP-004-1 R2 should be considered for future retirement. The
approval of the Event Analysis Procedure obviates the need for a standard
requirement to analyze Bulk Electric System disturbances. This would be especially
true if the procedure is added to the Rules of Procedure as NERC has planned. This
requirement meets criterion B.7.(3) Retirement of FAC-001-0 R3 should be
considered in the next phase. There is an implied obligation for the TO to update its
Facility connection requirements when they change. Additionally, a requirement to
make them available to the Regional Entity and users of the transmission system is
unnecessary. First, the Regional Entity could request them through the compliance
monitoring process. Second, the TO will provide the Facility connection requirements
to those with genuine interconnection requests because the TO will want its
connection standards met. This requirement meets criterion B.4, B.7 and B.9. (4)
FAC-002-1 R1 should be revised to reflect the NERC Functional Model because it
assigns the requirements to the wrong functional entities. The Transmission Planner
and Planning Coordinator are responsible for conducting the assessments for new
Facilities. The requirement appears to be an attempt to require the GO, TO, DP, and
LSE to coordinate with the TP and PC. However, the requirement actually defines
what is required in the TP and PC assessments which unfortunately place these

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
responsibilities on the GO, TO, DP and LSE. None of these functional entities have the
capability to meet requirements such as performing dynamics studies. This
requirement meets criterion B.8. (5) VAR-001-2 R2 and TOP-006-2 R2 are duplicate
requirements. VAR-001-2 R2 compels the TOP to acquire sufficient reactive
resources. TOP-006-2 R2 requires the RC, TOP and BA to monitor reactive resources.
Since VAR-001-2 R2 applies all the time, a TOP cannot know they have acquired and
maintained reactive resources unless they are monitoring them. Furthermore, TOP006-2 R2 incorrectly applies to the BA. According to the NERC Functional Model, the
BA cannot monitor reactive resources that are not generators and have no role in
ensuring system voltages. Thus, TOP-006-2 R2 meets criterion B.7 because it is
redundant, and it meets criteria B.8 and B.9 because it assigns responsibility to a
functional entity (BA) that cannot meet it. This distracts the BA from its reliability
mission.

Independent Electricity
System Operator

(1) IRO-004-2 R1 could be retired if the wording in IRO-001-1.1 R8 was changed to
cover all operating timeframes (Criterion B7). (2) We do not have any other particular
standards/requirements in mind at this time. However, we will review and propose
additional candidates for future phases as this project gets into the mid or end of
Phase I. We believe the industry should focus on the Phase I effort at this time to
gauge the regulator’s and industry’s reaction before marching too far down the path.

Western Electricity
Coordinating Council

CIP 002 R2/R3/R4: Redundant and require revision. Each of these requirements
requires an annual review of the Critical Asset list and Critical Cyber Asset list. WECC
agrees these protections are required, however, the standard should be revised so
either CIP 002-3 R4 is removed and CIP 002-3 R1-R3 are revised to require annual
review and approval of the appropriate documentation, or CIP 002-3 R2 and R3 are
revised to no longer require an annual review.CIP 005 R1.5/006 R3: These are
redundant and should be removed/revised. CIP 006-3 R3 is redundant with CIP 005-3
R1.5. Either CIP 005-3 R1.5 should be revised to no longer require the protections of
CIP 006-3 R3, or CIP 006-3 R3 should be removed and the content of CIP 006 R3
moved to CIP 005 R1.5.CIP 005 R1.5/006 R2.2: Redundant. Should be revised. Devices

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
applicable to these requirements may be redundant if they are classified as CCA (thus
duplicated with CIP 002 - CIP 009) or reside within an ESP (thus duplicated with CIP
007). The requirements should be revised to take into account the situation where a
device resides within an ESP or is classified as CCA, and is a device used in the
EACM/PACM of ESPs/PSPs. Note: It appears this is being addressed in V.5 of CIP.CIP005, R5: Should be removed and the protections highlighted in this requirement
moved to appropriate requirements it references. This will cause less confusion with
entities, and be more precise with exactly what documentation is required to be
reviewed and approved.CIP 005 R5.1/R5.2: Redundant. Should revise CIP 005 R1.6 to
include the wording of CIP 005 R5.1, and remove CIP 005 R5.1. This will cause less
confusion with entities, and be better aligned with the CIP 005 R1.6 requirement.CIP
005 R5.3: Redundant. Should revise CIP 005 R3 to include the wording of this subrequirement, and CIP 005 R5.3 should be removed. This change will create a better fit
in the appropriate requirement, and be less confusing for entities.CIP 007 R9: Should
be removed and the protections highlighted in this requirement moved to
appropriate requirements it references. Thus CIP 007 requirements that require
documentation should include the need to review and update the documentation.
This will cause less confusion with entities, and be more precise with what
documentation is required to be reviewed and approved.EOP-004-1 R3.2: Little, if
any, value as a reliability requirement. This requirement points to attachments that
could be addressed in the main part of the R3 standard. This requirement does
nothing to promote the protection of the BES.VAR-001-2 R10: Redundant. The
reliability purpose for R10 is to make sure that operators don’t think that exceeding
an SOL or IROL due to voltage issues is acceptable. There are multiple standards
requiring operators not exceed and maintain an SOL or IROL with 30 minutes,
regardless of the cause of the exceedance. These standards are TOP-001-2 R7, R11;
TOP-004-2 R1; TOP-007-0 R2; TOP-008-1 R1.

Entergy Services, Inc.

CIP-006 R5 - A revision to the language in CIP-006 R5 is needed in order to require the
review and handling of incidents of unauthorized access (when a door, gate or
window has been opened without authorization), as opposed to what is more

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
accurately characterized as "unsuccessful" access attempts (e.g. invalid access card
swipes). There currently is no definition of "unauthorized access attempts". The
methods to be used for monitoring that are listed in the requirement, however do
list: "Alarm Systems that alarm to indicate a door, gate or window has been opened
without authorization". This method does not indicate that the alarm system must
alarm on card swipes that do not result in the door opening, and be characterized as
"Unauthorized Access attempts". Unsuccessful card swipes at a PSP access point, for
example, do not suggest an unauthorized access attempt. A card swipe can be
unsuccessful for a number of reasons, all of which are recorded by the key card
system, such as the use of a deactivated card, an invalid card format, and a card not
in the card file. An unsuccessful card swipe itself is not an indication that a PSP
access point was “opened within authorization” because it does not indicate that the
door has been opened in any manner. However, in the FAQ guidance for the CIP
Reliability Standards, NERC acknowledged that Responsible Entities can consider
single failed access attempts such as a single failed log-in not to be suspicious events
requiring a response A single failed card swipe should be treated in the same way.
The rewording of this requirement would address Criteria B-8 - "Hinders the
protection or reliable operation of the BES." Investigating and documenting each
unsuccessful card swipe would take a tremendous amount of time and produce a
significant amount of paperwork without providing any additional physical
security.CIP-005 R3 and CIP-006 R5 - Revisions to the wording around the timing of
monitoring both physical and electronic access are needed. CIP-005 R3 - Monitoring
Electronic Access states that "The Responsible Entity shall implement and document
an electronic or manual process(es) for monitoring and logging access at access
points to the Electronic Security Perimeter(s) twenty-four hours a day, seven days a
week." and CIP-006 R5 -Monitoring Physical Access stats that "The Responsible Entity
shall document and implement the technical and procedural controls for monitoring
physical access at all access points to the Physical Security Perimeter(s) twenty-four
hours a day, seven days a week. Unauthorized access attempts shall be reviewed
immediately and handled in accordance with the procedures specified in

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
Requirement CIP-008-3.The "twenty-four hours a day, seven days a week" portion of
these requirements provides an unachievable requirement for 100% uptime for all
systems used to monitor such access. The requirement should allow for a resonable
amount of downtime. Either the "twenty-four hours a day, seven days a week"
wording in these requirements could be removed altogether, or alternative langauge,
such as requiring "High Availability" (for example 99.9% uptime) or some other
wording that allowed for very small amounts of downtime that might be required for
system reboots or minor maintenance.

SRC

Consider including the following standards for review in Phase II:BAL-004-0 - Time
Error CorrectionMOD-030-2 - Flowgate MethodologyPRC-006-1 R8 (provision of
data)PRC-006-1 R14 (administrative - response to written comments)

MidAmerican Energy
Company

Consider the list provided by EEI.

Georgia System Operations
Corporation

EOP-002-3, R1PER-001-0.1, R1Criteria B7, 9Statement: reference to BA or RC
responsibilities and authority are within the criteria of NERC's Functional Model and
so this is redundant. In addition, it is understood that these functions are substantial
if not paramount for an entity to become certified as such. FAC-001-0 (all
requirements)Criteria B 1, 3 and 6Statement: The requirement in FAC-001-0 to
document and publish facility connection requirements has no impact on reliability.
It is purely a document that those considering to interconnect with a transmission
entity may review as a reference. All INT standardsCriteria B 1, 3 and 6Statement:
Many of the INT Reliability Standard requirements are very close to duplicative of
similar requirements in the BAL Reliability Standards or address commercial matters.
As drafted, the INT Reliability Standards include tasks or activities that do little, if
anything, to promote the protection the Bulk Electric System. Note: INT-007-1 R1.2 is
part of Initial Phase. All data collection requirementsCIP-005-3a, 4a R5.3CIP-006c, -4c
R7, R8.3CIP-007-3, -4 R5.1.2; R6.4; R7.3CIP-008-3, -4 R2PRC-018-1, R5Criteria B1,2
and 9Statement: These requirements are for data retention and although the need is

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
substancial, i.e. as a sort of forensic tool, they serve no function to reliability from an
immediate time perspective.Standards currently requiring reporting.Criteria 1, 4 and
9EOP-002-3 R9.2EOP-004-1 R3 and its subrequirements; R4 and R5FAC-003-1 R3;
FAC-003-1 R3.1: FAC-003-1 R3.2: FAC-003-1 R3.3: FAC-003-1 R3.4: FAC-003-1 R3.4.1:
FAC-003-1 R3.4.2: FAC-003-1 R3.4.3: FAC-003-1 R4FAC-010-2.1 R5FAC-011-2 R5FAC013-2 R6MOD-012-0 R2MOD-020-0 R1MOD-021-1 R3PRC-004-1a R3: PRC-004-2a R3:
PRC-004-WECC-1 R.3.PRC-007-0 R2; PRC-007-0 R3; PRC-009-0 R2 PRC-011-0 R2; PRC015-0 R3; PRC-016-0.1 R3; PRC-017-0 R2; PRC-021-1 R2TPL-001-0.1 R3; TPL-002-0b
R3; TPL-003-0a R3; TPL-004-0 R2.Statement: These are all reporting requirements;
they do not aid reliability from an immediate time perspective. If the Regional Entity
desires to review information for purposes of monitoring reliability or assessing risk,
the information should be collected via vehicles other than the Reliability
Standards.Requirements applied to annual reviewsCriteria B1, 2,3 7 and 9CIP-002-2, 4 R4CIP-003-3, -4 R1.3; CIP-003-3, -4 R4.3; CIP-003-3, - 4 R5.1.2; CIP-003-3, - 4
R5.3CIP-006-3c, -4 R1.8CIP-007-3, -4 R9CIP-009-3, -4 R1EOP-005-1 R1; EOP-005-2
R3.1EOP-008-0 R1.7EOP-008-1 R5IRO-014-1 R4.3Statement: These requirements do
not closely relate to operations of the Bulk Electric System. They would be better
served as processes expected of entities to manage their compliance programs and
processes. PRC-005-1b, R2Criteria B4, 9Statement: This requirement needs to be
revised such that language is elminated as it refers to the entity providing to its RE
within 30 days. MOD-016-1.1 and MOD-021-1 (all requirements) Criteria B
9Statement: MOD-016 through MOD-021 are all about long term load forecasting
and reporting of actual loads. Most of this can be eliminated from the standards and
replaced with a data collection process (e.g., DADS). Loads to be used in modeling
should be incorporated in the data requirements of MOD-010 and MOD-012 and not
a separate standard.

Electric Reliability Council of
Texas, Inc.

ERCOT agrees with the ISO/RTO SCR comments. However, in addition to the SRC
comments, ERCOT offers the following:ERCOT supports future phases of the P81
project to eliminate/retire reliability standards that do not facilitate BES reliability.
ERCOT is reviewing all standards to that end, however, developing a list of additional

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
requirements for retirement will require additional time. The SDT should establish a
prospective process that provides adequate time and opportunity for entities to
perform a meaningful review of remaining requirements to determine which
additional requirements warrant retirement and to develop appropriate criteria, if
relevant, that may be incremental to the ones proposed in this SAR, and to develop
appropriate retirement justifications based on the relevant retirement criteria.

City of Austin dba Austin
Energy

FAC-001-0 (all requirements)Criteria B 1, 3 and 6Statement: The requirement in FAC001-0 to document and publish facility connection requirements has no impact on
reliability. It is purely a document that those considering to interconnect with a
transmission entity may review as a reference. Once an interconnection request is
actually made with a transmission owner, the transmission owner performs the FAC002-1 steady-state, short-circuit, and dynamics studies to determine the new
interconnection’s impact on reliability. During the negotiation of an interconnection
agreement the FAC-001-0 referenced material is agreed on and reduced to writing for
purposes of constructing, maintaining and operating the interconnection facilities.
Also, during the entire interconnection process, as FAC-002-1 provides for, the
parties must coordinate and cooperate during the assessment of the reliability
impact of the new interconnection facilities. Thus, FAC-001-0, at best, is a best
practice or helpful initial guide to an entity considering interconnecting, but provides
little, if any, meaningful value to reliability, especially when compared to the actual
benefits to reliability via the FAC-002-1 studies, the execution of a negotiated
agreement and the coordination of activities during constriction and operation of the
new facilities. Accordingly, FAC-001-0 should be retired, and, if necessary, any
requirements that protect reliability should be transferred to FAC-002-1. All INT
Standards Criteria B 6, 7 and 9Statement: Many of the INT Reliability Standard
requirements are very close to duplicative of similar requirements in the BAL
Standards or address commercial matters. As drafted, the INT Reliability Standards
include tasks or activities that do little, if anything, to promote the protection the
Bulk Electric System. Thus, we recommend that the Standards Drafting Team retire
the INT Reliability Standards and, as necessary, transfer any requirement that protect

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
reliability to the BAL Reliability Standards. All data collection requirements not
included in the Initial Phase, more specifically:CIP-005-3a, -4a R5.3CIP-006c, -4c R7,
R8.3CIP-007-3, -4 R5.1.2; R6.4CIP-008-3, -4 R2PRC-018-1 R5Criteria B 1, 2 and
9Statement: These requirements are purely data retention requirements with no
functional nexus to reliability and, therefore, best handled via compliance
monitoring, RSAW or as a data request during an audit. All reporting out
requirements not included in the Initial Phase, more specifically:EOP-002-3 R9.2EOP004-1 R3 and its subrequirements; R4 and R5FAC-003-1 R3; FAC-003-1 R3.1: FAC-0031 R3.2: FAC-003-1 R3.3: FAC-003-1 R3.4: FAC-003-1 R3.4.1: FAC-003-1 R3.4.2: FAC003-1 R3.4.3: FAC-003-1 R4FAC-010-2.1 R5FAC-011-2 R5FAC-013-2 R6MOD-012-0
R2MOD-020-0 R1MOD-021-1 R3PRC-004-1a R3: PRC-004-2a R3: PRC-004-WECC-1
R.3.PRC-007-0 R2; PRC-007-0 R3; PRC-009-0 R2 PRC-011-0 R2; PRC-015-0 R3; PRC016-0.1 R3; PRC-017-0 R2; PRC-021-1 R2TPL-001-0.1 R3; TPL-002-0b R3; TPL-003-0a
R3; TPL-004-0 R2.Criteria B 1, 4 and 9Statement: There is no direct connection
between reporting out of information to an entity or Regional Entity and protecting
reliability. If the Regional Entity desires to review information for purposes of
monitoring reliability or assessing risk, the information should be collected via
vehicles other than the Reliability Standards.Annual reviewsCIP-002-3, R3; CIP-002 -4
R3CIP-003-3, -4 R1.3; CIP-003-3, -4 R4.3; CIP-003-3, - 4 R5.1.2; CIP-003-3, - 4 R5.3CIP006-3c, -4 R1.8CIP-007-3, -4 R9CIP-009-3, -4 R1EOP-005-1 R1; EOP-005-2 R3.1EOP008-0 R1.7EOP-008-1 R5IRO-014-1 R4.3Criteria B 1, 2, 3, 7 and 9Statement: The
annual review and update requirements are arbitrary, administrative and not aligned
with the operation and protection of the Bulk Electric System. These requirements
should be retired or modified to align with how the Bulk Electric System is operated
and protected. Other requirementsCIP-007-3, -4 R7 Criteria B 1, 2, 3 and
7Statement: The essential elements of the process of disposing or redeploying of
Cyber Assets and the associated cyber security are set forth in R7.2 and R7.3. To
require “formal methods, processes and procedures” appears to require formal
documentation for the sake of documentation, rather than allowing the responsible
entity to implement a process that achieves the actions required in R7.2 and R7.3,

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
which may or may not include formal procedures, for example. EOP-004-1 R2Criteria
B 7 Statement: The analysis of the BES for system disturbances is covered in PRC004-2.1a R1. The PRC Requirement R1 calls for the analysis of its transmission
Protection System Misoperations. We believe that BES analysis is covered inherently
through this PRC standard making EOP-004 R1 redundant to the PRC
standard.Another factor is the Version 2 of the EOP-004-2 where the requirement to
analyze the BES disturbance is noticeably absent. The focus on the EOP-004 is for the
reporting of applicable events that are identified in the PRC-004 standard. There is an
event analysis reporting process referenced in the NERC Rules of Procedures (ROPs)
that handles this requirement. Therefore, this is a redundant requirement. In
February of 2012, NERC deployed its Events Analysis Process - incorporating the
learnings from two field trials held over the previous year and a half. It includes all
the necessary steps that affected operators must take to analyze and report on
events that may impair the reliability of the BES. Most Regional Entities have already
updated their reporting procedures to match NERC’s. Furthermore, NERC and the
Regional Entities already have sufficient authority to order analyses and corrective
action plans outside of the Reliability Standards. These are important steps for the
development of Lessons Learned and trending analyses, but do not contribute to
reliable operations. In fact, the demand for near term reporting - some within one
hour of the initiation of the event - interferes with the efforts of front-line personnel
to mitigate the issue at handBAL-001-0.1a (all requirements), BAL-004-0 (all
requirements), BAL-005-0.1b R11; BAL-006-2 (all requirements)Criteria B 6 and
9Statement: BAL-001 requires a 12 month rolling average of ACE and does not impact
reliability and should be eliminated (in favor of BAL-002). Consider augmenting
NAESB standard WEQ-005.BAL-004 requirement for time error correction is not
important for reliability and should be eliminated. It also duplicates NAESB std WEQ006.In BAL-005 R11, Balancing Authorities shall include the effect of ramp rates,
which shall be identical and agreed to between affected Balancing Authorities, in the
Scheduled Interchange values to calculate ACE, is not needed for reliability. Ramp
rates have minimal impact on ACE calculations, and are already included in the

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
definition of Interchange Schedule in the NERC Glossary as used in R9. The
requirement to use agreed upon ramp rates is commercial in nature and is already
covered by NAESB standard WEQ-004-17.BAL-006-2 is an after-the-fact accounting of
inadvertent interchange and does not impact reliability and should be eliminated.
Consider augmenting NAESB standard WEQ-007.CIP-003-3, -4 R2 and its
subrequirementsCriteria B 1 and 9Statement: Whether the entity has a robust up-todate CIP compliance plan may impact reliability, but not whether there is an
employee called a CIP senior manager oversees the plan. CIP-004-3, -4 R2.3 Criteria
B 9Statement: Whether the entity has a robust up-to-date, trained-on CIP
compliance plan may impact reliability, but not whether there is annual training.
CIP-004-3, -4 R3.2Criteria B 1, 9Statement: Whether the entity has a robust up-todate CIP compliance plan may impact reliability, but not whether there is a seven
year update to the PRA. CIP-004-3, -4 R4.1Criteria B 1, 9Statement: Whether the
entity has a robust up-to-date on CIP compliance plan may impact reliability, but not
whether it reviews lists every seven days. CIP-004-3, -4 R4.2Criteria B 1, 9Statement:
Whether the entity has a robust up-to-date on CIP compliance plan may impact
reliability, but not whether it revokes access within 24 hours or 7 days. CIP-005-3a, 4a R2.5 and its subrequirementsCriteria B 1, 9Statement: Whether the entity has a
robust up-to-date CIP compliance plan to protect the ESP may impact reliability, but
not whether specific information is documented. CIP-007-3, -4 R3.1, R3.2Criteria B 1,
9Statement: Whether the entity has a robust up-to-date CIP compliance plan to
protect the PSP may impact reliability, but not whether specific information is
documented within 30 days. Also, whether the entity has a robust up-to-date on CIP
compliance plan to protect the PSP may impact reliability, but not whether specific
information is documented. CIP-008-3 R1.4Criteria B 1, 9Statement: Whether the
entity has a robust up-to-date CIP compliance plan may impact reliability, but not
whether specific information is documented within 30 days or a change. EOP-0011b, -2bCriteria B 7Statement: Duplicative with the other EOP Standards (e.g., Capacity
and Energy emergency of EOP-002, Load Shedding of EOP-003, and System
Restoration of EOP-005).EOP-002-3 R1Criteria B 7Statement: Duplicates other

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
requirements such as IRO-001-1 R8 and should be retired or modified to reduce
redundancy. EOP-002-3 R9 Criteria B 7Statement: When a Transmission Service
Provider expects to elevate the transmission service priority of an Interchange
Transaction from Priority 6 (Network Integration Transmission Service from Nondesignated Resources) to Priority 7 (Network Integration Transmission Service from
designated Network Resources). It duplicates NAESB standard WEQ-008 and should
be eliminated.EOP-005-2 R1.2.A description of how all Agreements or mutually
agreed upon procedures or protocols for off-site power requirements of nuclear
power plants, including priority of restoration, will be fulfilled during System
restoration. Criteria B 1, 3 and 7 Statement: With the implementation of NUC-001-2
R2, there is no longer a need for EOP-005-2 R1.2. Specifically, NUC-001-2 R2 requires
Nuclear Plant Interface Requirements (NPIRs) to be included in the agreements for
operation and maintenance (including restoration process) for off-site nuclear
power:R2. The Nuclear Plant Generator Operator and the applicable Transmission
Entities shall have in effect one or more Agreements1 that include mutually agreed to
NPIRs and document how the Nuclear Plant Generator Operator and the applicable
Transmission Entities shall address and implement these NPIRs.Given the off-site
power requirements of NUC-001-2 which require comprehensive operational
interface protocols (including restoration) between nuclear plants and responsible
entities as part of the NPIRs, there is no longer a need for the administrative,
documentation-only requirement in EOP-005-2 related to the same subject
matter.IRO-002-2 (all requirements)Criteria B 7Statement: Redundant with COM002-2, R1 COM-001-1.1, R1 and IRO-002-2, R2 and R3IRO-005-3a R10Criteria B
9Statement: Confusing requirement. It was intended to address rare cases where
entities were told to operate to different SOLs and IROLs. However, because only the
TOP and the RC can see these parameters, the only thing a GOP can do is follow a
directive.IRO-014-1 R4Criteria B 9Statement: Requirement 4 (including sub-parts)
should be rolled up into R1. and eliminated. Requirement 1 should be modified to
require "current operating procedures, processes or plans with all adjacent RCs.IRO015-1 R2.1Criteria B1 and 9Statement: Whether the procedure, process and plan is

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
robust and up-to-date may impact reliability, not whether there are weekly
calls.MOD-001-1 and MOD-008-1 (all requirements)Criteria 6 and 9Statement: Do
the ATC / TTC standards belong in NERC or NAESB (i.e., MOD-001, MOD-004, MOD008, MOD-028 thru 030, and TOP-002-2 R12)? I think NERC should be focused on
managing SOLs and IROLs, whereas NAESB on TTC, ATC, etc., and I think these
can/should be moved to the NAESB standards.Criteria B 6 and 9Statement: This
could be handled as a data request from an RE or other Registered Entities and,
therefore, would not need a requirement, as there are too many requirements that
warrant an attestation that no request was made.MOD-016-1.1 and MOD-021-1 (all
requirements) Criteria B 9Statement: MOD-016 through MOD-021 are all about long
term load forecasting and reporting of actual loads. Most of this can be eliminated
from the standards and replaced with a data collection process (e.g., DADS). Loads to
be used in modeling should be incorporated in the data requirements of MOD-010
and MOD-012 and not a separate standard.MOD-028-1 (all requirements); MOD-0291a (all requirements); MOD-030-2 (all requirements)Criteria B 6 and 9Statements:
ATC / TTC standards should belong NAESB (i.e., MOD-001, MOD-004, MOD-008,
MOD-028 thru 030, and TOP-002-2 R12)? NERC should focus on managing SOLs and
IROLs, whereas NAESB on TTC, ATC, etc.PRC-022-1 R1, R1.1, R1.2, R1.3, R1.4, and
R1.5Criteria B 7Statement: Whether the responsible entity has robust UVLS
misoperation and correction action is redundant with PRC-004-1a, -2a. TOP-001-1a
R3 and R7 (and its subrequirements)Criteria B 9Statement: For R3, there are three
projects in progress addressing the issuance of directives by the RC, BA and TOP.
Also, for R7, all outages information should be submitted to the TOP and/or BA in
accordance with their data requirements.TOP-002-2b R8 and R 9Criteria B 6, 7 and
9Statement: “Each Balancing Authority shall plan to meet voltage and/or reactive
limits, including the deliverability/capability for any single contingency”, duplicates
VAR-001 and should be eliminated. “Each Balancing Authority shall plan to meet
Interchange Schedules and ramps” duplicates the BAL standards and the NEASB
standards and should be eliminated.TOP-002-2b R12Criteria B 6 and 9Statement:
ATC / TTC standards should belong to NAESB (i.e., MOD-001, MOD-004, MOD-008,

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
MOD-028 thru 030, and TOP-002-2 R12). NERC should focus on managing SOLs and
IROLs, whereas NAESB on TTC, ATC, etc., These can/should be moved to the NAESB
standard.TOP-002-2b R14 and R14.1Criteria B 9Statement: All derating information
should be submitted to the TOP and/or BA in accordance with their data
requirements.TOP-002-2b R15Criteria B 9Statement: Each Balancing Authority and
Transmission Operator shall maintain accurate computer models utilized for
analyzing and planning system operations is a "how" requirement that is needed to
meet other requirements in the standard. It is also not measureable, and the
requirement should be eliminated. All weekly forecasts should be submitted to the
TOP and/or BA in accordance with their data requirements.TOP-003-1 R1 and its
subrequirements; R2 and R3Criteria B 9Statement: All planned outage information
should be submitted to the TOP and/or BA in accordance with their data
requirements.TOP-005-2a R3Criteria B 9Statement: PSEs are not best positioned to
provide reliability information.BAL-005-0.1b R1Criteria B7Statement: Introductory
statement; redundant with subrequirements MOD-010-0 R2Criteria B 1, 4 and
9Statement: MOD-012-0 R2 was included in the Joint Trade Associations list of
suggested requirements for retirement or modification. MOD-010-0 R2 is nearly
identical to MOD-012-0 R2 and should also be considered.PER-001-0.1 R1Criteria
B7Statement: The TOP portion of this requirement is redundant with TOP-001-1a
R1PRC-018-1 R3 (and all sub requirements)Criteria B2 and 4Statement: This
requirement involves data collecting and reporting that does not impact the
reliability of the BES; could be part of a data request if necessary

Georgia Transmission
Corporation

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
TADS/DADS, etc.). Loads to be used in modeling could be incorporated in the data
requirements of MOD-010 and MOD-012 and not a separate standard. Additionally,
MODs-016 through 021 have yet to be classified as Tier 1, 2, or 3; nor have they yet
to be identified on NERC’s Actively Monitored List.PRC-006-1 (R7, R8, and R14)
Criteria: Meets Criteria A and a combination of either or all of B1, B3, B4,
B9Statement: Recommend these requirements to be eliminated from the standards
and replaced with a data collection and or reporting process (e.g., TADS/DADS, etc.).
PRC-023-1 (R3.3) Criteria: Meets Criteria A and a combination of either or all of B1,
B4, B9Statement: Recommend these requirements to be eliminated from the
standards and replaced with a data reporting process.TOP-001-1a (R4) Criteria: Meets
Criteria A and B1Statement: Same requirement as TOP-001-1a (R3) which made the
Phase I list, only difference is applicability.

Occidental Power Services,
Inc.

If the changes listed in Question 2 are not considered in Phase 1, then they should be
considered in subsequent phases of the project.

Illinois Municipal Electric
Agency

IRO-010-1a R3

Idaho Power Company

MOD-017-0.1 R1.1, R1.2 Criterion B2MOD-018-0 R1 Criterion B7 (Should be covered
by MOD-016)MOD-021-1 R1, R2 Criterion B7 (Should be covered by MOD-016)MOD021-1 R3 Criterion B4

CPS Energy

No additional comments.

Salt River Project

No additions at this time.

Occidental Energy Ventures
Corp.

OEVC agrees with the process that the Trades are using to approach this question,
but do not agree with some of their priorities. OEVC has only addressed the
Requirements where OEVC has additional comments to what the Trades have
provided.In addition, OEVC believes the following requirements can also be

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
removed:a) BAL-005, R1.1 - BA metering is financial in nature. Telemetry is already
required for reliability.b) TOP-002, R13 - Generator validations are driven by the
regions already.FAC-001-0 (all requirements)Criteria B 1, 3 and 6Statement: OEVC
agrees with the Trade’s analysis, but will also point out that once connection
requirements are in place, they will rarely change. We believe this would mean a
lower priority is in order. All INT Standards Criteria B 6, 7 and 9 Statement: Again,
OEVC agrees with the Trades on this. It may even be time to suggest that the
functional designation of the PSE go away. They serve a marketing purpose and are
blind to reliability indicators. All data collection requirements not included in the
Initial PhaseCIP-005-3a, -4a R5.3CIP-006c, -4c R7, R8.3CIP-007-3, -4 R5.1.2; R6.4;
R7.3CIP-008-3, -4 R2PRC-018-1 R5Criteria B 1, 2 and 9 Statement: OEVC agrees with
the Trades. Most of these are captured in Phase I. These fit in the same category. All
reporting out requirements not included in the Initial PhaseCIP-001-2a R3 should be
modified to eliminate the word “reporting” (added by OEVC)EOP-002-3 R9.2EOP-0041 R3 and its sub requirements; R4 and R5 FAC-003-1 R3; FAC-003-1 R3.1: FAC-003-1
R3.2: FAC-003-1 R3.3: FAC-003-1 R3.4: FAC-003-1 R3.4.1: FAC-003-1 R3.4.2: FAC-0031 R3.4.3: FAC-003-1 R4FAC-010-2.1 R5FAC-011-2 R5FAC-013-2 R6MOD-010-0 R2
Similar to MOD-012-0 (added by OEVC)MOD-012-0 R2MOD-020-0 R1MOD-021-1
R3PRC-004-1a R3: PRC-004-2a R3: PRC-004-WECC-1 R.3.PRC-007-0 R2; PRC-007-0 R3;
PRC-009-0 R2 PRC-011-0 R2; PRC-015-0 R3; PRC-016-0.1 R3; PRC-017-0 R2; PRC-0211 R2TPL-001-0.1 R3; TPL-002-0b R3; TPL-003-0a R3; TPL-004-0 R2.Criteria B 1, 4 and 9
Statement: In addition to the Trade’s comments, OEVC believes that NERC has an
Events Analysis process, RAPA process, and Section 1600 Data Request process that
they can invoke to get this information.Annual reviewsCIP-002-2, -4 R4CIP-003-3, -4
R1.3; CIP-003-3, -4 R4.3; CIP-003-3, - 4 R5.1.2; CIP-003-3, - 4 R5.3CIP-006-3c, -4
R1.8CIP-007-3, -4 R9CIP-009-3, -4 R1EOP-005-1 R1; EOP-005-2 R3.1EOP-008-0
R1.7EOP-008-1 R5IRO-014-1 R4.3Criteria B 1, 2, 3, 7 and 9 Statement: OEVC agrees
with the Trades and add that Compliance teams spend far too much time trying to
confirm that a RBAM was reviewed and signed off-on. This serves only to add time
and expense - especially when conditions have not changed in the preceding year.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
Other requirements EOP-004-1 R2 Criteria B 7 Statement: OEVC agrees with the
Trades. Again, NERC has an Events Analysis process and RAPA process that they can
invoke to require analyses. FAC-002-1 R1OEVC agrees that this requirement and five
sub-requirements are unnecessary. First of all, the PUC, the BA, and the TOP are
highly involved in the interconnection process. It is not clear what extra value is
provided by overlapping oversight from the RE and/or NERC. Second, other
standards - the TPLs in particular - are directly referenced in the requirement. Those
are enforceable already, there is no need to duplicate them here.FAC-008-1
R1.3.5This requirement is already addressed in Phase I.IRO-001-1.1 R8 OEVC believes
the intent is to consolidate RC directives in IRO-001 with TOP directives in TOP-001.
Since Phase I addresses TOP-001, this seems to have been already accomplished.IRO005-3a R10Criteria B 9Statement: OEVC agrees with the Trades. This is one that we
propose should be a much higher priority. Since the GOP is already told to follow a
directive, this requirement makes no sense. MOD-017-0.1 R1.1 and MOD-018-0 (all
requirements) ; MOD-020-1 R1OEVC believes that this is redundant with IRO-010 and
the new version of TOP-003 when it takes effect.MOD-019-0.1 R1OEVC believes that
this is redundant with IRO-010 and the new version of TOP-003 when it takes effect.
TOP-002-2b R2; R15OEVC believes that TOP-002 R15 will be resolved by the release
of the new TOP standards.TOP-002-2b R14 and R14.1Criteria B 9Statement: OEVC
believes that TOP-002 R14 and R14.1 will be resolved by the release of the new TOP
standards.TOP-003-1 R1 and its sub requirements; R2 and R3Criteria B 9Statement:
OEVC believes that these items will be resolved by the release of the new TOP
standards.TOP-005-2a R3Criteria B 9Statement: OEVC agrees with the Trades on this
one. Again, it may even be time to suggest that the functional designation of the PSE
go away. TOP-006-2 R1.1, R4, R5, R6; TOP-008-1 R2, R4 OEVC believes that that TOP006 R1.1 will be resolved by the release of the new TOP standards.

NERC Staff Technical Review

Please see NERC Staff’s response to question 2 for Phase I requirements that NERC
Staff recommends be reviewed for inclusion in a future phase. NERC Staff may
propose additional requirements for a future phase of the P81 project at a later date.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment

American Electric Power

Please see the response to Question #2 for additional Reliability Standard
requirements that AEP would like to be considered as candidates for retirement on
this initial, or subsequent, request for comment.

seattle city light

Seattle City Light supports the consolidated comments of the industry Trade
Organizations.

Tampa Electric Company

Tampa Electric suggests that the P81 Drafting Team consider the adoption of
concepts from the CIP version 5 criteria for consideration under CIP version 3 and 4.
In particular Tampa Electric proposes that draft language for CIP-007 patching will
reduce administrative burden for compliance with patching process TFEs under
current versions (CIP-007 V3 and V4). The version 5 draft Guidelines and Technical
Basis for CIP-007 V5 states: R2.1 A patch source is not required for Cyber Assets that
have no updateable software or firmware (there is no user accessible way to update
the internal software or firmware executing on the Cyber Asset), or those Cyber
Assets that have no existing source of patches such as vendors that no longer exist.
R2.2 Determination that a security related patch, hotfix, and/or update poses too
great a risk to install on a system or is not applicable due to the system configuration
should not require a TFE.

Manitoba Hydro

The following statement should be removed from the standard as it does not support
reliability of the BES [B8]:FAC-013-2 R5. ‘However, if a functional entity that has a
reliability related need for the results of the annual assessment of the Transfer
Capabilities makes a written request for such an assessment after the completion of
the assessment, the Planning Coordinator shall make the documented Transfer
Capability assessment results available to that entity within 45 calendar days of
receipt of the request’The following statement should be removed from the standard
as it does not support reliability or provide any protection to the BES. [B8]:FAC-013-2
R6. ‘If a recipient of a documented Transfer Capability assessment requests data to
support the assessment results, the Planning Coordinator shall provide such data to

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
that entity within 45 calendar days of receipt of the request. The provision of such
data shall be subject to the legal and regulatory obligations of the Planning
Coordinator’s area regarding the disclosure of confidential and/or sensitive
information’.

The Edison Electric Institute (EEI),
the National Rural Electric
Cooperative Association
(NRECA), the Electric Power
Supply Association (EPSA), the
Transmission Access Policy Study
Group (TAPS), Electricity
Consumers Resource Council
(ELCON), the American Public
Power Association (APPA), the
Large Public Power Council
(LPPC) and, the Canadian
Electricity Association (CEA)
(collectively, the Trade
Associations).

The Trade Associations support the following list of Reliability Standard requirements
to be retired or modified in a subsequent phase of the P81 project. To assist the
Standards Drafting Team decide what should be considered in phase 2, phase 3 etc.,
the Trade Associations have listed the requirements in the order of importance - with
those at the top of the list candidates for phase 2. The Trade Associations
understand, however, that the decision on how best to proceed with phase 2, phase
3 will be weighed by the Standards Drafting Team, and, therefore, have not indicated
any bright line on what should or should not be included in phase 2 versus phase 3,
etc. The Trade Associations further note that the list of requirements listed below
may be supplemented with additional requirements as the phase 2/phase 3
discussions evolve. Additionally, the Trade Associations believe that additional
criteria for elimination may be proposed as part of the phase 2/phase 3 process.FAC001-0 (all requirements)Criteria B 1, 3 and 6Statement: The requirement in FAC-0010 to document and publish facility connection requirements has no impact on
reliability. It is purely a document that those considering to interconnect with a
transmission entity may review as a reference. Once an interconnection request is
actually submitted to a transmission owner, the transmission owner performs the
FAC-002-1 steady-state, short-circuit, and dynamics studies to determine the new
interconnection’s impact on reliability. During the negotiation of an interconnection
agreement the FAC-001-0 reference material is agreed on and reduced to writing for
purposes of constructing, maintaining and operating the interconnection facilities.
Also, FAC-002-1 imposes an obligation on the parties to coordinate and cooperate
during the assessment of the reliability impact of the new interconnection facilities.
Thus, FAC-001-0, at best, is a best practice or helpful initial guide to an entity
considering interconnecting, but provides little, if any, meaningful value to reliability,
especially when compared to the actual benefits to reliability via the FAC-002-1

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
studies, the execution of a negotiated agreement and the coordination of activities
during construction and operation of the new facilities. Accordingly, FAC-001-0
should be retired, and, if necessary, the transfer of any requirements that protect
reliability to FAC-002-1. All INT Standards (With the exception of INT-007-1 R1.2
which is part of and should remain in the Initial Phase.)Criteria B 6, 7 and 9
Statement: Many of the INT Reliability Standard requirements are very close to
duplicative of similar requirements in the BAL Reliability Standards or address
commercial matters. As drafted, the INT Reliability Standards include tasks or
activities that do little, if anything, to promote the protection the Bulk Electric
System. Thus, it is recommended that the Standards Drafting Team retire the INT
Reliability Standards, and, as necessary, transfer any requirement that protect
reliability to the BAL Reliability Standards. ALL DATA COLLECTION REQUIREMENTS
NOT INCLUDED IN THE INITIAL PHASECIP-005-3a, -4a R5.3CIP-006-3c, -4c R7, R8.3CIP007-3, -4 R5.1.2; R6.4CIP-008-3, -4 R2PRC-018-1 R5Criteria B 1, 2 and 9Statement:
These requirements are purely a data retention requirement with no functional
nexus to reliability, and, therefore, are best handled via compliance monitoring,
RSAWs or as a data request during an audit.ALL REPORTING OUT REQUIREMENTS
NOT INCLUDED IN THE INITIAL PHASEEOP-002-3 R9.2EOP-004-1 R3 and its
subrequirements; R4 and R5FAC-003-1 R3; FAC-003-1 R3.1: FAC-003-1 R3.2: FAC-0031 R3.3: FAC-003-1 R3.4: FAC-003-1 R3.4.1: FAC-003-1 R3.4.2: FAC-003-1 R3.4.3: FAC003-1 R4FAC-010-2.1 R5FAC-011-2 R5FAC-013-2 R6MOD-012-0 R2MOD-020-0
R1MOD-021-1 R3PRC-004-1a R3: PRC-004-2a R3: PRC-004-WECC-1 R.3.PRC-007-0 R2;
PRC-007-0 R3; PRC-009-0 R2; PRC-011-0 R2; PRC-015-0 R3; PRC-016-0.1 R3; PRC-0170 R2; PRC-021-1 R2TPL-001-0.1 R3; TPL-002-0b R3; TPL-003-0a R3; TPL-004-0
R2.Criteria B 1, 4 and 9Statement: There is no direct nexus between reporting out of
information to an entity or Regional Entity and protecting reliability. If the Regional
Entity desires to review information for purposes of monitoring reliability or assessing
risk, the information should be collected via vehicles other than the Reliability
Standards.Annual reviewsCIP-002-3, R3; CIP-002 -4 R3CIP-003-3, -4 R1.3; CIP-003-3, 4 R4.3; CIP-003-3, - 4 R5.1.2; CIP-003-3, - 4 R5.3CIP-006-3c, -4 R1.8CIP-007-3, -4

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
R9CIP-009-3, -4 R1EOP-005-1 R1; EOP-005-2 R3.1EOP-008-0 R1.7EOP-008-1 R5IRO014-1 R4.3Criteria B 1, 2, 3, 7 and 9Statement: The annual review and update
requirements are arbitrary, administrative and not aligned with the operation and
protection of the Bulk Electric System. These requirements should be retired or
modified to align with how the Bulk Electric System is operated and protected.
OTHER REQUIREMENTSCIP-007-3, -4 R7 Criteria B 1, 2, 3 and 7Statement: The
essential elements of the process of disposing or redeploying of Cyber Assets and the
associated cyber security are set forth in R7.2 and R7.3. To require “formal methods,
processes and procedures” appears to require formal documentation for the sake of
documentation, rather than allowing the responsible entity to implement a process
that achieves the actions required in R7.2 and R7.3, which may or may not include
formal procedures, for example. EOP-004-1 R2Criteria B 7 Statement: The analysis
of the BES for system disturbances is covered in the PRC-004-2.1a R1. The PRC
Requirement R1 calls for the analysis of its transmission Protection System
Misoperations. We believe that BES analysis is covered inherently through this PRC
standard, making EOP-004 R1 redundant to the PRC standard. Another factor that
was considered is the notable absence of any requirement in EOP-004-2 to analyze
the BES disturbance. The focus of EOP-004 is on the reporting of applicable events
that are identified in the PRC-004 standard. There is an event analysis reporting
process referenced in the NERC Rules of Procedures (ROP) that addresses this
requirement. Therefore, this is a redundant requirement. In February of 2012, NERC
deployed its Events Analysis Process - incorporating the learnings from two field trials
held over the previous year and a half. It includes all the necessary steps that
affected operators must take to analyze and report on events that may impair the
reliability of the BES. Most Regional Entities have already updated their reporting
procedures to match NERC’s. Furthermore, NERC and the Regional Entities already
have sufficient authority to order analyses and corrective action plans outside of the
Reliability Standards. These are important steps for the development of Lessons
Learned and trending analyses, but do not contribute to reliable operations. In fact,
it is arguable that the demand for near term reporting - some within one hour of the

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
initiation of the event - interferes with the efforts of front-line personnel to mitigate
the issue at hand BAL-004-0 (all requirements), BAL-005-0.1b R11; BAL-006-2 (all
requirements)Criteria B 6 and 9Statement: BAL-004 requirement for time error
correction is not important for reliability and should be eliminated. BAL-004 also
duplicates NAESB standard WEQ-006.BAL-005 R11 states that Balancing Authorities
shall include the effect of ramp rates, which shall be identical and agreed to between
affected Balancing Authorities, in the Scheduled Interchange values to calculate ACE.
This requirement is not needed for reliability. Ramp rates have minimal impact on
ACE calculations, and are already included in the definition of Interchange Schedule
in the NERC Glossary as used in R9. The requirement to use agreed upon ramp rates
is commercial in nature and is already covered by NAESB standard WEQ-004-17.BAL006-2 is an after the fact accounting of inadvertent interchange and does not impact
reliability and should be eliminated. Consider augmenting NAESB standard WEQ-007.
CIP-003-3, -4 R2 and its subrequirementsCriteria B 1 and 9Statement: Whether the
entity has a robust up-to-date CIP compliance plan may impact reliability, but not
whether there is an employee called a CIP senior manager that oversees the plan.
CIP-004-3, -4 R2.3 Criteria B 9Statement: Whether the entity has a robust up-to-date,
trained-on CIP compliance plan may impact reliability, but not whether there is
annual training. CIP-004-3, -4 R3.2Criteria B 1, 9Statement: Whether the entity has
a robust up-to-date CIP compliance plan may impact reliability, but not whether
there is a seven year update to the personnel risk assessment(PRA). CIP-004-3, -4
R4.1Criteria B 1, 9Statement: Whether the entity has a robust up-to-date on CIP
compliance plan may impact reliability, but not whether it reviews lists every seven
days. CIP-005-3a, -4a R2.5 and its subrequirementsCriteria B 1, 9Statement:
Whether the entity has a robust up-to-date CIP compliance plan to protect the ESP
may impact reliability, but not whether specific information is documented. CIP-0073, -4 R3.1, R3.2Criteria B 1, 9Statement: Whether the entity has a robust up-to-date
CIP compliance plan to protect the PSP may impact reliability, but not whether
specific information is documented within 30 days. Also, whether the entity has a
robust up-to-date CIP compliance plan to protect the PSP may impact reliability, but

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
not whether specific information is documented. CIP-008-3 R1.4Criteria B 1,
9Statement: Whether the entity has a robust up-to-date CIP compliance plan may
impact reliability, but not whether specific information is documented within 30 days
or a change. EOP-001-1b, -2bCriteria B 7Statement: Duplicative with the other EOP
Standards (e.g., Capacity and Energy emergency of EOP-002, Load Shedding of EOP003, and System Restoration of EOP-005).EOP-002-3 R1Criteria B 7Statement:
Duplicative of other requirements such as IRO-001-1 R8, and should be retired or
modified to reduce redundancy. EOP-002-3 R9 Criteria B 7Statement: When a
Transmission Service Provider expects to elevate the transmission service priority of
an Interchange Transaction from Priority 6 (Network Integration Transmission Service
from Non-designated Resources) to Priority 7 (Network Integration Transmission
Service from designated Network Resources). It is duplicative of NAESB standard
WEQ-008 and should be eliminated.EOP-005-2 R1.2.A description of how all
Agreements or mutually agreed upon procedures or protocols for off-site power
requirements of nuclear power plants, including priority of restoration, will be
fulfilled during System restoration. Criteria B 1, 3 and 7 Statement: With the
implementation of NUC-001-2 R2, there is no longer a need for EOP-005-2 R1.2.
Specifically, NUC-001-2 R2 requires Nuclear Plant Interface Requirements (NPIRs) to
be included in the agreements for operation and maintenance (including restoration
process) for off-site nuclear power:Ref: NUC-001-2 R2. The Nuclear Plant Generator
Operator and the applicable Transmission Entities shall have in effect one or more
Agreements1 that include mutually agreed to NPIRs and document how the Nuclear
Plant Generator Operator and the applicable Transmission Entities shall address and
implement these NPIRs.Given the off-site power requirements of NUC-001-2 which
require comprehensive operational interface protocols (including restoration)
between nuclear plants and responsible entities as part of the NPIRs, there is no
longer a need for the administrative, documentation-only requirement in EOP-005-2
related to the same subject matter.FAC-013-1 (all requirements)Criteria B
6Statement: It is really a commercial planning practice suitable for Order 1000 under
Section 205/206 as opposed to Section 215.IRO-002-2 (all requirements)Criteria B

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
7Statement: Redundant with COM-002-2, R1 COM-001-1.1, R1 and IRO-002-2, R2
and R3IRO-005-3a R10Criteria B 9Statement: Confusing requirement. It was
intended to address rare cases where entities were told to operate to different SOLs
and IROLs. However, since only the TOP and the RC can see these parameters, the
only thing a GOP can do is follow a directive.IRO-014-1 R4Criteria B 9Statement:
Requirement 4 (including sub-parts) should be rolled up into R1 and eliminated.
Requirement 1 should be modified to require "current operating procedures,
processes or plans with all adjacent RCs.IRO-015-1 R2.1Criteria B1 and 9Statement:
Whether the procedure, process and plan is robust and up-to-date may impact
reliability, not whether there are weekly calls. MOD-001-1 and MOD-008-1 (all
requirements)Criteria B 6 and 9Statement: NERC should be focused on modeling the
BES and managing SOLs and IROLs, the methodologies for the determination of CBM,
TTC and ATC are commercial matters associated with the reservation and allocation
of rights to transfer capability among transmission customers. While transfer
capability calculations should be based on models of the BES, the NAESB WEQ should
address the issues raised in MOD-001, MOD-004, MOD-008, MOD-028 thru 030, and
TOP-002-2 R12.Criteria B 6 and 9Statement: This could be handled as a data request
from an RE or other Registered Entities, and therefore would not need a
requirement, as there are too many requirements that warrant an attestation that no
request was made.MOD-016-1.1 and MOD-021-1 (all requirements) Criteria B
9Statement: MOD-016 through MOD-021 are all about long term load forecasting
and reporting of actual loads. Most of this can be eliminated from the standards and
replaced with a data collection process (e.g., DADS). Loads to be used in modeling
should be incorporated in the data requirements of MOD-010 and MOD-012 and not
a separate standard.MOD-019-0.1 R1Criteria B 1, 2, and 9Statement: MOD-019-0.1
covers “Reporting of Interruptible Demands and Direct Control Load Management,”
which requires reporting of a forecast of interruptible demand and direct control load
management data. This reporting is administrative in nature, and the information is
not important for reliability. The data is best gathered through DADS and not
through a standard.MOD-028-1 (all requirements); MOD-029-1a (all requirements);

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
MOD-030-2 (all requirements)Criteria B 6 and 9Statement: Do the ATC / TTC
standards belong in NERC or NAESB (i.e., MOD-001, MOD-004, MOD-008, MOD-028
thru 030, and TOP-002-2 R12)? I think NERC should be focused on managing SOLs and
IROLs, whereas NAESB on TTC, ATC, etc., and I think these can/should be moved to
the NAESB standards. PRC-011-0 R1 Criteria B 4 and 9Statement: Requirements for
maintenance of under-frequency load shedding systems (“UFLS”) and under-voltage
load shedding systems (“UVLS”) are not needed to meet an adequate level of BES
reliability. UFLS and UVLS installations are widely distributed. Distribution circuit
outages, distribution field switching, and varying load profiles, such as peak and offpeak, could impact the amount of load that would be automatically shed by UFLS and
UVLS. Therefore, entities must include adequate margins above their obligation to be
able to meet the obligated load shed at all times as required by Reliability Standards,
such as PRC-006 and PRC-007, that are performance-based, or results-based. While
UFLS and UVLS are, of course, important safety-net systems, PRC-011-0 R 1
maintenance requirement is not needed to provide a “defense-in-depth” approach
due to the margins required to meet performance-based requirements. Thus, Like
PRC-008-0 R1 included in Phase I, Reliability Standard PRC-011-0 R1 which involves
maintenance of UVLS, is not needed. In fact, it is typically the same relays and
associated equipment that provides both the UFLS and the UVLS functions. PRC-0221 R1, R1.1, R1.2, R1.3, R1.4, and R1.5Criteria B 7Statement: Whether the responsible
entity has robust UVLS misoperation and correction action is redundant with PRC004-1a, -2a. TOP-001-1a R7 (and its subrequirements)Criteria B 9Statement: For R3,
there are three projects in progress addressing the issuance of directives by the RC,
BA, and TOP. This includes COM-003-1's requirements for the issuances of "not quite
directives" Also, for R7 All outages information should be submitted to the TOP
and/or BA in accordance with their data requirements.TOP-002-2b R8 and R 9Criteria
B 6, 7 and 9Statement: “Each Balancing Authority shall plan to meet voltage and/or
reactive limits, including the deliverability/capability for any single contingency”, is
duplicative of VAR-001 (and incorrect) and should be eliminated. “Each Balancing
Authority shall plan to meet Interchange Schedules and ramps”, is duplicative of the

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment
BAL standards and the NAESB standards and should be eliminated.TOP-002-2b
R12Criteria B 6 and 9Statement: The ATC / TTC standards may belong in NAESB (i.e.,
MOD-001, MOD-004, MOD-008, MOD-028 thru 030, and TOP-002-2 R12)? NERC
standards should be focused on managing SOLs and IROLs, whereas NAESB on TTC,
ATC, etc.TOP-002-2b R14 and R14.1Criteria B 9Statement: All derating information
should be submitted to the TOP and/or BA in accordance with their data
requirements.TOP-002-2b R15Criteria B 9Statement: Each Balancing Authority and
Transmission Operator shall maintain accurate computer models utilized for
analyzing and planning system operations is a "how" requirement that is needed to
meet other requirements in the standard. It is also not measureable, and the
requirement should be eliminated. All weekly forecasts should be submitted to the
TOP and/or BA in accordance with their data requirements.TOP-003-1 R1 and its
subrequirements; R2 and R3Criteria B 9Statement: All planned outage information
should be submitted to the TOP and/or BA in accordance with their data
requirements.TOP-005-2a R3Criteria B 9Statement: PSEs are not best positioned to
provide reliability information.

SPP Standards Review Group

VAR-002 R3 Status changes on AVRs - Quite often status changes to AVRs may be
made for only a matter of seconds. These changes do not impact the reliability of the
BES but still require a call be made for notification of the change. Perhaps the
requirement could be changed such that only status changes which impact the BES
need to be reported. This hits on Items 4, 5, 8 and 9 in Criterion B.FAC-003-1 R1.3 Specific training is required for personnel involved with vegetation management
programs. This requirement is purely administrative (Criterion B.1) and does not, in
and of itself, benefit the reliability of the BES. (Although this requirement has been
removed in subsequent versions of this standard (FAC-003-2 and FAC-003-3), it
remains in effect today. It needs to be retired.)While we don’t have an extensive list
at this time, we would hope that the drafting team will ask for potential candidates
which fit this category at some point in the future prior to the start of work on the
latter phases of the project.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment

Ameren

We support and agree with Trade Association's comments and their suggested list of
Reliability Standard requirements to be retired or modified in the subsequent phase
of the P81 Project. In addition, we suggest that IRO-005-3, R10 should be modify to
eliminate its applicability to LSE and PSE in addition to GOP. While the IRO-005-3_1a,
R10 is necessary for the reliable operation of the BES, its applicability to LSE and PSE
also is questionable as these entities do not "operate" the BES. We believe that it is
redundant (criteria B7) with other requirements where these entities (GOP, LSE, and
PSE) have to follow the RC and/or TOP directives.

Wolverine Power Supply
Cooperative, Inc.

Wolverine agrees with the list of requirements that the trade associations are
submitting. We are a member of NRECA and agree with their comments.

Consideration of Comments: Project 2013-02 Paragraph 81

If you have any other comments or suggestions on the draft SAR that you have not already provided in response to the previous
questions, please provide them here.

Summary Consideration:
Comment
NERC staff requests that the scope of the SAR include currently-pending versions of related Reliability Standards to address
requirements proposed in Phase I that are also included in a subsequent version of the standard that has been adopted by the NERC
Board of Trustees, but not yet approved by FERC. Manitoba Hydro has a similar concern. NERC staff also requests that technical
justifications only rely on Commission-approved Reliability Standards and how removal of a requirement will “increase in efficiency of
the ERO compliance program” consistent with the language of P81.
Response
The P81 SDT added a footnote to the SAR to address how pending versions of related Reliability Standards (i.e., NERC BOT adopted) are
considered so that eliminated requirements carry through to any new NERC BOT adopted versions. In addition, the P81 SDT is
developing a technical white paper that it believes will provide a sound, technical basis for removal of each NERC Reliability Standard
requirement proposed in Phase I. As appropriate, the technical basis will only reference or rely on Commission-approved Reliability
Standards. The technical white paper being developed by the P81 SDT will generally address the issue of efficiency gains in the ERO
compliance program with a blanket statement, on a requirement basis, or a combination of both.
Comment
Kansas City Power & Light states that the retirement of the requirements should not have a ripple impact in other standards or
requirements.
Response
Although it is unclear to the P81 SDT what is meant by the term “ripple impact,” it is believed to be similar to Criterion C’s defense in
depth concept. In the future, it would be helpful to provide some examples where the removal of a NERC Reliability Standard
requirement may have a ripple impact in other standards. At this time, the P81 SDT believes the consideration of Criterion C
(specifically, the consideration of whether retiring a requirement will have any negative impact on the defense-in-depth protection of
the BES) ensures that other standards and requirements are not negatively impacted.

Consideration of Comments: Project 2013-02 Paragraph 81

Comment
Entergy Services, Inc. states that during future phases industry input should be gathered in a more formal process. PPL Corporation
NERC Registered Affiliates had a similar suggestion to increase stakeholder involvement.
Response
The P81 SDT is using the approved Standard Process Manual (SPM) for Phase I, and, at this point, plans to use the SPM in effect at the
time for future phases of this project as well. The SDT acknowledges that stakeholder input may need to be gathered in a manner
differently in subsequent phases than that used for Phase I, as subsequent phases may be more involved than simply removing
requirements in their entirety and will likely require combining and/or re-wording of existing requirements.
Comment
Dominion observed some highlighting and number issues in the draft documents and appears to suggest we add IRO-001-1a R8.
Response
Requirement 8 of NERC Reliability Standard IRO-001-1a, while redundant to TOP-001-1a R3 with regard to Reliability Coordinators, will
need to remain to ensure that a NERC Reliability Standard exists that addresses the need for entities to comply with a Reliability
Coordinator’s Reliability Directives.
Typographical errors will be addressed by the SDT.
The spreadsheet with proposed retirements on the NERC website will be manually sorted to ensure appropriate ordering of
requirements on future revisions.
Comment
South Carolina Electric and Gas states that instead of retiring R2 of EOP-009-0 could the whole standard can be replaced by the new
EOP-005?
Response
Yes, it is the SDT’s understanding that NERC Reliability Standard EOP-009-0 will be retired when Standard EOP-005-2 becomes
enforceable (July 1, 2013).
Comment
Idaho Power Company, among other things, suggests the combing of MOD standards 016 through 021.
Response
Consideration of Comments: Project 2013-02 Paragraph 81

The suggested combining of NERC Reliability Standards MOD-016 through MOD-021 has been referred to the Question 3 sub-team for
consideration for Phase II.
Comment
ACES Power Marketing Standards Collaborators and Electric Reliability Council of Texas, Inc. state that NERC needs to develop guidance
that includes these criteria for drafting teams to avoid developing requirements that offer little reliability value in the future.
Response
The P81 SDT agrees that NERC-developed guidance is needed for standard drafting teams to ensure that new requirements consider the
criteria established by the P81 SDT. The P81 SDT will address this issue with the NERC Standards Committee.
Comment
Georgia System Operations Corporation and Georgia Transmission Corporation suggest the consideration of requirements for
retirement that supports NERC programs other than the mandatory Reliability Standards.
Response
The SDT appreciates the comments. The SDT believes that the criteria, as drafted, should capture those requirements that Georgia
System Operations Corporation and Georgia Transmission Corporation are concerned about.

Organization

Yes or No

NERC Staff Technical Review

Question 4 Comment
(1) NERC Staff notes that the scope of the SAR should be expanded to include
currently-pending versions of related Reliability Standards to address requirements
proposed in Phase I that are also included in a subsequent version of the standard
that has been adopted by the NERC Board of Trustees, but not yet approved by FERC.
NERC Staff suggests that footnotes could be included to capture these situations.(2)
NERC Staff submits that the technical justification for removal of particular
requirements should not be a restatement of the Criteria (see e.g., INT-007-1 R1.2).
Nor should the technical justifications reference and/or rely upon for support any
Reliability Standards unless those Reliability Standards are Commission-approved. (3)
NERC Staff suggests that the technical justifications for the satisfaction of the Criteria

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 4 Comment
should include an explanation of how removal of the requirement will result in an
“increase in efficiency of the ERO compliance program” consistent with the language
of P81.

Duke Energy

Duke Energy generally supports the comments submitted by The Edison Electric
Institute (EEI) and the process being used to respond to the Commission’s invitation
in the FFT Order.

Kansas City Power & Light

Entergy Services, Inc.

For future phases, indutry input should be gathered in a more formal process to allow
for suggestions for re-wording or suggesting additional requirements for removal.

Tucson Electric Power

Illinois Municipal Electric
Agency

Illinois Municipal Electric Agency fully supports this initiative by the collaboration
group which suppports NERC's application of a risk-based focus to it's programs, and
which is consistent with SPIG Recommendation 4.

Dominion

In the Complete Set of Standards with Proposed Retirements for Phase 1 pdf; Need to
add IRO-001-1a R8 and MOD-004-1 R8 needs to be completely highlighted. In the
Spreadsheet with Proposed Retirements; Suggest the MOD-004-1 Requirements be
put in numeric order. Need to add IRO-001-1a R8; it is not listed on the spreadsheet.

South Carolina Electric and
Gas

Instead of retiring R2 of EOP-009-0 could the whole standard can be replaced by the
new EOP-005?

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 4 Comment

Manitoba Hydro

It is not clear what will happen in instances where this project proposes to remove a
requirement from a FERC approved Reliability Standard when the NERC BOT has
already approved a newer version of that same standard. Will the newer BOT
approved version also be modified if it includes one of the requirements in question?
What if industry has already resolved one of these issues in the next version of a
standard? Shouldn’t we just implement the newer version?

MidAmerican Energy
Company

MidAmerican Energy Company supports the draft SAR as a positive step to allow
Responsible Entities, Regional Entities, NERC and FERC to focus their combined
efforts on protecting the Bulk Electric System.

Idaho Power Company

MOD standards 016 through 021 should be combined into a single standard,
removing duplication and retiring requirements which are "reporting-only" and/or
have little discernable reliability benefit.We agree with the stated Purpose or Goal of
the proposed standard of setting forth specific Reliability Standard requirement
evaluation criteria and establishing a multi-phased process for addressing these
Reliability Standard requirements. We agree with and support this Reliability
Standard requirement evaluation and proposed multi-phased process based on the
following:We believe there is value in differentiation of violations based on risk. We
believe that not all violations pose the same risk to reliability, so they should not all
be treated the same. Focusing on the greatest risks to reliability will allow for more
efficient use of resources while improving the reliability of the BES through an
application of structured risk management.

ACES Power Marketing
Standards Collaborators

NERC needs to develop guidance that includes these criteria for drafting teams to
avoid developing requirements that offer little reliability value in the future. There
are many standards currently being developed that include similar kinds of
requirements that will make a future exercise like this necessary. NERC should
expend every effort to avoid such a future situation. Some examples can be found in
Project 2007-09 Generator Verification. Proposed MOD-027-1 R3 through R5 largely

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 4 Comment
memorializes the administrative interactions that must occur between the GO and TP
to develop a good active power/frequency control model. PRC-004-3 Part 4.2 in
Project 2010-05.1 Misoperations is another example. It requires maintenance of data
regarding Corrective Action Plans. These are administrative requirements and are
unnecessary.

CPS Energy

No additional comments.

Independent Electricity
System Operator

No comments.

Occidental Energy Ventures
Corp.

OEVC Agrees with the Trade Associations on this response.

Pepco Holdings Inc & Affiliates

Pepco Holdings Inc supports this project. Additionallyl Pepco Holdings Inc supports
the comments provided by EEI.

Georgia System Operations
Corporation

Reliability Standard requirements are those that provide for Reliable Operation,
including without limiting the foregoing, requirements for the operation of existing
Facilities, including cyber security protection, and including the design of planned
additions or modifications to such Facilities to the extent necessary for Reliable
Operation. NERC administers other programs, such as industry alerts, reliability
assessments, event and trend analyses, education, and monitoring and enforcing
Reliability Standards. These other programs are designed to work in concert with
Reliability Standards to support reliable operation. NERC requirements relating to
administering these other programs are very important but are not Reliability
Standard requirements.One of the criteria for evaluating the elimination of a
Reliability Standard requirement is that it is purely reporting. There are a number of
NERC requirements for these other NERC programs embedded in Reliability
Standards. Most of them are purely reporting. However, to the extent that there may
be other requirements for these NERC programs embedded that are not purely

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 4 Comment
reporting, they should also be considered for elimination. Reliability Standards by
definition are not mechanisms for the administration of those other NERC programs.

Georgia Transmission
Corporation

seattle city light

Seattle City Light supports the consolidated comments of the industry Trade
Organizations.

Tampa Electric Company

Tampa Electric recommends that the P81 DT ensure that the CIP requirements
proposed for removal via P81 are also removed from v5 of the NERC CIP standards.
Tampa Electric also supports the consideration of the following for NERC CIP
standards: Removal of data collection requirements: CIP-005-3a, -4a R5.3CIP-006c, 4c R7, R8.3CIP-007-3, -4 R5.1.2; R6.4; R7.3CIP-008-3, -4 R2Removal of annual review
requirements: CIP-002-2, -4 R4CIP-003-3, -4 R1.3; CIP-003-3, -4 R4.3; CIP-003-3, - 4

Consideration of Comments: Project 2013-02 Paragraph 81

100

Organization

Yes or No

Question 4 Comment
R5.1.2; CIP-003-3, - 4 R5.3CIP-006-3c, -4 R1.8CIP-007-3, -4 R9CIP-009-3, -4 R1

Transmission Agency of
Northern California

SERC EC Planning Standards
Subcommittee

The comments expressed herein represent a consensus of the views of the abovenamed members of the SERC EC Planning Standards Subcommittee only and should
not be construed as the position of SERC Reliability Corporation, its board, or its
officers.

SPP Standards Review Group

The following are typos we found in the SAR:Either delete the ‘an’ or make
‘processes’ singular in Technical Criteria B.2.(b).Either delete the ‘that’ in the 5th line
or the ‘to’ in the 6th line of the Statement paragraph under CIP-001-2a R4. This is the
3rd sentence in the paragraph.Insert an ‘a’ between ‘require’ and ‘new’ in the last
sentence of the Statement paragraph under CIP-003-3, -4 R4.2.

City of Austin dba Austin
Energy

The P81 project should be considered a high priority Standards development project
for the following reasons:(1) Responsive to P81 of FERC’s March 15, 2012 order and
SPIG Recommendation No. 4(2) Will increase efficiency of the ERO compliance
programs(3) Requirements submitted for the initial phase appear to be clear
candidates on their face and should not require extensive technical research(4) The
collaborative nature of the project is an example for future work, because it advances
the project while reducing the impact on stakeholders and NERC staff(5) The
proposed pace of the project sets an example for future work (6) Furthers the focus
on results, performance based Reliability Standards (7) May provide a roadmap of
what should or should not be a requirement in future Reliability Standards(8) The
draft P81 SAR criteria is designed to be sufficiently broad to capture all FERC
approved reliability Standards that are unnecessary, redundant or do little to protect
reliability (9) To eliminate Reliability Standards requirements that deter from our

Consideration of Comments: Project 2013-02 Paragraph 81

101

Organization

Yes or No

Question 4 Comment
focus on reliability Based on these benefits, we support the Standards Drafting Team
and NERC staff working together to file the initial list of Reliability Standards for
retirement with the Federal Energy Regulatory Commission prior to the end of the
year and that the Standards Drafting Team also make significant progress on the
scope of the phase two P81 Reliability Standards list by the end of the year.

PPL Corporation NERC
Registered Affiliates

The Edison Electric Institute (EEI),
the National Rural Electric
Cooperative Association
(NRECA), the Electric Power
Supply Association (EPSA), the
Transmission Access Policy Study
Group (TAPS), Electricity
Consumers Resource Council
(ELCON), the American Public
Power Association (APPA), the
Large Public Power Council
(LPPC) and, the Canadian
Electricity Association (CEA)
(collectively, the Trade

The PPL Companies generally support the concept and process being recommended,
but are concerned that the stakeholder involvement in the process may be lacking.
During the webinar on August 21, 2012 the drafting team members stated that the
Standards Development Process will be utilized for all Phases of the project.
However, the SAR does not indicate that the SDP is mandated. The Companies
recommend that the entire SAR specifically state the the Standards Development
Process will be used where the SDT must respond to comments and a stakeholder
vote for approval. Additionally, the process should allow for individual (or groups) of
stakeholders to request a standard’s removal or modification that is not designated
by the SDT for removal.
The Trade Associations believe that the P81 project should be considered a high
priority Standards development project for the following reasons: o Responsive to
P81 of FERC’s March 15, 2012 order and SPIG Recommendation No. 4 o Will increase
efficiency of the ERO compliance programs o Requirements submitted for the initial
phase appear to be clear candidates on their face and should not require extensive
technical research o The collaborative nature of the project is an example for future
work, because it advances the project while reducing the impact on stakeholders and
NERC staff o The proposed pace of the project sets an example for future work o
Furthers the focus on results, performance based Reliability Standards o May
provide a roadmap of what should or should not be a requirement in future
Reliability Standards o The draft P81 SAR criteria are designed to be sufficiently
broad to capture all FERC approved reliability Standards that are unnecessary,
redundant or do little to protect reliability o Eliminating Reliability Standards
requirements that are unnecessary, redundant or do little to protect reliability will

Consideration of Comments: Project 2013-02 Paragraph 81

102

Organization

Yes or No

Associations).

Question 4 Comment
eliminate distractions from our focus on reliability Based on these benefits, the
Trade Associations strongly support the Standards Drafting Team and NERC staff
working together to file the initial list of Reliability Standards for retirement with the
Federal Energy Regulatory Commission prior to the end of the year, and that the
Standards Drafting Team also make significant progress on the scope of the phase
two P81 Reliability Standards list by the end of the year.

City of Garland

This is a good start on removing requirements that are either redundant or provide
little / no protection for Bulk-Power System reliability.

Electric Reliability Council of
Texas, Inc.

This SAR offers significant potential value by retiring requirements that provide no
BES reliability value, but nonetheless require commitment of time and resources for
both regulated entities and regulators to effect and oversee compliance, respectively,
and also pose liability risk for no reason, given that they provide no reliability value.
However, the substance of the requirements (e.g. administrative processes, etc.) may
have non-essential value unrelated to system reliability. To the extent the
SDT/industry/NERC believe there may be some non-mandatory use for this
information outside of the reliability standards, the information could be considered
for guidance in another format, such as guidelines, best practice documentation or
lessons learned. If such an effort is deemed worthwhile, it should be established in a
separate process/effort, and should not distract from moving this and future phases
of this SAR forward in the most efficient and effective manner to achieve the
significant benefits that may result from this SAR. In addition, the standards process
going forward should include consideration of whether a proposed standard
addresses a reliability requirement, is cost effective and meets the reliability-based
standards criteria of “what” needs to be met and not “how” an entity will meet the
standard which is better address through guidelines, best practices and/or lessons
learned.

Central Husdon Gas & Electric

We agree with the criteria as listed, however, we believe that another criterion must
be added. This criterion is that the retirement of a requirement must not create a

Consideration of Comments: Project 2013-02 Paragraph 81

103

Organization

Yes or No

Question 4 Comment

Corporation

compliance gap for Entities. Several of the NERC requirements have been crafted to
afford Entities a means to display compliance. Retirement of these requirements can
place an Entity's compliance efforts in jeopardy. A salient example of this is identified
below:Central Hudson Gas & Electric Corporation strongly disagrees with the
inclusion of CIP-003-3, -4 Requirements R3, R3.1, R3.2, R3.3 as candidates for
retirement. The reasons stated in the SAR in favor of inclusion are that these
requirements are administrative in nature and are purely examples of a
documentation process. Further it is stated in the SAR that they, “.... have been
subject to misinterpretation, including responsible entities believing they can exempt
themselves from compliance with the CIP requirements.” This last statement is
precisely the reason why the aforementioned requirements were included in the
standard. These requirements allow Registered Entities to, on rare occasions, take an
exception to one or several of the CIP requirements (for a limited period of time) if
they (1) have valid cause (major emergency, Force Majeure, etc.), (2) document the
occurrence and (3) are reviewed and approved by the CIP Senior Manager. This
process supports the Registered Entity’s compliance effort and acknowledges the
need for special protocols to address emergency circumstances. Without such a
process, the only recourse for the Registered Entity is to self-report a violation which
is not within its control. In other words, retirement of these requirements would
force the Registered Entity to be in full compliance with ALL CIP Standards ALL the
time regardless of circumstance. The concept of 'realistic expectation' was
undoubtedly the reason these requirements were crafted and included in the
standard. Further, with regard to the Registered Entity’s decision to claim an
exception, a system of checks and balances already exists. At the time of a
compliance audit of the standard’s requirements, the Regional Entity reviews and
makes a determination as to whether the actions taken by the Registered Entity were
warranted.

NV Energy

We commend NERC and the Drafting Team on their efforts thus far in this important
initiative. This process will serve to better focus the industry’s limited resources on

Consideration of Comments: Project 2013-02 Paragraph 81

104

Organization

Yes or No

Question 4 Comment
activities that are necessary for reliability.

SRC

We support the P81 team’s efforts and appreciate the effort to pull together this
initial list of criteria and requirements. The SRC is looking forward to seeing a
concrete timeline for the project.

Western Electricity
Coordinating Council

WECC recognizes and appreciates the large amount of work done in a short time on
this project and appreciates the opportunity to proved our comments.

American Electric Power

While AEP supports the efforts of this drafting team, it might have been
advantageous to first agree on the criteria as a first phase, and then once
determined, enter a second phase where requirements were proposed based upon
the agreed-upon criteria. This might enable the fast-tracking of the criteria to be used
by other concurrent projects and project teams.

END OF REPORT

Consideration of Comments: Project 2013-02 Paragraph 81

105

Consideration of Comments
Project 2013-02 Paragraph 81

The Paragraph 81 Drafting Team thanks all commenters who submitted comments on the redlined
versions of 22 standards showing 38 requirements proposed to be retired. The standards were posted
for a 45-day public comment period from October 25, 2012 through December 10, 2012. Stakeholders
were asked to provide feedback on the standards through a special electronic comment form. There
were 32 sets of comments, including comments from approximately 113 different people from
approximately 64 companies representing 8 of the 10 Industry Segments as shown in the table on the
following pages.
All comments submitted may be reviewed in their original format on the standard’s project page.
If you feel that your comment has been overlooked, please let us know immediately. Our goal is to give
every comment serious consideration in this process! If you feel there has been an error or omission,
you can contact the Vice President and Director of Standards, Mark Lauby, at 404-446-2560 or at
[email protected]. In addition, there is a NERC Reliability Standards Appeals Process.1

The appeals process is in the Standard Processes Manual: http://www.nerc.com/files/Appendix_3A_StandardsProcessesManual_20120131.pdf

Index to Questions, Comments, and Responses
1.

If retired, do any Reliability Standard requirements proposed for retirement create a gap in
reliability? If yes, please explain in the comment area. .....................................................................9

Do you have any comments on the technical white paper?............................................................20

Consideration of Comments: Project 2013-02

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

Group
Additional Member

Guy Zito

Northeast Power Coordinating Council

Additional Organization

Region Segment Selection

Alan Adamson

New York State Reliability Council, LLC

NPCC 10

Ben Wu

Orange and Rockland Utilities, Inc.

NPCC 1

Greg Campoli

New York Independent System Operator

NPCC 2

Sylvain Clermont

Hydro-Quebec TransEnergie

NPCC 1

Donald Weaver

New Brunswick System Operator

NPCC 2

Gerry Dunbar

Northeast Power Coordinating Council

NPCC 10

Mike Garton

Dominion Resources Services, Inc.

NPCC 5

Kathleen Goodman

ISO - New England

NPCC 2

Wayne Sipperly

New York Power Authority

NPCC 5

Hydro One Networks Inc.

NPCC 1

10. David Kiguel

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

11. Christina Koncz

PSEG Power LLC

NPCC 5

12. Randy MacDonald

New Brunswick Power Transmission

NPCC 9

13. Bruce Metruck

New York Power Authority

NPCC 6

14. Silvia Parada Mitchell NextEra Energy, LLC

NPCC 5

15. Lee Pedowicz

Northeast Power Coordinating Council

NPCC 10

16. Robert Pellegrini

The United Illuminating Company

NPCC 1

17. Si-Truc Phan

Hydro-Quebec TransEnergie

NPCC 1

18. David Ramkalawan

Ontario Power Generation, Inc.

NPCC 5

19. Brian Robinson

Utility Services

NPCC 8

20. Chris de Graffenried Consolidated Edison Co. of New York, Inc. NPCC 1
21. Peter Yost

Consolidated Edison Co. of New York, Inc. NPCC 3

Jesus Sammy Alcaraz

Group

Imperial Irrigation District (IID)

Additional Member Additional Organization Region Segment Selection
1. Jose Landeros

IID

WECC 1, 3, 4, 5, 6

2. Al Juarez

IID

WECC 1, 3, 4, 5, 6

3. Marcela Caballero

IID

WECC 1, 3, 4, 5, 6

4. Cathy Bretz

IID

WECC 1, 3, 4, 5, 6

Group

Greg Rowland

Duke Energy

Additional Member Additional Organization Region Segment Selection
1. Doug Hils

Duke Energy

RFC

2. Lee Schuster

Duke Energy

FRCC

3. Dale Goodwine

Duke Energy

SERC

4. Greg Cecil

Duke Energy

RFC

Group

Jamison Dye

Bonneville Power Administration

Additional Member Additional Organization Region Segment Selection
1.

Bart McManus

Technical Operations

WECC 1

Ayodele Idowu

Technical Operations

WECC 1

Daniel Goodrich

Technical Operations

WECC 1

Tim Loepker

Dispatch

WECC 1

Consideration of Comments: Project 2013-02

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

Forrest Krigbaum

System Operations

WECC 1

Huy Ngo

Design & Maint

WECC 1

John Wylder

Stds Montr & Admin

WECC 1

Thomas Gist

Stds Montr & Admin

WECC 1

Jenny Wilson

Transmission Planning

WECC 1

10. Larry Furumasu

Transmission Planning

WECC 1

11. Kyle Kohne

Transmission Planning

WECC 1

12. Richard Becker

Substation Engineering

WECC 1

13. Kieran Connolly

Generation Scheduling

WECC 5

14. Erika Doot

Generation Support

WECC 3, 5, 6

15. Deanna Phillips

FERC Compliance

WECC 1, 3, 5, 6

Randall Heise

Group

Dominion Resource Services

Additional Member Additional Organization Region Segment Selection
1. Michael

Garton

MRO

5, 6

2. Connie

Lowe

RFC

3. Louis

Slade

RFC

4. Randall

Heise

NPCC 5, 6

5. Michael

Crowley

SERC

Group

Sasa Maljukan

5, 1, 3

Hydro One Networks Inc.

Additional Member Additional Organization Region Segment Selection
1. David kiguel

Hydro One Networks Inc. NPCC 1

Group

Jim Kelley

Additional Member

Additional Organization

SERC EC Planning Standards Subcommittee

Region Segment Selection

1. John Sullivan

Ameren Services Company

SERC

2. Charles Long

Entergy Services, Inc.

SERC

3. Edin Habibovich

Entergy Services, Inc.

SERC

4. James Manning

NC Electric Membership Cooperation SERC

5. Philip Kleckley

SC Electric & Gas Company

SERC

6. Bob Jones

Southern Company Services

SERC

Consideration of Comments: Project 2013-02

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

7. Pat Huntley

SERC Reliability Corp.

Group

SERC

Robert Rhodes

Additional Member
Clem Cassmeyer

Western Farmers Electric Cooperative SPP

1, 3, 5

Eric Ervin

Westar Energy

SPP

1, 3, 5, 6

Jonathan Hayes

Southwest Power Pool

SPP

Bo Jones

Westar Energy

SPP

1, 3, 5, 6

Tiffany Lake

Westar Energy

SPP

1, 3, 5, 6

Stephen McGie

City of Coffeyville

SPP

Tracey Stewart

Southwestern Power Administration

SPP

1, 5

Jamie Strickland

Oklahoma Gas & Electric

SPP

1, 3, 5

Angela Summer

Southwestern Power Administration

SPP

1, 5

Group

Jason Marshall

Additional Member

Additional Organization
Hoosier Energy

RFC

Arizona Electric Power Cooperative

WECC 4, 5

3. John Shaver

Southwest Transmission Cooperative WECC 1

4. Amber Anderson

East Kentuck Power Cooperative

5. Megan Wagner

Sunflower Electric Power Corporation SPP

6. Shari Heino

Brazos Electric Power Cooperative

ERCOT 1, 5

7. Paul Jackson

Buckeye Power

RFC

3, 4

8. Kevin Lyons

Central Iowa Power Cooperative

MRO

Albert DiCaprio

Region Segment Selection

2. John Shaver

Group

ACES Standards Collaborators

1. Bob Solomon

10.

Region Segment Selection

SPP Standards Review Group

Additional Organization

SERC

1, 3, 5
1

ISO/RTO Standards Review Committee

Additional Member Additional Organization Region Segment Selection
1. Stephanie Monzon

PJM

RFC

2. Bill Phillips

MISO

RFC

3. Matt Goldberg

ISONE

NPCC

4. Charles Yeung

SPP

5. Steve Myers

ERCOT

ERCOT 2

Consideration of Comments: Project 2013-02

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

6. Greg Campoli

NYISO

NPCC

7. Ben Li

IESO

NPCC

11.

Individual

Jana Van Ness, Director
of Regulatory
Compliance

12.

Individual

Emily Pennel

Southwest Power Pool Regional Entity

13.

Individual

Antonio Grayson

Southern Company

14.

Individual

Thomas C. Duffy

Central Hudson Gas & Electric Corporation

15.

Individual

David Ramkalawan

Ontario Power Generation

16.

Individual

John Bee

Exelon

17.

Individual

Andrew Gallo

City of Austin dba Austin Energy

18.

Individual

Andrew Z. Pusztai

American Transmission Company

19.

Individual

Nazra Gladu

Manitoba Hydro

20.

Individual

David Jendras

Ameren

21.

Individual

Patrick Brown

Essential Power, LLC

Individual
23. Individual

David Thorne
Thad Ness

Pepco Holdings Inc.
American Electric Power

24.

Individual

Michelle D'Antuono

25.

Individual

Patricia Metro

Occidental Energy Ventures Corp.
National Rural Electric Cooperative
Association (NRECA)

26.

Individual

Kathleen Goodman

ISO New England Inc.

27.

Individual

Michael Falvo

Independent Electricity System Operator

28.

Individual

Orlando Ciniglio

Idaho Power Company

29.

Individual

Brett Holland

Kansas City Power & Light

30.

Individual

Jason Snodgrass

Georgia Transmission Corporation

31.

Individual

Daniela Hammons

CenterPoint Energy

32.

Individual

Oliver Burke

Entergy Services, Inc. (Transmission)

22.

Arizona Public Service Company

Consideration of Comments: Project 2013-02

X
X

If you support the comments submitted by another entity and would like to indicate you agree with their comments, please select
"agree" below and enter the entity's name in the comment section (please provide the name of the organization, trade association,
group, or committee, rather than the name of the individual submitter).
Summary Consideration: Thank you to Exelon and ISO New England, Inc. for supporting the comments of EEI and SRC, respectively. The
Standard Drafting Team (SDT) will address the specific comments of SRC below, and notes that EEI did not submit specific
comments.

Organization

Supporting Comments of “Entity Name”

Exelon

Exelon agrees with EEIs position and comments submitted related to this project.

ISO New England Inc.

ISO RTO Council Standards Review Committee (SRC)

Consideration of Comments: Project 2013-02

If retired, do any Reliability Standard requirements proposed for retirement create a gap in reliability? If yes, please explain in
the comment area.

Summary Consideration: In summary, no entity showed that a gap in reliability would result from the retirement of the proposed
Reliability Standard requirements. Also, in general, the comments were very supportive of the retirement of the
proposed Reliability Standard requirements, and the few questions or concerns raised are addressed in the individual
responses. Based on comments and the recent approval of EOP-004-2 by the NERC Board of Trustees, CIP-001-2a R4
and EOP-004-1 R1 will be moved to Section V of the technical paper entitled: “The Initial Phase Reliability Standards
Provided for Informational Purposes.”
Organization

Yes or No

ACES Standards Collaborators

Question 1 Comment
(1) We do not see any reliability gaps created by the proposed retirements. Many
of the requirements that have been moved to the second phase of the project
could actually be retired in this phase without creating reliability gaps. We
believe the approach to move several requirements to the second phase is overly
conservative. However, we understand that drafting team must balance the
retirement of requirements in this phase with satisfying concerns of stakeholders
that no reliability gaps are created. (2) We are not opposed to the plan to review
the linkages between BAL and INT standards in the next phase. However, we
continue to believe that reloading of curtailed transactions is a commercial issue
not a reliability issue. Thus, INT-004-2 easily meets criteria A and B and should be
retired in phase one.

Response: ACES Standards Collaborators indicates that it did not see any reliability gaps resulting from the proposed Phase 1
retirement of requirements. The SDT acknowledges ACES Standards Collaborators’ concern that deferring requirements to Phase
2 may be viewed as overly conservative, and the SDT notes that the requirements proposed in Phase 1 were influenced by the
collaborative and expedited nature of Phase 1. The SDT also notes that it took just 5 months from the issuance of the Standards
Authorization Request (“SAR”) to a vote receiving over 90% approval for the Phase 1 requirements. In addition, on December 13,
2013, the Standards Committee passed a Reliability Standards Development Plan that requires the application of Paragraph 81
Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 1 Comment

(“P81”) concepts to all new projects. One of the Reliability Standards Development Plan’s projects is the review of the INT
standards, including INT-004-2, which is scheduled to begin in the first quarter of 2013. Thus, the SDT believes that ACES
Standards Collaborators’ request for consideration of INT-004-2 will be timely and appropriately considered in the review of the
INT standards, and, therefore, it is not necessary to include it in Phase 1 of P81.
American Electric Power

AEP is not aware of any reliability gaps that would occur as a result of retiring the
proposed Reliability Standards requirements.

Response: The SDT acknowledges AEP’s comment that it is not aware of any reliability gaps resulting from the proposed Phase 1
retirement of requirements.
CenterPoint Energy

CenterPoint Energy believes that the Reliability Standard requirements proposed
for retirement in the initial phase (“Phase 1”) of NERC Project 2013-02 ‘Paragraph
81’ would not create a gap in reliability if they were retired. An increase in
efficiency of the ERO compliance program should result with the removal of these
Phase 1 requirements and the removal of additional Reliability Standard
requirements in subsequent phases of this project.

Response: The SDT acknowledges CenterPoint Energy’s comment that it believes that the proposed Phase 1 retirement of
requirements should not create a gap in reliability and should also increase the efficiency of the ERO’s compliance program.
Occidental Energy Ventures Corp.

Occidental Energy Ventures Corp (“OEVC”). believes that the retirement of the
Phase I requirements will pose little, if any, risk to the BES. However, in our view,
this is a good start to a much more extensive restructuring of the regulatory
model. Of course, the industry will need to gauge FERC’s response to the initial
grouping of requirements, but we should be prepared to aggressively push down
this path.

Response: The SDT acknowledges Occidental Energy Ventures Corp’s comment that it believes the proposed Phase 1 retirement
of requirements will pose little, if any, risk to the Bulk Electric System, and its support for a more extensive restructuring of the
regulatory model.

Consideration of Comments: Project 2013-02

Organization

Yes or No

City of Austin dba Austin Energy

Question 1 Comment
Please note: CIP-001-2a EA4 should be retired at the same time as CIP-001-2a R4
for the same reasons. We agree with the SDT regarding requirements applicable
to the GO/GOP.

Response: During the balloting of the P81 Phase 1 requirements, EOP-004-2 was approved by stakeholders and the NERC Board of
Trustees and was filed with its implementation plan on December 31, 2012 with regulatory agencies for approval. As part of the
EOP-004-2 implementation plan, all of CIP-001-2a will be retired six months after regulatory approval. In the technical paper at
Page 18, it was noted that: “… if EOP-004-2 does receive stakeholder approval and is adopted by the NERC Board of Trustees, the
SDT will reconsider retirement via the P81 project and may include CIP-001-2a R4 for informational purposes only.” Given that a
regulatory filing has been filed to retire all of CIP-001-2a, the SDT has revised the technical paper to include CIP-001-2a R4 for
informational purposes only.

Manitoba Hydro

Standard revision numbers and Requirement sequence changes should be made
at a later date, as future revisions are required to each Standard that contains any
retired Requirements. This will relieve the undesirable administrative burden,
while reflecting accurate revision numbers and Requirement sequences, as
changes are required to the Standards.

Response: The SDT agrees with Manitoba Hydro’s comment that revisions to standard and requirement numbers should not be
made at this time, given undesirable administrative burdens. The SDT has consulted with NERC staff on this issue, and no revision
numbers will be implemented at this time.
SERC EC Planning Standards
Subcommittee

The comments expressed herein represent a consensus of the views of the abovenamed members of the SERC EC Planning Standards Subcommittee only and
should not be construed as the position of SERC Reliability Corporation, its board,
or its officers”

Response: The SDT acknowledges that SERC EC Planning Standards subcommittee’s comments are not the position of SERC
Reliability Corporation.

Consideration of Comments: Project 2013-02

Organization

Yes or No

Ontario Power Generation

Question 1 Comment
The technical white paper has provided reasonable and well thought-out
justifications for the retirement proposal to those reliability standard
requirements.

Response: The SDT thanks Ontario Power Generation for its comment and agrees that the technical paper: “… has provided
reasonable and well thought-out justifications for the retirement proposal to those reliability standard requirements.”
Southwest Power Pool Regional
Entity

While CIP-007-3/4, Requirement R7.3 by itself has no immediate impact on the
reliability of the Bulk Electric System, performance of R7.3 is required by the
entity in order to be able to demonstrate compliance with CIP-007-3,
Requirements R7.1 and R7.2 that, if not performed properly, could result in an
impact to reliability. Elimination of this requirement could expose the registered
entity to greater risk of non-compliance with the remaining requirements as it no
longer requires the entity to maintain appropriate and sufficient evidence of
performance with the remaining requirements. For the reasons described, the
SPP RE is opposed to retiring CIP-007-3/4, Requirement R7.3.

Response: Southwest Power Pool Regional Entity states that while retirement of CIP-007-3, -4 R7.3: “… has no immediate impact
on the reliability of the Bulk Electric System…” it is required to demonstrate compliance. As explained in the technical paper at
Page 31, Section 400 of the NERC Rules of Procedure provides for a Regional Entity to request evidence to monitor compliance,
and, therefore, it is unnecessary to also have a Reliability Standard that also requires the entity to retain records as set forth in
CIP-007-3, -4 R7.3. The SDT also notes that the Responsible Entity has the burden to demonstrate compliance with CIP-007-3, -4
R7.1 and R7.2, notwithstanding the existence of CIP-007-3, -4 R7.3. For these reasons, the SDT affirms its decision to retire CIP007-3, -4 R7.3.
Northeast Power Coordinating
Council

Imperial Irrigation District (IID)

Duke Energy

No
Consideration of Comments: Project 2013-02

Organization

Yes or No

Bonneville Power Administration

Dominion Resource Services

Hydro One Networks Inc.

SPP Standards Review Group

Arizona Public Service Company

Southern Company

Central Hudson Gas & Electric
Corporation

American Transmission Company

Ameren

Essential Power, LLC

Pepco Holdings Inc.

National Rural Electric Cooperative
Association (NRECA)

Idaho Power Company

Kansas City Power & Light

Georgia Transmission Corporation

Consideration of Comments: Project 2013-02

Question 1 Comment

Organization

Yes or No

Entergy Services, Inc. (Transmission)

Independent Electricity System
Operator

Yes

Consideration of Comments: Project 2013-02

Question 1 Comment

1. BAL-005-0.2b, R2 - agree2. CIP-001-2a, R4 - we do not agree this is
administrative in nature. Preparedness is an essential element in having the
capability to readily respond to pressing reliability issues. Establishing contact
with the enforcement authorities is a necessary component in preparing for
reporting suspect or detected sabotage. Such reporting can help protect or
minimize damages to BES facilities and/or Adverse Reliability Impact due to
malicious acts. R1 to R3 do not have such a requirement to report sabotage
events to the law enforcement authorities. If these authorities are included in
Requirement R3, then the gap may be considered filled and R4 can be retired.
However, this is not yet the case. We therefore suggest that R4 not be retired at
this time.3. CIP-003-3, -4 R1.2 - agree4. CIP-003-3, -4 R3, R3.1, R3.2, R3.3 - while
we agree that having the exception documented and approved by Senior
Manager adds little to reliability, we do not agree that the entire requirement
should be removed since this requirement is intended for implementing control
of an entity’s adherence to its Cyber Security policy, or document exceptions
otherwise. Further, we do not concur with the SDT’s view that over time,
responsible entities may believe they can exempt themselves from compliance
with the CIP requirements. Entities may exempt themselves from having some of
their processes/procedures for cyber security not implemented, but their
adherence to the policy and documenting exceptions are to be assessed during
audit, which is not determined by the entities themselves. Any deviation from the
requirement (the proposed “making exemption from compliance with the CIP
requirement”) will be identified and the entities will be found non-compliant. 5.
CIP-003-3, -4 R4.2 - we agree that the action to classify the CCA information is
redundant, but we do not think R4.2 can be removed entirely since the element
“based on the sensitivity of the Critical Cyber Asset information” needs to be
retained. Suggest to revise R4 to capture this element, or, at a minimum, consult
the CIP SDT on the merit of retaining this element in R4.6. CIP-005-3a, -4a R2.6 -

Organization

Yes or No

Question 1 Comment
agree.7. CIP-007-3, -4 R7.3 - agree.8. COM 001-1.1 R6 - agree.9. EOP-004-1 R1 we do not agree with retiring this requirement. The RRO should have a formal
reporting procedure in place to ensure adequate and detailed reporting is
provided on system disturbances or any unusual event. This procedure is
necessary for entities to meet the goals of further requirements in this standard
that pertain to preliminary and final disturbance reporting .10. EOP-005-2 R3.1 agree.11. EOP-009-0 R2 - agree.12. FAC-002-1 R2 - we do not agree that the
requirement is burdensome. The requirement seems to meet the overarching
criterion A from the White Paper (it requires responsible entities to conduct an
activity or task that does little, if anything, to benefit or protect the reliable
operation of the BES), however, at a careful reading, the requirement seems to
fail meeting at least one of the Criteria B: B1 (it is administrative, but not
burdensome), B2 (it is data collection/retention, but we are not sure if NERC
collects this data by any other method), B3 to B6 (it does not seem to fit any of
these criteria).13. FAC-008-1 R1.3.5 - agree.14. FAC-008-1 R2; FAC-008-1 R3; FAC008-3 R4; FAC-008-3 R5 - agree.15. FAC-010-2.1 R5; FAC-011-2 R5 - agree.16. FAC013-2 R3 - agree.17. INT-007-1 R1.2 - agree, but there needs to be a requirement
somewhere to stipulate that all entities involved in the Arranged Interchange
must register with NERC such that transactions’ participants can be contacted for
confirmation of transactions being approved or to make changes when
transactions are curtailed. Until such time that this requirement is developed
elsewhere, INT-007-1 R1.2 should remain in effect. 18. IRO-016-1 R2 - It does not
make sense to retire this requirement, but still keep M1 - the measure associated
with requirement R1 - in the standard. M1 states that each RC must have
evidence, such as operator log or another data source, of actions taken for the
event or disagreement or both. However, R2 is the requirement which states the
RC shall document the actions taken via operator log or another data source.
Therefore, removing R2 would create inconsistency in the standard.19. NUC-0012 R9.1; NUC-001-2 R9.1.1; NUC-001-2 R9.1.2; NUC-001-2 R9.1.3; NUC-001-2
R9.1.4 we agree with retiring all of the 9.1, except R9.1.2: The agreement should
contain the names of the applicable entities and the responsibilities assigned to

Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 1 Comment
each one in relation to the NPIR.20. PRC-008-0 R1; PRC-008-0 R2; PRC-009-0 R1;
PRC-009-0 R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC-009-0 R1.4; PRC-009-0 R2;
PRC-010-0 R2; PRC-022-1 R2 - agree.21. TOP-001-1a R3 - agree.22. TOP-005-2a R1
- agree.23. VAR-001-2 R5 - agree.

Response: With respect to CIP-001-2a R4, Independent Electricity System Operator (IESO) expresses a concern that without R4,
entities will not be properly prepared to contact law enforcement in the event of a sabotage event. During the comment and
ballot period of the P81 project, EOP-004-2 was approved by stakeholders and the NERC Board of Trustees, and was filed with its
implementation plan on December 31, 2012 with regulatory agencies for approval. As part of the EOP-004-2 implementation plan,
all of CIP-001-2a will be retired six months after regulatory approval. In the technical paper at Page 18, it was noted that: “… if
EOP-004-2 does receive stakeholder approval and is adopted by the NERC Board of Trustees, the SDT will reconsider retirement
via the P81 Project and may include CIP-001-2a R4 for informational purposes only.” Given that a regulatory filing has been filed
to retire all of CIP-001-2a, the SDT has revised the technical paper to include CIP-001-2a R4 for informational purposes only. For
the same reasons, in response to IESO’s concern on EOP-004-1 R1, the SDT has revised the discussion of EOP-004-1 R1 to include it
in the technical paper for informational purposes only.
With respect to CIP-003-3, -4 R3, IESO believes that the entire requirement should not be removed because it is a control for
adhering to the Cyber Security Policy. It also states that entities do not view CIP-003-3, -4 R3 and its sub-requirements as a way to
exempt themselves from compliance with the Critical Infrastructure Protection (CIP) requirements. As stated in the technical
paper at page 24, an entity has the ability to implement a Cyber Security Policy that exceeds the CIP requirements without the
need for CIP-003-3, -4 R3 – which could also include implementing appropriate controls. The SDT does not find that retiring CIP003-3, -4 R3 and its sub-requirements impacts the ability of an entity to implement appropriate controls to its Cyber Security
Policy. Also, as stated in the technical paper at page 24, the SDT understands that the intent of CIP-003-3-, -4 R3 and its subrequirements has been subject to misinterpretation, notwithstanding IESO’s disagreement with the SDT on this matter.
Therefore, the SDT affirms that CIP-003-3, -4 R3 and its sub-requirements should be retired.
In addition, IESO believes that the language in CIP-003-3, -4, R4.2 related to: “… based on the sensitivity of the Critical Cyber Asset
information …” should be retained. In the technical paper at Page 26, it was explained that this language:
“. . . requires the entity to develop classifications based on a subjective understanding of sensitivity (i.e., no clear connection to
serving reliability) the requirement does not support reliability. In this context, classifying based on sensitivity becomes an
Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 1 Comment

administrative function that becomes necessarily burdensome because of all the possible ramifications ’based on sensitivity‘ can
produce, and, therefore, require SMEs to decide on and reduce to writing in a documented program. This is time and effort that
could be better spent on other CIP activities that provide value to cyber security and actively protect the BES.”
IESO has not presented sufficient rationale for the SDT to reconsider its decision as explained in the technical paper. Given the
rationale in the technical paper on the lack of a nexus between the language “based on the sensitivity” and reliability, the SDT
affirms its decision to retire CIP-003-3, -4 R.4.2.
IESO does not agree that FAC-002-1 R2 is burdensome and while it seems to meet criterion A, it believes that the requirement fails
to meet at least one of the Criteria B. As stated in the technical paper on Pages 40 and 41, FAC-002-1 R2 meets Criteria B1
(administrative) and B2 (data collection/retention) because it is an administrative documentation requirement and NERC and the
Regional Entities have the authority under Section 400 of the NERC Rules of Procedure to require an entity to submit data and
information for purposes of monitoring compliance. This would generally occur during a spot check or compliance audit where
entities would already have the obligation to produce the information required in R2 to demonstrate compliance with R1 and its
sub-requirements, even without the existence of R2. Therefore, the SDT affirms that FAC-002-1 R2 should be retired.
IESO further believes that INT-007-1 R1.2 may not be retired until there is another requirement requiring entities involved in
Arranged Interchange to register with NERC so that participants in those transactions can contact each other when transactions
are curtailed. As explained in the technical paper at Pages 56 and 57, the North American Energy Standards Board has established
registry and other rules related to entities entering into Arranged Interchange, and, therefore, INT-007-1 R1.2 is no longer
necessary. Therefore, the SDT affirms its decision to retire INT-007-1 R1.2.
IESO states that with the retirement of IRO-016-1 R2, Measure M1 should also be retired as it relates to R2. The SDT notes that
Measure M1 was not retired because it identifies how to measure compliance with IRO-016-1 R1.
IESO does not agree with retiring NUC-001-2 R9.1.2, stating that “… the agreement should contain the names of the applicable
entities and the responsibilities assigned to each one in relation to the NPIR.” Although the SDT understands the usefulness of an
agreement stating who has responsibilities for the duties set forth in the agreement, as set forth in the technical paper at Page 61,
this language is contractual boilerplate and has no direct nexus to reliability. Therefore, the SDT affirms its decision to retire NUC001-2 R9.1.2.

Exelon

Yes

Consideration of Comments: Project 2013-02

Exelon believes that if a company takes an exception it should be documented

Organization

Yes or No

Question 1 Comment
and proposes the following revision to R3: R3. Exceptions - Instances where the
Responsible Entity cannot conform to its cyber security policy must be
documented as exceptions and authorized by the senior manager or
delegate(s).R3.1. Exceptions to the Responsible Entity’s cyber security policy must
be documented. R3.2. Documented exceptions to the cyber security policy must
include an explanation as to why the exception is necessary and any
compensating measures.

Response: Exelon prefers a modification to CIP-003-3, -4 R3 and the sub-requirements than retirement. As explained in the
technical paper at Page 26, entities have the ability to develop its own procedures to take an exemption to its Cyber Security
Policy in situations that it chooses to exceed the CIP requirements without the existence of CIP-003-3, -4 R3 and the subrequirements. Thus, an entity has the flexibility to implement the revised exemption provision after the retirement of CIP-003-3, 4 R3 and the sub-requirements. Accordingly, the SDT affirms its decision to retire the CIP-003-3, -4 R3.
ISO/RTO Standards Review
Committee

Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 1 Comment
(Certification)PRC-010-0 R2 (Current Industry Assessment Practice)PRC-022-1 R2
(Documentation)Please note the IESO will submit its own comments regarding
the following requirements: CIP-001-2a R4CIP-003-3 R3.1 CIP-003-3 R3.2 CIP-0033 R3.3 CIP-003-4 R14.2INT-007-1 R1.2 (Certification)VAR-001-2 R5** (Business
Practice - NAESB)

Response: The SRC states that it does not see any reliability gap with the proposed retirements; however, it provides ideas on
how some requirements may be useful in another format or forum. The SDT appreciates the SRC’s ideas and encourages the SRC
to work with the appropriate NERC committees to discuss and possibly implement its approach.

Consideration of Comments: Project 2013-02

Do you have any comments on the technical white paper?

Summary Consideration: A few entities provided clarifying comments for consideration in the technical white paper, and those
comments have been incorporated to enhance the readability and clarity of the technical white paper. A few
commenters had concerns with the discussion of specific requirements and whether this was the time to renumber
requirements; these concerns are addressed in the individual comments below. There were also comments related to
possible formats for Phase 2, and while not within the scope of this SDT information, was provided based on the
Standard Committee’s approval of the Reliability Standards Developmental Plan. A few commenters also expressed
concerns that were compliance related. The SDT reminds stakeholder that the focus of the P81 effort was to retire
requirements that had little or no benefit to reliability.

Organization

Yes or No

SERC EC Planning Standards
Subcommittee

Question 2 Comment
The comments expressed herein represent a consensus of the views of the abovenamed members of the SERC EC Planning Standards Subcommittee only and
should not be construed as the position of SERC Reliability Corporation, its board,
or its officers”

Response: The SDT acknowledges that SERC EC Planning Standards subcommittee’s comments are not the position of SERC
Reliability Corporation.
Northeast Power Coordinating
Council

Imperial Irrigation District (IID)

Dominion Resource Services

Arizona Public Service Company

Consideration of Comments: Project 2013-02

Organization

Yes or No

Ontario Power Generation

Exelon

American Transmission Company

Ameren

Essential Power, LLC

American Electric Power

Independent Electricity System
Operator

Idaho Power Company

Kansas City Power & Light

CenterPoint Energy

Entergy Services, Inc.
(Transmission)

Pepco Holdings Inc.

Yes

Question 2 Comment

As part of this effort, a new revision number for any standard that is changed
should be used. Also any measurements or registered entities (e.g. RRO) that
would no longer apply should be deleted.

Response: The SDT agrees with Pepco Holdings that measurements associated with retired requirements should be concurrently
retired. The SDT points Pepco Holdings to the posted redline of the Reliability Standards that retires measurements associated
with retired requirements. For administrative efficiency, the Reliability Standards will not be renumbered and functional entities
will not be deleted at this time, but the next time the standard is revised it is understood that renumbering and removal of
Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 2 Comment

entities that are no longer applicable will occur.
ACES Standards Collaborators

Yes

(1) On page 5, several requirements are marked with two asterisks but there is no
footnote or additional information. Please indicate the purpose of the asterisks or
remove them. (2) The supporting statement in the technical whitepaper and SAR
that Criteria C is needed to make an informed decision “in the determination of
whether a Reliability Standard requirement satisfies both Criteria A and B” is
inconsistent with the actual Criteria. Criterion C2 questions if the requirement is
being reviewed in an on-going standards development project. While this is
certainly a relevant question and a valid reason to not include a requirement in
the P81 project, the question simply provides no input on whether Criteria A and B
are met. We suggest changing the supporting statement to be clearer that Criteria
C in essence is more information to make an informed decision but may not
necessarily have any indication on whether Criteria A and B are satisfied. (3) The
supporting statement in the technical whitepaper and SAR that Criteria C provides
“additional information to assist in the determination of whether a Reliability
Standard requirement satisfies both Criteria A and B” is inconsistent with the SAR.
In the detailed description, the SAR states that the initial phase shall only identify
requirements that satisfy both Criteria A and B. These are supposed to be the
requirements that easily meet these two criteria sets. Thus, why is Criteria C
evaluated in the whitepaper. If these criteria are easily met, Criteria C is not
needed to assist in the determination and the associated information while
interesting would appear to be superfluous.

Response: ACES Standards Collaborators seeks clarification of the use of ** on Page 5 of the technical white paper. The SDT
refers ACES Standards Collaborators to Footnote 4 of the technical white paper that states: “Those requirements that were not
part of the draft SAR, but were added based on stakeholder comments are denoted by a ‘**’ throughout this technical white
paper.”
ACES Standards Collaborators also seeks clarification on the role of Criteria C. The SDT notes that Criteria C was only considered
after a requirement met both Criteria A and B. The application of Criteria C provided additional information that in some cases

Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 2 Comment

emphasized the need to retire the requirement (e.g., was not results-based) and other times indicated that it may not be
necessary to continue with retirement (e.g., the requirement was already scheduled in a reasonable period of time to be retired
through another standards project). The SDT believes this approach is consistent with the clarification sought by ACES Standards
Collaborators, and, thus will clarify the language in the technical white paper on the application of Criteria C. The SDT also notes
that the SAR states that, “…for all phases, the standard drafting team shall also consider the data and reference points set forth
below in Criterion C when deciding whether a Reliability Standard requirement should be retired or modified.”
Bonneville Power Administration

Yes

BPA appreciates the drafting team's decision to include TOP-001-1 R3 in the
technical white paper for informational purposes rather than proposing to retire
it.

Response: The SDT is appreciative of Bonneville Power Administration’s understanding of the treatment of TOP-001-1 R3.
Central Hudson Gas & Electric
Corporation

Yes

Consideration of Comments: Project 2013-02

CHG&E believes the reason for retiring CIP-003-3,-4 R3 and its sub-requirements is
fallacious. The reason provided in the technical white paper is essentially: " First,
and most importantly, that requirement has never been available for use to
exempt an entity form compliance with any requirement of any NERC reliability
standard. It only applies to exceptions to internal corporate policy, and only in
cases where the policy exceeds a NERC standard requirement, or addresses an
issue that is not covered in a NERC reliability standard. For example, if an internal
corporate policy statement requires that all passwords be a minimum of 8
characters in length, and be changed every 30 days, this provision could be used
for internal governance purposes to lessen the corporate requirement, back to the
password requirements in CIP-007 R5.3, or in conjunction with a TFE to something
else. The removal of this requirement has no effect on the TFE process, or
compliance with any other NERC reliability standard requirement."CHG&E wishes
to highlight the fact that NERC has no jurisdiction to impose or grant exceptions to
internal corporate policies. Therefore, this requirement (and its sub requirements) can only have been crafted to address exceptions to the NERC CIP
requirements. Throughout this standard, the NERC requirements for a ‘cyber
security policy’ are delineated. This requirement specifically addresses exceptions
23

Organization

Yes or No

Question 2 Comment
to the ‘cyber security policy’. As written, this requirement can only be interpreted
to mean that an exception to the NERC CIP required ‘cyber security policy’ is
acceptable if properly documented and approved by the CIP Senior Manager.
Central Hudson Gas & Electric Corporation strongly disagrees with the inclusion of
CIP-003-3, -4 Requirements R3, R3.1, R3.2, R3.3 as candidates for retirement. The
reasons stated in the SAR in favor of inclusion are that these requirements are
administrative in nature and are purely examples of a documentation process.
Further it is stated in the SAR that they, “.... have been subject to
misinterpretation, including responsible entities believing they can exempt
themselves from compliance with the CIP requirements.” This last statement is
precisely the reason why the aforementioned requirements were included in the
standard. These requirements allow Registered Entities to, on rare occasions, take
an exception to one or several of the CIP requirements (for a limited period of
time) if they (1) have valid cause (major emergency, Force Majeure, etc.), (2)
document the occurrence and (3) are reviewed and approved by the CIP Senior
Manager. This process supports the Registered Entity’s compliance effort and
acknowledges the need for special protocols to address emergency circumstances.
Without such a process, the only recourse for the Registered Entity is to selfreport a violation which is not within their control. In other words, retirement of
these requirements would force the Registered Entity to be in full compliance with
ALL CIP Standards ALL the time regardless of circumstance. The concept of
realistic expectations was undoubtedly the reason these requirements were
crafted and included in the standard. Further, with regard to the Registered
Entity’s decision to claim an exception, a system of checks and balances already
exists. At the time of a compliance audit of the standard’s requirements, the
Regional Entity reviews and makes a determination as to whether the actions
taken by the Registered Entity were warranted. Further, the fact that this
requirement is included in the FFT process is of little consolation since any
exception would still constitute a violation of the NERC Standard on the part of the
Registered Entity and would carry with that violation the associated stakeholder

Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 2 Comment
liability.

Response: CHG&E disagrees with retiring CIP-003-3,-4 R3 and its sub-requirements. CHG&E is concerned that the language in the
technical white paper on CIP-003-3,-4 R3 and its sub-requirements could be interpreted as NERC having jurisdiction to impose or
grant exceptions to internal corporate policies and would require that entities be in compliance with all CIP requirements all of the
time regardless of the circumstance and with no avenue to take an exemption to the CIP requirements. On the former point, the
SDT clarifies that it was not the intent of the language in the technical white paper on CIP-003-3,-4 R3 and its sub-requirements to
opine on the jurisdiction of NERC over “internal corporate policies.” With respect to CHG&E’s latter concern, it appears more
compliance-related than reliability-based. The criteria set forth in the SAR and technical white paper are focused on impacts to
reliability, not compliance. The SDT believes CHG&E’s compliance concerns are more appropriately discussed with its Regional
Entity’s or NERC’s compliance and enforcement monitoring staff. For informational purposes only, the SDT points to the language
in CIP-003-3, -4 R1.1 “… including provision for emergency situations …” and R2.4 “The senior manager or delegate(s), shall
authorize and document any exception from the requirements of the cyber security policy” as language CHG&E may wish to
consider in light of its concerns.” In addition, in R1 there is a requirement to “document and implement” a Cyber Security policy
which at a minimum must contain the following: “… addresses the requirements in Standards CIP-002-3 through CIP-009-3,
including provision for emergency situations.” In discussing this with the CIP SDT leadership, it was their intent in developing this
requirement to allow entities to only waive the portions of those implemented policies which were in excess of the CIP-002-3
through CIP-009-3 set of requirements. In other words, NERC and FERC would not approve this R3 requirement if it allowed
waiving other requirements by simply documenting an exception. The SDT finds no reason presented by CHG&E that indicates
that it should reverse its decision to retire CIP-003-3,-4 R3 and its sub-requirements. Thus, the SDT affirms its decision to retire
CIP-003-3,-4 R3 and its sub-requirements.
Manitoba Hydro

Yes

Consideration of Comments: Project 2013-02

CIP-003-3,-4 R1.2: Technical Justification (page 19): CIP personnel should act based
on their cyber security policy; a policy which must address the CIP-002 through
CIP-009 standards as required by CIP-003 R1.1. As a result, the specific training
processes and procedures will reflect the cyber security policy. We suggest "they
will act via their specific training, processes and procedures which reflect the
overarching cyber security policy.” CIP-007-3, -4 R7.3: (1) Technical Justification
(page 32): For added clarity, we suggest the wording “... small number of
Reliability Standard requirements explicitly mandating ....”. (2) Data and
information collection for ERO compliance monitoring purposes is certainly within
25

Organization

Yes or No

Question 2 Comment
the context of the Reliability Standards. For added clarity, we suggest the wording
"... for ERO compliance monitoring purposes without specific data collection
language in the Reliability Standards." (3) It is unclear who "the entities" are.
Should this state "Responsible Entities"? (4) For additional clarity, we suggest the
wording "... the Reliability Standards are arguably more difficult to understand ...".

Response: The SDT appreciates Manitoba Hydro suggested enhancements and has worked them into the technical white paper.
The SDT also notes that the term Responsible Entities is defined as “entities” on Page 6 of the technical white paper.
Southern Company

Yes

FAC-002-1 R2-The comments in the technical white paper concerning FAC-002-1
R2 are correct. Entities already have the obligation to provide the documentation
of the evaluation of the reliability impact of new facilities upon request to
demonstrate compliance to R1 and its sub-requirements, thus making R2
unnecessary. Furthermore, a requirement to retain documentation does not
benefit or protect the reliable operation of the BES.VAR-001-2 R5: While Southern
agrees that the elimination of VAR-001-2, R5 is appropriate, there is some concern
that the justification that the TOP’s adherence to R2 as a double check to ensure
there are sufficient reactive power resources to protect the voltage levels under
normal and Contingency conditions may be viewed by FERC as redirecting the
burden from the PSEs and LSEs to the TOP. The LSE’s (particularly) need to make
their reactive resources available to the TOP in order for the TOP to acquire/use
these reactive resources to protect voltage levels. Also, consider that not all
entities necessarily take service under a transmission tariff, so references to other
contractual mechanisms such as Interchange Agreements, etc. might be cited in
the Technical White Paper for ensuring sufficient reactive resources are provided
and made available by transmission customers.

Response: The SDT agrees with the clarifications suggested by Southern Company and has worked them into the technical paper.
Georgia Transmission Corporation

Yes

Consideration of Comments: Project 2013-02

GTC is very supportive of the recent ERO, Regional Entity and industry stakeholder
efforts in response to the opportunity provided by FERC in paragraph 81 of the

Organization

Yes or No

Question 2 Comment
Find, Fix, Track and Report Order to review and eliminate standards that provide
no or minimal reliability benefits. However, we are disappointed with the small
number of requirements that are proposed for retirement in this initial phase of
work. GTC would like to note that because duplicative requirements for
subsequent versions of Reliability Standards are never mandatory at the same
time, the net impact of requirements being proposed for retirement identified in
the “Redline of Standards with Proposed Retirements” for phase 1 is only 28 out
of 1650 FERC approved requirements or 1.7%. This small percentage does not
seem to reflect well on the view that NERC’s FFT initiative is predicated on, of
which FERC has extended an invitation to justify without imposing a deadline.
From our review of the P81 Technical White Paper, it appears that there are many
more requirements in addition to the 28 identified that meet the criteria for
deletion. And while a phased approach has been recommended, the certainty
associated with subsequent phases occurring in a timely manner is questionable
and GTC recommends a big picture approach. We believe the small number of
requirements identified in phase I would be more palatable if a big picture
perspective was provided once submitting to FERC. For example, a breakdown
similar to the one below would provide more confidence that future phases would
occur and be successful: o At the end of the day, we believe we can eliminate
approximately xx number or xx percentage of requirements o This will be
completed in three phases o Phase one will include approximately xx
requirements, posted to FERC in fourth quarter, 2012 o Phase two will include
approximately xx requirements, posted to FERC in xx quarter, 2013 o Phase three
posting will...Laying out the bigger picture keeps the momentum going and also
let’s FERC know that the first posting only begins to scratch the surface of the
issue. Furthermore, we are aware of current standards drafting teams that are
drafting requirements that would meet the criteria for deletion stated in this
Technical White Paper. There is a pressing need to implement a mechanism to
ensure “P81-qualified” requirements are not drafted going forward or eliminated
prior to NERC BOT approval.GTC will continue to support this effort as it moves
through the NERC standards development process and participate in future phases

Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 2 Comment
of work related to the P81 project. Our goal is to ensure future phases of this
effort lead to retirement of a much greater number of requirements that are not
necessary for the reliability of the BES.

Response: Georgia Transmission Corporation raises points related to whether Phase 1 of P81 included sufficient requirements and
the uncertainty and the timing of subsequent phases. As noted above, the Standards Committee recently approved a Reliability
Standards Development Plan that requires P81 concepts to be applied to all Standard projects. Training will be offered to SDTs to
ensure no new requirements would be introduced that might contradict this effort. The SDT is also encouraged that the Reliability
Standards Development Plan has set forth an aggressive schedule to review the entire set of standards in 2013, many of which
were identified by stakeholders in response to the draft P81 SAR.
Hydro One Networks Inc.

Yes

Hydro One very much appreciates the efforts of the SDT in trying to streamline
and focus current standards to focus on requirement that impact to reliability. In
addition to this, we hope that:- Phase II of this project will continue along the
same path and advance the approach to other approved standards, and- Work on
new and reviewed standards will include the criteria developed in this project (i.e.
SDTs are fully directed to use Paragraph 81 criteria while developing new and
reviewing existing standards).

Response: As noted above, the Standards Committee recently approved a Reliability Standards Development Plan that requires
P81 concepts to be applied to all standard projects. The SDT is also encouraged that the Reliability Standards Development Plan
has set forth an aggressive schedule to review the entire set of standards in 2013, many of which were identified by stakeholders
in response to the draft P81 SAR. Thus, the SDT is hopeful that the recent approval of the Reliability Standards Development Plan
will help continue on the Phase 1 path as recommended by Hydro One Networks Inc.
National Rural Electric Cooperative
Association (NRECA)

Yes

Consideration of Comments: Project 2013-02

NRECA is very supportive of the recent ERO, Regional Entities and industry
stakeholder efforts in response to the opportunity provided by FERC in P81 of the
Find, Fix, Track and Report Order to review and eliminate standard requirements
that provide no or minimal reliability benefits. NRECA is disappointed with the
small number of requirements that are proposed for retirement in this initial
phase of work, but will support this effort as it moves through the NERC standards

Organization

Yes or No

Question 2 Comment
development process and will continue participating in future phases of work
related to the P81 project. It is our goal to ensure future phases of this effort lead
to retirement of a much greater number of requirements that are not necessary
for the reliability of the Bulk Electric System. NRECA has reviewed the P81
Technical White Paper. It appears that there are many more requirements, in
addition to the 38 identified, that meet the criteria for deletion most of which
were included in the SAR for this project. Although the phase approach to this
project was explained and many of the requirements included in the SAR will be
addressed in a subsequent phases of the project, there is a concern that the future
phases of the project will not be completed in a timely manner since there is no
timeline provided for the future phases in the Implementation Plan for this
project. Having such a time-line will demonstrate to the FERC that the industry and
the ERO are dedicated to eliminating standard requirements that provide no or
minimal reliability benefits. NRECA is concerned that drafting teams are drafting
requirements that would meet the criteria for deletion stated in this Technical
White Paper. There must be a mechanism in place to ensure “P81-qualified”
requirements are not included in standards that are under development or in
standards that are provided to the NERC BOT for approval. In addition, if
requirements are retired that include an entity that is only required to comply
with the standard because of the specific requirement that is to be retired said
entity should be removed from the applicability of the standard. An example of
such is VAR-01, R5 where this requirement is the only requirement applicable to a
PSE, but the PSE has not been removed from the Applicability of the standard in
the red-line version posted for comment.

Response: Similar to our response to Georgia Transmission Corporation and Hydro One Networks Inc, the SDT hopes that the
recent approval of the Reliability Standards Development Plan will help to alleviate any concerns of National Rural Electric
Cooperative Association on the timing and content of Phase 2, as the Reliability Standards Development Plan requires P81
concepts to be applied to all standard projects. Training will also be offered to SDTs to ensure no new requirements would be
introduced that might contradict this effort. The SDT also notes that the issue identified related to removing the PSE from the
applicability section of VAR-001 will occur the next time that standard is reviewed and re-numbered, which based on the
Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 2 Comment

Reliability Standards Developmental Plan, is scheduled for 2013.
Occidental Energy Ventures Corp.

Yes

OEVC believes the drafting team did an excellent job researching and defending
each proposed retirement. In our view, this is a fundamental necessity as we must
assume that FERC will closely scrutinize each one. However, we anticipate that
some form of cost/benefit analysis will be requested in each case - particularly
since the entire impetus behind the Paragraph 81 project is the shortage of
compliance resources. It may be a worthwhile exercise to develop a cost model
that accounts for industry and CEA resources accurately and effectively. The
results must be weighed against the expected benefit of any requirement - as the
industry and regulatory bodies clearly have some important trade-offs to consider.
In particular, with FERC’s recent emphasis on cyber security, cold weather
preparation, and geomagnetic protection, some of the less effective requirements
need to be removed. OEVC believes that the Commission will be reluctant to
proceed in this manner without data that demonstrates the comparative benefit
of each requirement.

Response: Occidental Energy Ventures Corp. suggests that the SDT consider using a cost benefit analysis or exercise that accounts
for industry and CEA resources. The SDT notes that the Standards Committee has approved a cost effectiveness analysis process
(“CEAP”) and will be implementing a pilot of this process on two standards projects in the first half of 2013. At this time, cost
effectiveness considerations are not sufficiently developed to be applicable to the requirements proposed in Phase 1, nor does
P81 express an expectation that such analysis for this project would be undertaken, and is focused on deletion of requirements
that do little or nothing to contribute to reliability. Thus, while the SDT will not apply a cost effective test to the requirements
proposed for retirement, the SDT suggests that Occidental Energy Ventures Corp. follow the developments on the CEAP Project as
posted on the NERC “Standards Under Development” webpage through the Standards Committee.
SPP Standards Review Group

Yes

Consideration of Comments: Project 2013-02

Page 17 - The 6th through 12th lines are a stretch and do not add anything to the
argument for retiring Requirement 3 of CIP-001-2a. It is conjecture on the part of
the drafting team and should be removed from the paper. If the drafting team
doesn’t agree and keeps this portion, please insert the word ‘require’ between
‘some’ and ‘corporate’ in the 8th line. Also, delete ‘to generic’ in the 11th line.
30

Organization

Yes or No

Question 2 Comment
Page 26 - In the 10th line of the Technical Justification paragraph, insert ‘task’
between ‘administrative’ and ‘that’. Page 29 - At the beginning of the 6th line of
the Technical Justification paragraph, delete the ‘is’. Page 32 - In the first line of
the Criterion A paragraph, insert a ‘not’ between ‘does’ and ‘promote’. Page 59 In the 8th line of the 2nd paragraph, the sentence ‘Thus, IRO-016-1 R1 does not
support reliability.’ doesn’t seem right. Shouldn’t this be; it does support
reliability? Or perhaps you meant to say that R2 does not support reliability. Also,
in the next sentence, delete the second ‘that’. Page 61 - In the 15th line of the
Technical Justification paragraph, delete the ‘an’ in front of unnecessarily.

Response: SPP Standards Review Group suggests that the SDT remove CIP-001-2a R4 from the technical paper. As noted above,
this requirement is already proposed for retirement through EOP-004-2, and, therefore, will be included in the technical paper for
informational purposes only.
The SDT appreciates SPP Standards Review Group’s suggestions to improve the readability of the technical paper and have made
the suggested changes.

City of Austin dba Austin Energy

Yes

Please note: CIP-001-2a EA4 should be retired at the same time as CIP-001-2a R4
for the same reasons. We agree with the SDT regarding requirements applicable
to the GO/GOP.

Response: Please see response to the City of Austin’s comments to question 1.
ISO/RTO Standards Review
Committee

Yes

Consideration of Comments: Project 2013-02

The SRC agrees with the removal of the identified requirements. The SRC
recognizes that the scope of this SAR is to identify inappropriate requirements and
not necessarily to suggest what to do with those identified requirements for
removal. The SRC suggests that the Technical White Paper recognize that some of
these removed requirements can and should be retained (just not retained as
Reliability Standards). See response to Q1 for suggestions.

Organization

Yes or No

Question 2 Comment

Response: Please see the SDT’s response to the SRC’s comments to question 1.
Southwest Power Pool Regional
Entity

Yes

The white paper discussion for CIP-007-3/4, Requirement R7.3 proffers the idea
that most data and information is collected for ERO compliance monitoring
purposes outside of the context of Reliability Standards. While this might be the
case of other standards, the SPP RE does not believe this is the case for the CIP002 through CIP-009 Cyber Security standards, collectively referred to as the “CIP
standards.” The CIP standards require the entity to produce a document (e.g.,
policy, program, procedure, process, or list); to implement a documented
program, process, or procedure; and/or to perform and document certain
measurable procedural steps. In the absence of disposition records, which are
specifically not required by CIP-007-3/4, Requirements R7.1 and R7.2, there will
unlikely be any data or information outside of the context of the Reliability
Standards demonstrating compliance with R7.1 and R7.2. The authors of the
white paper appear to object to the maintenance of process documentation in this
instance yet do not object to other requirements in the CIP standards that
similarly call for the production and maintenance of documentation. The SPP RE is
concerned that the authors of the white paper have chosen to focus on individual
requirements in a stand-alone manner and have failed to understand the
supportive interrelationships of the CIP standards and their requirements.

Response: Southwest Power Pool Regional Entity states that data and information related to CIP requirements are collected
through the CIP requirements. Southwest Power Pool Regional Entity is particularly concerned that with the “… absence of
disposition records, which are specifically not required by CIP-007-3/4, Requirements R7.1 and R7.2, there will unlikely be any
data or information outside of the context of the Reliability Standards demonstrating compliance with R7.1 and R7.2.” As
explained above, Section 400 of the NERC Rules of Procedure provides Regional Entities with the authority to request information
needed to monitor compliance and the Responsible Entity has the burden of proof to demonstrate compliance. As stated in the
technical white paper at Pages 31 and 32, there is no direct nexus between data retention and reliability. This is a compliance
issue that is better served through procedures promulgated outside of the Reliability Standards. Thus, the SDT affirms its decision
to retire CIP-007-3, -4 R7.3.

Consideration of Comments: Project 2013-02

Organization

Yes or No

Question 2 Comment

Southwest Power Pool Regional Entity also generally questions whether the SDT understands the interrelationship between the
CIP requirements, because other CIP data retention requirements are not proposed for retirement in Phase 1. The SDT notes that
the number and type of CIP requirements proposed for retirement in Phase 1 was shaped to some degree by the collaborative
process between stakeholders and the staffs of the Regional Entities and NERC. The SDT also collaborated with the leadership of
the CIP V5 SDT on the CIP requirements proposed for retirement. The SDT’s evaluations and discussions confirmed the
appropriateness to retire the proposed CIP requirements. That is not to say, there are not other CIP data retention requirements
that should be considered for retirement in the future. Thus, while the SDT understands Southwest Power Pool Regional Entity’s
concern, it affirms its decision to retire the selected CIP requirements in Phase 1.

Duke Energy

Yes

While we agree with retiring all of the Reliability Standard requirements proposed
for retirement, we believe the P81 Project Technical White Paper should be more
forceful in justifying retirement of the CIP requirements. Specifically, the “not an
important part of a scheme of CIP Requirements” phrase is often used in Criteria C
sections discussing VFR and AML issues. It would seem that FERC may have
difficulty giving this phrase credibility since (i) the industry previously had balloted
to approve such requirements, (ii) NERC BOT approved such requirements, and (iii)
FERC approved such requirements. All of these approvals seem to indicate that all
such entities previously believed that the requirements were important to the CIP
scheme. Instead, we suggest that this phrase be replaced in each instance with
phrases like the following: “As explained above and since the inception of this
requirement, this requirement has not been shown to constitute a [key][integral]
part of a scheme of CIP requirements.”

Response: The SDT appreciates Duke Energy’s suggestions to clarify the technical white paper. The SDT believes that the intent of
the language in the technical white paper is consistent with the suggestions of Duke Energy.
END OF REPORT

Consideration of Comments: Project 2013-02

Exhibit E

Paragraph 81 Technical Whitepaper

Paragraph 81 Project
Technical White Paper
December 20, 2012

Table of Contents
I.

Introduction ........................................................................................................................4
A. Consensus Process ..........................................................................................................4
B. Standards Committee ......................................................................................................5

II.

Executive Summary ...........................................................................................................6

III. Criteria ................................................................................................................................7
Criterion A (Overarching Criterion) ......................................................................................8
Criteria B (Identifying Criteria) .............................................................................................8
Criteria C (Additional data and reference points) ................................................................10
IV. The Initial Phase Reliability Standards Requirements Proposed for Retirement .............12
BAL-005-0.2b R2 – Automatic Generation Control ...........................................................12
CIP-003-3, -4 R1.2 – Cyber Security – Security Management Controls.............................16
CIP-003-3, -4 R3, R3.1, R3.2, R3.3 – Cyber Security – Security Management Controls...19
CIP-003-3, -4 R4.2 - Cyber Security – Security Management Controls .............................23
CIP-005-3a, -4a R2.6 – Cyber Security – Electronic Security Perimeter(s) .......................25
CIP-007-3, -4 R7.3 – Cyber Security – Systems Security Management .............................27
EOP-005-2 R3.1– System Restoration from Blackstart Resources .....................................31
FAC-002-1 R2 – Coordination of Plans for New Facilities ................................................34
FAC-008-1 R2; FAC-008-1 R3; - Facility Ratings Methodology .......................................36
FAC-008-3 R4; FAC-008-3 R5 – Facility Ratings ..............................................................39
**FAC-010-2.1 R5 – System Operating Limits Methodology for the Planning Horizon ...42
**FAC-011-2 R5– System Operating Limits Methodology for the Operations Horizon ...45
FAC-013-2 R3 – Assessment of Transfer Capability for the Near-term Transmission
Planning Horizon .................................................................................................................47
INT-007-1 R1.2 – Interchange Confirmation ......................................................................50
IRO-016-1 R2 – Coordination of Real-time Activities Between Reliability
Coordinators .........................................................................................................................52
NUC-001-2 R9.1; NUC-001-2 R9.1.1; NUC-001-2 R9.1.2; NUC-001-2 R9.1.3; NUC001-2 R9.1.4 – Nuclear Plant Interface Coordination .........................................................54
PRC-010-0 R2 – Assessment of the Design and Effectiveness of UVLS Program; ...........57
PRC-022-1 R2 – Under-Voltage Load Shedding Program Performance ............................59
**VAR-001-2 R5 – Voltage and Reactive Control .............................................................61
V. The Initial Phase Reliability Standards Provided for Informational Purposes ...................65

P81 Project Technical White Paper

CIP-001-2a R4 Sabotage Reporting.....................................................................................65
COM-001-1.1 R6- Telecommunications .............................................................................66
EOP-004-1 R1 – Disturbance Reporting .............................................................................66
EOP-009-0 R2 – Documentation of Blackstart Generating Unit Test Results ....................66
FAC-008-1 R1.3.5 – Facility Ratings Methodology ...........................................................67
PRC-008-0 R1; PRC-008-0 R2 – Underfrequency Load Shedding Equipment
Maintenance Programs.........................................................................................................67
PRC-009-0 R1; PRC-009-0 R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC-009-0
R1.4; PRC-009-0 R2 – UFLS Performance Following an Underfrequency Event .............68
TOP-001-1a R3 – Reliability Responsibilities and Authorities...........................................69
TOP-005-2a R1 – Operational Reliability Information .....................................................70
Appendix A ..............................................................................................................................72

P81 Project Technical White Paper

Introduction

On March 15, 2012, the Federal Energy Regulatory Commission (“FERC” or the
“Commission”) issued an order 1 on the North American Electric Reliability
Corporation’s (“NERC”) Find, Fix and Track (“FFT”) process that stated in paragraph 81
(“P81”):
The Commission notes that NERC’s FFT initiative is predicated on the
view that many violations of requirements currently included in Reliability
Standards pose lesser risk to the Bulk-Power System. If so, some current
requirements likely provide little protection for Bulk-Power System
reliability or may be redundant. The Commission is interested in obtaining
views on whether such requirements could be removed from the
Reliability Standards with little effect on reliability and an increase in
efficiency of the [Electric Reliability Organization] ERO compliance
program. If NERC believes that specific Reliability Standards or specific
requirements within certain Standards should be revised or removed, we
invite NERC to make specific proposals to the Commission identifying the
Standards or requirements and setting forth in detail the technical basis for
its belief. In addition, or in the alternative, we invite NERC, the Regional
Entities and other interested entities to propose appropriate mechanisms to
identify and remove from the Commission-approved Reliability Standards
unnecessary or redundant requirements. We will not impose a deadline on
when these comments should be submitted, but ask that to the extent such
comments are submitted NERC, the Regional Entities, and interested
entities coordinate to submit their respective comments concurrently.

A. Consensus Process
In response to P81 and the Commission’s request for comments to be
coordinated, 2 during June and July 2012, various industry stakeholders, Trade

North American Electric Reliability Corporation, 138 FERC ¶ 61,193 at P 81 (2012).
In addition to addressing P81, the consensus effort was also consistent with recommendation #4 set forth
in NERC’s Recommendations to Improve The Standards Development Process at page 12 (April 2012),
which states:
2

P81 Project Technical White Paper

Associations, 3 staff from NERC and staff from the NERC Regions jointly discussed
consensus criteria and an initial list of Reliability Standard requirements that appeared to
easily satisfy the criteria, and, thus, could be retired. Specifically, the three parties
(industry stakeholders/Trade Associations, staff from NERC, and staff from the NERC
Regions) used the following conservative discipline to arrive at the proposed list of
requirements to be retired: (i) the development of criteria to determine whether a
Reliability Standard requirement should be retired and (ii) the application of this criteria
with consultation from Subject Matter Experts (“SME”), with the understanding that if
any of the three parties objected to including a requirement it would not be included in
the initial phase of the P81 Project. As a result of this process, a draft Standards
Authorization Request (“SAR”), including an initial suggested list of requirements for
retirement, was drafted and presented to the NERC Standards Committee. Also, the
SMEs consulted in this process provided the technical justifications that appear in this
technical white paper.

Standards Committee

3
Edison Electric Institute, American Public Power Association, National Rural Electric Cooperative
Association, Large Public Power Council, Electricity Consumers Resource Council, The Electric Power
Supply Association, and Transmission Access Policy Study Group.
4
The following requirements that were presented in the draft SAR were already scheduled to be retired or
subsumed via another Standards Development Project that has been approved by stakeholders and the
NERC Board of Trustees (or due to be before the Board in November), and, thus, are presented in this
technical white paper in Section V for informational purposes only: CIP-001-2a R4; COM-001-1.1 R6;
EOP-004-1 R1; EOP-009-0 R2; FAC-008-1 R1.3.5; PRC-008-0 R1; PRC-008-0 R2; PRC-009-0 R1; PRC009-0 R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC-009-0 R1.4; PRC-009-0 R2; TOP-001-1a R3; and
TOP-005-2a R1. For regulatory efficiency, these requirements will not be presented for comment and vote,
and, therefore, will not be presented to the Board of Trustees for retirement or filed with the Commission or
Canadian governmental authorities as part of the P81 Project. Those requirements that were not part of the
draft SAR, but were added based on stakeholder comments are denoted by a “**” throughout this technical
white paper. More detail on each of these requirements is provided below.

P81 Project Technical White Paper

The purpose of this technical white paper is to set forth the background and
technical justification for each of the Reliability Standard requirements proposed for
retirement. Stakeholders are requested to review this technical white paper and provide
the SDT any: (1) supplemental, additional technical justifications for a requirement(s)
and/or (2) concerns with the technical justifications for a requirement(s).

II. Executive Summary

The SDT developed a set of three criteria and used them to identify requirements that
could be eligible for retirement. A summary of the criteria are as follows:
A. Criterion A (Overarching Criterion): little, if any, benefit or protection to the
reliable operation of the BES
B. Criteria B (Identifying Criteria)
B1. Administrative
B2. Data Collection/Data Retention
B3. Documentation
B4. Reporting
B5. Periodic Updates
B6. Commercial or Business Practice
B7. Redundant
C. Criteria C (Additional data and reference points)
C1. Part of a FFT filing
C2. Being reviewed in an ongoing Standards Development Project
C3. Violation Risk Factor (“VRF”) of the requirement
C4. Tier in the 2013 Actively Monitored List (“AML”)
C5. Negative impact on NERC’s reliability principles
C6. Negative impact on the defense in depth protection of the BES
C7. Promotion of results or performance based Reliability Standards
Specifically, for a requirement to be proposed for retirement, it must satisfy both,
Criterion A and at least one of the Criteria B. Criteria C were considered as additional
information to make a more informed decision.
Based on the criteria above, the SDT proposes to retire the following 36 requirements in
23 Reliability Standard versions:
•
•
•
•
•
•

BAL-005-0.2b R2
CIP-003-3 R1.2
CIP-003-3 R3
CIP-003-3 R3.1
CIP-003-3 R3.2
CIP-003-3 R3.3

P81 Project Technical White Paper

•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•

CIP-003-3 R4.2
CIP-003-4 R1.2
CIP-003-4 R3
CIP-003-4 R3.1
CIP-003-4 R3.2
CIP-003-4 R3.3
CIP-003-4 R4.2
CIP-005-3a R2.6
CIP-005-4a R2.6
CIP-007-3 R7.3
CIP-007-4 R7.3
EOP-005-2 R3.1
FAC-002-1 R2
FAC-008-1 R2
FAC-008-1 R3
FAC-008-3 R4
FAC-008-3 R5
FAC-010-2.1 R5**
FAC-011-2 R5**
FAC-013-2 R3
INT-007-1 R1.2
IRO-016-1 R2
NUC-001-2 R9.1
NUC-001-2 R9.1.1
NUC-001-2 R9.1.2
NUC-001-2 R9.1.3
NUC-001-2 R9.1.4
PRC-010-0 R2
PRC-022-1 R2
VAR-001-2 R5**

A table is included in Appendix A with the Reliability Standard requirements proposed
for retirement and a cross-reference to the associated criteria.

III.

Criteria

The P81 Project focuses on identifying FERC-approved Reliability Standard
requirements that satisfy the criteria set forth below. 5 Specifically, for a Reliability

The scope of future phases of the P81 Project has not yet been determined. When the scope is considered,
the criteria set forth herein may be a useful guide to appropriate criteria for those phases.

P81 Project Technical White Paper

Standard requirement to be proposed for retirement it must satisfy both: (i) Criterion A
(the overarching criterion) and (ii) at least one of the Criteria B listed below (identifying
criteria). The purpose of having these two levels of criteria was to confine the review and
consideration of requirements to only those requirements that clearly need not be
included in the mandatory Reliability Standards. Also, Criteria A and B were designed
so there would be no rewriting or consolidation of requirements, and the technical merits
of retiring the requirements did not require significant research and vetting. In addition,
for each Reliability Standard requirement proposed for retirement, the data and reference
points set forth below in Criteria C were considered to make a more informed decision on
whether to proceed with retirement. Lastly, for each requirement proposed for
retirement, any increase to the efficiency of the ERO compliance program is addressed.

Criterion A (Overarching Criterion)
The Reliability Standard requirement requires responsible entities (“entities”) to conduct
an activity or task that does little, if anything, to benefit or protect the reliable operation
of the BES.
Section 215(a) (4) of the United States Federal Power Act defines “reliable operation” as:
“… operating the elements of the bulk-power system within equipment and electric
system thermal, voltage, and stability limits so that instability, uncontrolled separation, or
cascading failures of such system will not occur as a result of a sudden disturbance,
including a cybersecurity incident, or unanticipated failure of system elements.”

Criteria B (Identifying Criteria)
B1. Administrative
The Reliability Standard requirement requires responsible entities to perform a function
that is administrative in nature, does not support reliability and is needlessly burdensome.
This criterion is designed to identify requirements that can be removed with little effect
on reliability and whose removal will result in an increase in the efficiency of the ERO
compliance program. Administrative functions may include a task that is or is not related
to developing procedures or plans, such as establishing communication contacts. Thus,
for certain requirements, Criterion B1 is closely related to Criteria B2, B3 and B4.
Strictly administrative functions do not inherently negatively impact reliability directly
and, where possible, should be eliminated for purposes of efficiency and to allow the
ERO and entities to appropriately allocate resources.
B2. Data Collection/Data Retention
These are requirements that obligate responsible entities to produce and retain data which
document prior events or activities, and should be collected via some other method under
NERC’s rules and processes.

P81 Project Technical White Paper

This criterion is designed to identify requirements that can be removed with little effect
on reliability. The collection and/or retention of data do not necessarily have a reliability
benefit and yet are often required to demonstrate compliance. Where data collection
and/or data retention is unnecessary for reliability purposes, such requirements should be
eliminated in order to increase the efficiency of the ERO compliance program.

B3. Documentation
The Reliability Standard requirement requires responsible entities to develop a document
(e.g., plan, policy or procedure) which is not necessary to protect BES reliability.
This criterion is designed to identify requirements that require the development of a
document that is unrelated to reliability or has no performance or results-based function.
In other words, the document is required, but no execution of a reliability activity or task
is associated with or required by the document.
B4. Reporting
The Reliability Standard requirement obligates responsible entities to report to a Regional
Entity, NERC or another party or entity. These are requirements that obligate responsible
entities to report to a Regional Entity on activities which have no discernible impact on
promoting the reliable operation of the BES and if the entity failed to meet this
requirement there would be little reliability impact.
B5. Periodic Updates
The Reliability Standard requirement requires responsible entities to periodically update
(e.g., annually) documentation, such as a plan, procedure or policy without an operational
benefit to reliability.
This criterion is designed to identify requirements that impose an updating requirement
that is out of sync with the actual operations of the BES, unnecessary or duplicative.
B6. Commercial or Business Practice
The Reliability Standard requirement is a commercial or business practice, or implicates
commercial rather than reliability issues.
This criterion is designed to identify those requirements that require: (i) implementing a
best or outdated business practice or (ii) implicating the exchange of or debate on
commercially sensitive information while doing little, if anything, to promote the reliable
operation of the BES.
B7.
Redundant
The Reliability Standard requirement is redundant with: (i) another FERC-approved
Reliability Standard requirement(s); (ii) the ERO compliance and monitoring program or
(iii) a governmental regulation (e.g., Open Access Transmission Tariff, North American
Energy Standards Board (“NAESB”), etc.).
9

P81 Project Technical White Paper

This criterion is designed to identify requirements that are redundant with other
requirements and are, therefore, unnecessary. Unlike the other criteria listed in Criterion
B, in the case of redundancy, the task or activity itself may contribute to a reliable BES,
but it is not necessary to have two duplicative requirements on the same or similar task or
activity. Such requirements can be removed with little or no effect on reliability and
removal will result in an increase in efficiency of the ERO compliance program.

Criteria C (Additional data and reference points)
To assist in the determination of whether to proceed with the retirement of a Reliability
Standard requirement that satisfies both Criteria A and B, the following data and
reference points shall be considered to make a more informed decision:
C1.

Was the Reliability Standard requirement part of a FFT filing?

The application of this criterion involves determining whether the requirement was
included in a FFT filing.
C2.
Is the Reliability Standard requirement being reviewed in an on-going
Standards Development Project?
The application of this criterion involves determining whether the requirement proposed
for retirement is part of an active on-going Standards Development Project, with a
consideration of the point in the process that Project is at. If the requirement has been
passed by the stakeholders and is scheduled to be presented to the NERC Board of
Trustees, in most cases it will not be included in the P81 project to promote regulatory
efficiency. The exception would be a requirement, such as the Critical Information
Protection (“CIP”) requirements for Version 3 and 4, that is not due to be retired for an
extended period of time; or, other requirements that based on the specific facts and
circumstances of that requirement indicate it should be retired via the P81 Project first
rather than waiting for another Standards Development Project to retire it, particularly as
a way to increase the efficiencies of the ERO compliance program. Also, for
informational purposes, whether the requirement is included in a future or pending
Standards Development Project will be identified and discussed.
C3.

What is the VRF of the Reliability Standard requirement?

P81 Project Technical White Paper

to ensure that no reliability gap would be created by the retirement of the Lower VRF
requirement. For example, no requirement, including a Lower VRF requirement, should
be retired if its retirement harms the effectiveness of a larger scheme of requirements that
are purposely designed to protect the reliable operation of the BES.

C4.
fall?

In which tier of the 2013 AML does the Reliability Standard requirement

The application of this criterion involves identifying whether the requirement proposed
for retirement is on the 2013 AML, with particular consideration for any requirement in
the first tier of the 2013 AML.
C5. Is there a possible negative impact on NERC’s published and posted
reliability principles?
The application of this criterion involves consideration of the eight following reliability
principles published on the NERC webpage.
Reliability Principles
NERC Reliability Standards are based on certain reliability principles that
define the foundation of reliability for North American bulk power
systems. Each reliability standard shall enable or support one or more of
the reliability principles, thereby ensuring that each standard serves a
purpose in support of reliability of the North American bulk power
systems. Each reliability standard shall also be consistent with all of the
reliability principles, thereby ensuring that no standard undermines
reliability through an unintended consequence.
Principle 1.

Interconnected bulk power systems shall be planned and
operated in a coordinated manner to perform reliably under
normal and abnormal conditions as defined in the NERC
Standards.

Principle 2.

The frequency and voltage of interconnected bulk power
systems shall be controlled within defined limits through
the balancing of real and reactive power supply and
demand.

Principle 3.

Information necessary for the planning and operation of
interconnected bulk power systems shall be made available
to those entities responsible for planning and operating the
systems reliably.

P81 Project Technical White Paper

C6.

Principle 4.

Plans for emergency operation and system restoration of
interconnected bulk power systems shall be developed,
coordinated, maintained, and implemented.

Principle 5.

Facilities for communication, monitoring, and control shall
be provided, used, and maintained for the reliability of
interconnected bulk power systems.

Principle 6.

Personnel responsible for planning and operating
interconnected bulk power systems shall be trained,
qualified, and have the responsibility and authority to
implement actions.

Principle 7.

The reliability of the interconnected bulk power systems
shall be assessed, monitored, and maintained on a widearea basis.

Principle 8.

Bulk power systems shall be protected from malicious
physical or cyber attacks. (footnote omitted).

Is there any negative impact on the defense in depth protection of the BES?

The application of this criterion considers whether the requirement proposed for
retirement is part of a defense in depth protection strategy. In order words, the
assessment is to verify whether other requirements rely on the requirement proposed for
retirement to protect the BES.
C7.
Does the retirement promote results or performance based Reliability
Standards?
The application of this criterion considers whether the requirement, if retired, will
promote the initiative to implement results- and/or performance-based Reliability
Standards.

IV. The Initial Phase Reliability Standards Requirements Proposed for
Retirement
The following lists the requirements proposed for retirement with details of the
assessment resulting from the applicability of the criteria above.

BAL-005-0.2b R2 – Automatic Generation Control

P81 Project Technical White Paper

R2. Each Balancing Authority shall maintain Regulating Reserve that can be
controlled by AGC to meet the Control Performance Standard.

Background/Commission Directives
BAL-005-0 was filed for Commission approval on April 4, 2006 in Docket No. RM0616-000 and was approved on March 16, 2007 in Order No. 693. 6 Also, the Commission
accepted an errata filing to BAL-005-0.1b, which replaced Appendix 1 with a corrected
version of a Commission-approved interpretation, and made an internal reference
correction in the interpretation, thus resulting in BAL-005-0.2b. 7
In Order No. 693 at paragraph 387, the Commission stated that:
The goal of this Reliability Standard is to maintain Interconnection
frequency by requiring that all generation, transmission, and customer
load be within the metered boundaries of a balancing authority area, and
establishing the functional requirements for the balancing authority’s
regulation service, including its calculation of ACE.
At paragraph 396, the Commission stated:
On this issue, the Commission directs the ERO to modify BAL-005-0
through the Reliability Standards development process to develop a
process to calculate the minimum regulating reserve for a balancing
authority, taking into account expected load and generation variation and
transactions being ramped into or out of the balancing authority.
This Commission directive is unaffected by the proposed retirement of BAL-005-0.2b
R2.
Additionally, when adjusting the VRF for the previous version, BAL-005-0.1b R2, from
Lower to High, the Commission stated that: 8
While theoretically, CPS can be met without the use of AGC, for example,
when the AGC system is malfunctioning, the Commission believes, in
practice, that AGC is the most dependable and effective means for
multiple balancing authorities in an Interconnection to collectively meet
CPS requirements in tandem while minimizing assistance from each other
in this regard. Human reaction is neither fast enough nor dependable
6

P81 Project Technical White Paper

enough in this repetitive task to provide the immediate and continuous
support to correct for Interconnection frequency drift. Further, the failure
to use AGC presents a higher risk that immediate load shedding will need
to be implemented after the sudden loss of generation or an unforeseen
significant load increase and, thus, the failure to use AGC subjects the
Bulk-Power System to a higher risk of instability.
However, the fact that the VRF for BAL-005-0.2b R2 is High is not indicative of its
actual impact on the BES as explained in further detail below. Also, no Commission
directive is impacted by BAL-005-0.2b R2.
Technical Justification
The stated reliability purpose of BAL-005-0.2b is to establish requirements for Balancing
Authority Automatic Generation Control (“AGC”) necessary to calculate Area Control
Error (“ACE”) and to routinely deploy the Regulating Reserve. The standard also
ensures that all facilities and load electrically synchronized to the Interconnection are
included within the metered boundary of a Balancing Area so that balancing of resources
and demand can be achieved. The reliability purpose and objectives of BAL-005-0.2b
are unaffected by the proposed retirement of R2.
A Balancing Authority must use AGC to control its Regulating Reserves to meet the
Control Performance Standards (“CPS”) as set forth in BAL-001-0.1a R1 and R2.
Although for a short period of time (as the Commission stated during an AGC
malfunction) a Balancing Authority may be able to meet its CPS obligations without
AGC, it cannot do so for any extended period of time, and, therefore, Balancing
Authorities must use AGC to control its Regulating Reserves to satisfy its obligations
under BAL-001-0.1a R1 and R2. Given this fact, it is redundant to also have BAL-0050.2b R2 set forth the following statement: “Each Balancing Authority shall maintain
Regulating Reserve that can be controlled by AGC to meet the Control Performance
Standard.” (Criterion B7). It is the duplicative nature of having two requirements
requiring the same activity that does little, if anything, to benefit or protect reliable
operation of the BES. (Criterion A). In other words, without the existence of BAL-0050.2b R2, Balancing Authorities must still have Regulating Reserves that can be controlled
by AGC to satisfy the CPS in BAL-001-0.1a R1 and R2.
Also, the retirement of BAL-005-0.2b R2 would increase the efficiency of the ERO
compliance program because NERC and the Regional Entities would be able to focus
their time and resources on monitoring compliance on BAL-001-0.1a R1 and R2, which
are results-based requirements, versus monitoring compliance with both BAL-001-0.1a
R1 and R2 as well as the static statement in BAL-005-0.2b R2. Therefore, retiring BAL005-0.2b R2 will provide for increased efficiencies in the ERO compliance program.
Criterion A
Without the existence of BAL-005-0.2b R2, Balancing Authorities must still have
Regulating Reserves that can be controlled by AGC to satisfy the CPS in BAL-001-0.1a
14

P81 Project Technical White Paper

R1 and R2. Having two requirements requiring a Balancing Authority to conduct the
same activity or task does little, if anything, to benefit or protect the reliable operation of
the BES because it is duplicative.
Criteria B
• Criterion B7 (Redundant)
Criteria C
1. BAL-005-0.2b R2 has not been part of a FFT filing.
2. BAL-005-0.2b R2 is currently scheduled to be included in Standards Development
Project 2010-14.2, which is Phase II of Balancing Authority Reliability-based
Controls: Time Error, AGC, and Inadvertent. Given that Project 2010-14.2 is
currently not an active Standards Development Project, it remains appropriate to
retire BAL-005-0.2b R2 via the P81 Project.
3. The VRF for BAL-005-0.2b R2 is High. Given the redundant nature of BAL-0050.2b R2, the High VRF is not dispositive of whether or not it should be retired since
BAL-001-0.1a R1 and R2 accomplishes the important reliability requirement of
Balancing Authorities maintaining Regulating Reserves that can be controlled by
AGC to satisfy CPS.
4. BAL-005-0.2b R2 is not part of the 2013 AML.
5. The redundant nature of BAL-005-0.2b R2 with BAL-001-0.1a R1 and R2 also
indicates that the retirement of BAL-005-0.2b R2 does not pose a negative impact to
NERC’s published and posted reliability principles. The two reliability principles
applicable to BAL-005-0.2b R2 are the following:
Principle 1.

Interconnected bulk power systems shall be planned and operated
in a coordinated manner to perform reliably under normal and
abnormal conditions as defined in the NERC Standards.

Principle 2.

The frequency and voltage of interconnected bulk power systems
shall be controlled within defined limits through the balancing of
real and reactive power supply and demand.

P81 Project Technical White Paper

7. Retirement of BAL-005-0.2b R2 promotes a results-based approach, because it is
retiring a static requirement while BAL-001-0.1a R1 and R2, which are more
dynamic and results-based requirements, will remain in effect.
Accordingly, for the above reasons, it is appropriate to retire BAL-005-0.2b R2.

CIP-003-3, -4 R1.2 – Cyber Security – Security Management Controls
R1.2. The cyber security policy is readily available to all personnel who have access
to, or are responsible for, Critical Cyber Assets.
Background/Commission Directives
CIP-003-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 9 CIP-003-2 was filed
for Commission approval on May 22, 2009 in Docket Nos. RM06-22-000 and RD09-7000 and was approved on September 30, 2009. 10 CIP-003-3 was filed for Commission
approval on December 29, 2009 in Docket No. RD09-7-002 and was approved on March
31, 2010. 11 CIP-003-4 was submitted for Commission approval on February 10, 2011 in
Docket No. RM11-11-000 and was approved on April 19, 2012. 12
In Order No. 706 at paragraph 342 the Commission stated that:
Reliability Standard CIP-003-1 seeks to ensure that each responsible entity
has minimum security management controls in place to protect the critical
cyber assets identified pursuant to CIP-002-1. To achieve this goal, a
responsible entity must develop a cyber security policy that represents
management’s commitment and ability to secure its critical cyber assets. It
also must designate a senior manager to direct the cyber security program
and to approve any exception to the policy.
All outstanding directives in Order No. 706 will be addressed in Version 5 of the CIP
Standards and the retirement of CIP-003-3, -4 R1.2 does not impact a Commission
directive.
Technical Justification
9

Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008)
(“Order No. 706”), order on reh’g, Order No. 706-A, 123 FERC ¶ 61,174 (2008), order on clarification,
Order No. 706-B, 126 FERC ¶ 61,229, order on clarification, Order No. 706-C, 127 FERC ¶ 61,273 (2009).
10
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC
¶ 61,236 (2009) (approving Version 2 of the CIP Reliability Standards).
11
Order on Compliance 130 FERC ¶ 61,271 (2010).
12
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058 (2012).

P81 Project Technical White Paper

The importance of the cyber security policy as representing management’s commitment
and ability to secure critical cyber assets is overshadowed by the rigorous and specific
training, procedural and process related requirements of the CIP Standards. These
trainings, procedures and processes render having the cyber security policy readily
available an unnecessary requirement. In other words, whether CIP personnel are
completing a typical CIP requirement cyber security task or responding to an immediate
situation, they will act via their specific training, processes and procedures and not the
overarching cyber security policy. Stated another way, CIP personnel will act via their
specific training, processes and procedures which reflect the overarching cyber security
policy. Consequently, the cyber security policy’s generalized guidance on compliance
with the CIP requirements is not a document that adds value to personnel protecting the
BES from a cyber attack on a day-to-day basis.
Furthermore, to implement CIP-003-3, -4 R1.2 entities have undertaken a variety of
administrative solutions including kiosks dedicated to computers with the cyber security
policy, posting the policy on the company intranet, having copies available in work
stations, at common area desks in generating stations and substations, etc. Therefore,
although the cyber security policy is readily available for all personnel who have access
to, or are responsible for, Critical Cyber Assets, these personnel are specifically and
appropriately focused on implementing the procedures and processes required by CIP
Reliability Standards such as CIP-007-3 R1, which states as follows:
Test Procedures — The Responsible Entity shall ensure that new Cyber
Assets and significant changes to existing Cyber Assets within the
Electronic Security Perimeter do not adversely affect existing cyber
security controls. For purposes of Standard CIP-007-3, a significant
change shall, at a minimum, include implementation of security patches,
cumulative service packs, vendor releases, and version upgrades of
operating systems, applications, database platforms, or other third-party
software or firmware.
Generally the cyber security policy will cite CIP-007-3 R1 as a requirement, and may
refer to procedures related to CIP-007-3 R1, but will not have, nor is it required to have,
the detail necessary to implement CIP-007-3 R1. In some larger companies, it is also
common to have specific procedures on how to accomplish requirements such as CIP007-3 R1 in a control center versus a generating plant or substation, and it may be
different CIP personnel implementing these procedures in locations many hundreds of
miles, states or Interconnections away from each other. The value of a more general
cyber security policy to these individuals is minimal, at best, and, therefore, does not
support reliability. Also, making it readily available at all office locations is an
unnecessarily burdensome administrative task.
Moreover, to place every procedure and process to comply with CIP in the cyber security
policy is also not practical or effective, because such a large policy will only distract from
CIP personnel being able to specifically focus on the task before them. As already stated,
17

P81 Project Technical White Paper

there are likely some differences between implementing a requirement like CIP-007-1 R1
in a control center that may be located in one state and for generators located several
states and hundreds of miles away. Thus, making the cyber security policy readily
available is an administrative task that does little, if anything, to benefit or protect the
reliable operation of the BES (Criteria A and B1).
In this context, also consider the inefficiencies CIP-003-3, -4 R1.2 may be causing the
ERO compliance program. In companies with hundreds of personnel who have access to,
or are responsible for, Critical Cyber Assets in multiple states and Interconnections, the
ERO may expend a significant amount of time and resources to monitor compliance with
CIP-003-3, -4 R1.2 via a review of kiosks, intranet sites, office cubicles, desks, etc in
multiple locations. Accordingly, considerable efficiency gains will be obtained for the
ERO’s compliance program if CIP-003-3, -4 R1.2 is retired.
Criterion A
Making the cyber security policy readily available is an administrative task that does
little, if anything, to benefit or protect the reliable operation of the BES.
Criteria B
• Criterion B1 (Administrative)
Criteria C
1.
CIP-003-3, -4 R1.2 has been part of a FFT filing. 13
2.

As is the case with all the CIP requirements (other than CIP-001-2a R4) proposed
for retirement in this technical paper, CIP-003-3, -4 R1.2 is part of an on-going
Standards Development Project 2008-06 (Cyber Security) (“CIP V5”). The P81
SDT has coordinated its efforts with the chair of Project 2008-06. There is no
conflict between CIP requirements proposed in this technical white paper for
retirement and the direction of Project 2008-06. The CIP V5 requirements are not
Board of Trustee or Commission approved, and, even if they were, the effective
date of CIP V5 is unknown and likely at least a year, maybe more, into the future.
Thus, unlike the other requirements presented here for informational purposes, it
is appropriate to maintain all the CIP requirements discussed in this technical
paper within the scope of the P81 Project to secure the efficiency gains resulting
to the ERO compliance program from their retirement.

CIP-003-3, -4 R1.2 has a Lower VRF. As explained above, CIP-003-3, -4 R1.2
is not an important part of a scheme of CIP requirements, and, therefore, it is
appropriate to propose it for retirement.

NERC FFT Informational Filing, Docket No. RC12-1-000 (October 31, 2011).

P81 Project Technical White Paper

CIP-003-3,-4 R1.2 is in the second tier of the AML. As explained above, CIP003-3, -4 R1.2 is not an important part of a scheme of CIP requirements, and,
therefore, it is appropriate to propose it for retirement.

Given its administrative nature, CIP-003-3, -4 R1.2 does not negatively impact
NERC’s published and posted reliability principles. The two reliability principles
that appear applicable to CIP-003-3, -4 R1.2 are the following:
Principle 6.

Personnel responsible for planning and operating
interconnected bulk power systems shall be trained,
qualified, and have the responsibility and authority to
implement actions.

Principle 8.

Bulk power systems shall be protected from malicious physical or
cyber attacks.

As stated above, other CIP requirements are replete with the requirements that
CIP personnel implement to protect the BES from cyber attacks.
6.

Retiring CIP-003-3, -4 R1.2 does not negatively impact defense in depth because
no other requirement depends on the cyber security policy being readily available.
Therefore, the removal of CIP-003-3,-4 R1.2 cannot have a negative impact on
defense in depth.

Retirement of CIP-003-3, -4 R1.2 promotes a results-based approach because the
requirement is mechanistic and administrative, and does not provide the
foundation for performing a reliability task.

Accordingly, for the above reasons, it is appropriate to retire CIP-003-3, -4 R1.2.

P81 Project Technical White Paper

R3.2. Documented exceptions to the cyber security policy must include an
explanation as to why the exception is necessary and any compensating
measures.
R3.3. Authorized exceptions to the cyber security policy must be reviewed and
approved annually by the senior manager or delegate(s) to ensure the
exceptions are still required and valid. Such review and approval shall be
documented.
Background/Commission Directives
CIP-003-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 14 CIP-003-2 was filed
for Commission approval on May 22, 2009 in Docket Nos. RM06-22-000 and RD09-7000 and was approved on September 30, 2009. 15 CIP-003-3 was filed for Commission
approval on December 29, 2009 in Docket No. RD09-7-002 and was approved on March
31, 2010. 16 CIP-003-4 was submitted for Commission approval on February 10, 2011 in
Docket No. RM11-11-000 and was approved on April 19, 2012. 17
In Order No. 706 at paragraphs 373 and 376 the Commission stated that:
Requirement R3 provides that a responsible entity must document
exceptions to its policy with documentation and senior management
approval. The Commission is concerned that, if exceptions mount, there
would come a point where the exceptions rather than the rule prevail. In
such a situation, it is questionable whether the responsible entity is
actually implementing a security policy. We therefore believe that the
Regional Entities should perform an oversight role in providing
accountability of a responsible entity that excepts itself from compliance
with the provisions of its cyber security policy. Further, we believe that
such oversight would impose a limited additional burden on a responsible
entity because Requirement R3 currently requires documentation of
exceptions.
Further, the Commission adopts its CIP NOPR proposal and directs the
ERO to clarify that the exceptions mentioned in Requirements R2.3 and
R3 of CIP-003-1 do not except responsible entities from the Requirements
of the CIP Reliability Standards. In response to EEI, we believe that this
14

Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008)
(“Order No. 706”), order on reh’g, Order No. 706-A, 123 FERC ¶ 61,174 (2008), order on clarification,
Order No. 706-B, 126 FERC ¶ 61,229, order on clarification, Order No. 706-C, 127 FERC ¶ 61,273 (2009).
15
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC
¶ 61,236 (2009) (approving Version 2 of the CIP Reliability Standards)).
16
Order on Compliance 130 FERC ¶ 61,271 (2010).
17
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058 (2012).

P81 Project Technical White Paper

clarification is needed because, for example, it is important that a
responsible entity understand that exceptions that individually may be
acceptable must not lead cumulatively to results that undermine
compliance with the Requirements themselves.
All outstanding directives in Order No. 706 will be addressed in Version 5 of the CIP
Standards and the retirement of CIP-003-3, -4 R3, R3.1, R3.2, and R3.3 do not impact a
Commission directive.
Technical Justification
CIP-003-3, -4 R3, R3.1, R3.2, and R3.3 (CIP exception requirements) have proven not to
be useful and have been subject to misinterpretation. For instance, although the CIP
exception requirements have not been available for use to exempt an entity from
compliance with any requirement of any Reliability Standard, based on questions
received by NERC CIP Staff, entities may be interpreting the CIP exception requirements
to allow for such an exemption. The CIP exception requirements only apply to
exceptions to internal corporate policy, and only in cases where the policy exceeds a
Reliability Standard requirement or addresses an issue that is not covered in a Reliability
Standard. For example, if an internal corporate policy statement requires that all
passwords be a minimum of eight characters in length, and be changed every 30 days,
which is over and above what is required in CIP-007-3 R5.3, the CIP exception
requirements could be invoked for internal governance purposes to lessen the corporate
requirement back to the password requirements in CIP-007-3 R5.3, but under no
circumstances do the CIP exception requirements authorize the implementation of
security measures less than what is required in CIP-007-3 R5.3.
The retirement of the CIP exception requirements would not impact an entity’s ability to
maintain such an exception process within their corporate policy governance procedures,
if it so desired. Consequently, the CIP exception requirements were always an internal
administrative and documentation requirement that is outside the scope of the other CIP
requirements (Criteria B1 and B3). In this context, the CIP exception requirements do
not support the level of reliability set forth in the Reliability Standards, and are
unnecessarily burdensome because they have resulted in entities implementing practices
due to a misinterpretation of the requirement that has caused them to allocate time and
resources to tasks that are misaligned with the requirements themselves. Unfortunately,
this misunderstanding has also impacted the efficiency of the ERO compliance program
because of the amount of time and resources needed to clear up the misunderstanding and
coach entities on the meaning of the CIP exception requirements. These inefficiencies
would be eliminated with the retirement of the CIP exception requirements. Accordingly,
as explained, the CIP exception requirements are an administrative tool for internal
corporate governance procedures, and, therefore, are not requirements that are necessary
or directly protect the BES from a cyber attack, the tasks associated with these
requirements do little, if anything, to benefit or protect the reliable operation of the BES.
(Criterion A).

P81 Project Technical White Paper

Criterion A
The CIP exception requirements are a tool for internal corporate governance procedures
and is not a requirement directly protecting the BES from a cyber attack, and, therefore,
the tasks associated with these requirements do little, if anything, to benefit or protect the
reliable operation of the BES.
Criteria B
• Criterion B1 (Administrative)
• Criterion B3 (Documentation)
Criteria C
1.
The CIP exception requirements have been part of a FFT filing. 18
2.

The CIP exception requirements are part of an on-going Standards Development
Project 2008-06 (Cyber Security). As detailed in the discussion of CIP-003-3, -4
R1.2, the P81 SDT has coordinated its efforts with the chair of Project 2008-06
and there is no conflict between the CIP exception requirements proposed in this
technical white paper for retirement and the direction of Project 2008-06.

The CIP exception requirements each have a Lower VRF. As explained above,
they are not an important part of a scheme of CIP requirements, and, therefore, it
is appropriate to propose it for retirement.

The CIP exception requirements are on the third tier of the AML. As explained
above, they are not an important part of a scheme of CIP requirements, and,
therefore, it is appropriate to propose it for retirement.

Given the administrative and unnecessary nature of the CIP exception
requirements in relation to protecting the BES from cyber attacks, retirement does
not pose any negative impact to NERC’s published and posted reliability
principles, of which only Principle 8 appears to apply: “Bulk power systems shall
be protected from malicious physical or cyber attacks.”

Retiring the CIP exception requirements does not negatively impact any defense
in depth strategy because no other requirement depends on it to help cover a
reliability gap or risk to reliability.

Retirement of the CIP exception requirements promotes a results-based approach
because the CIP exception requirements are approaches that entities may
voluntarily take to handle internal corporate governance procedures, and,
therefore, do not provide the foundation for performing a required reliability task.

NERC FFT Informational Filing, Docket No. RC12-7-000 (January 31, 2012); NERC FFT Informational
Filing, Docket No. RC12-6-000 (December 30, 2011).

P81 Project Technical White Paper

Accordingly, for the above reasons, it is appropriate to retire the following CIP exception
requirements: CIP-003-3, -4 R3, R3.1, R3.2, and R3.3.

CIP-003-3, -4 R4.2 - Cyber Security – Security Management Controls
R4.2. The Responsible Entity shall classify information to be protected under this
program based on the sensitivity of the Critical Cyber Asset information.
Background/Commission Directives
CIP-003-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 19 CIP-003-2 was filed
for Commission approval on May 22, 2009 in Docket Nos. RM06-22-000 and RD09-7000 and was approved on September 30, 2009. 20 CIP-003-3 was filed for Commission
approval on December 29, 2009 in Docket No. RD09-7-002 and was approved on March
31, 2010. 21 CIP-003-4 was submitted for Commission approval on February 10, 2011 in
Docket No. RM11-11-000 and was approved on April 19, 2012. 22 In Order No. 706, the
Commission did not specifically address CIP-003-3, -4 R4.2.
All outstanding directives in Order No. 706 will be addressed in Version 5 of the CIP
Standards and the retirement of CIP-003-3, -4 R4.2 does not impact a Commission
directive.
Technical Justification
The task of classifying Critical Cyber Information “based on the sensitivity” does little, if
anything, to benefit or protect the reliable operation of the BES, and is an unnecessarily
administrative and a documentation task that is redundant with CIP-003-3, -4 R4 (Criteria
A, B1, B3 and B7). Specifically, CIP-003-3, -4 R4 23 already requires the classification of
information associated with Critical Cyber Assets. The only difference between R4 and
R4.2 is that the subjective term “based on the sensitivity” has been added, thus, making it
essentially redundant. Further, CIP-003-3, -4 R4 requires the entity to develop
classifications based on a subjective understanding of sensitivity (i.e., no clear connection
to serving reliability), the requirement does not support reliability. In this context,
classifying based on sensitivity becomes an administrative task that becomes necessarily
burdensome, because of all the possible ramifications “based on sensitivity” can produce,
and, therefore, require SMEs to decide on and reduce to writing in a documented
19

Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008)
(“Order No. 706”).
20
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC
¶ 61,236 (2009) (approving Version 2 of the CIP Reliability Standards)).
21
Order on Compliance 130 FERC ¶ 61,271 (2010).
22
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058, (2012).
23
“R4. Information Protection — The Responsible Entity shall implement and document a program to
identify, classify, and protect information associated with Critical Cyber Assets.”

P81 Project Technical White Paper

program. This is time and effort that could be better spent on other CIP activities that
provide value to cyber security and actively protect the BES. For similar reasons, retiring
CIP-003-3, -4 R4.2 and the term “based on sensitivity” would increase the efficiencies of
the ERO compliance program on several levels. The ERO would not spend time and
resources on reviewing whether an entity’s documentation contained classifications
“based on sensitivity,” and, instead would be able to focus its time and resources
monitoring compliance with the entity’s program to identify, classify, and protect
information associated with Critical Cyber Assets (R4), without any distraction on
monitoring the subjective implementation of classifications based on sensitivity (R4.2).
Criterion A
The task of classifying Critical Cyber Information “based on the sensitivity” does little, if
anything, to benefit or protect the reliable operation of the BES, and is an administrative
and a documentation task that is redundant with CIP-003-3, -4 R4.
Criteria B
• Criterion B1 (Administrative)
• Criterion B3 (Documentation)
• Criterion B7 (Redundant)
Criteria C
1.
CIP-003-3, -4 R4.2 has been part of a FFT filing. 24
2.

CIP-003-3, -4 R4.2 is part of an on-going Standards Development Project 200806 (Cyber Security). As detailed in the discussion of CIP-003-3, -4 R1.2, the P81
SDT has coordinated its efforts with the chair of Project 2008-06 and there is no
conflict between retirement of CIP-003-3, -4 R4.2 and the direction of Project
2008-06.
CIP-003-3, -4 R4.2 has a Lower VRF. As explained above, CIP-003-3, -4 R4.2
is not an important part of a scheme of CIP requirements, and, therefore, it is
appropriate to propose it for retirement.

CIP-003-3, -4 R4.2 is on the third tier of the AML. As explained above, CIP-0033, -4 R4.2 is not an important part of a scheme of CIP requirements, and,
therefore, it is appropriate to propose it for retirement.

Given the unnecessary and redundant nature of this requirement, retirement does
not pose any negative impact to NERC’s published and posted reliability principle
No. 8 which appears to apply: “Bulk power systems shall be protected from
malicious physical or cyber attacks.”

NERC FFT Informational Filing, Docket No. RC12-7-000 (January 31, 2012); NERC FFT Informational
Filing, Docket No. RC12-1-000 (October 31, 2011).

P81 Project Technical White Paper

Retirement of CIP-003-3, -4 R4.2 does not negatively impact defense in depth
because no other requirement depends on it to help cover a reliability gap or risk
to reliability.

Retirement of CIP-003-3, -4 R4.2 promotes a results-based approach because
retiring CIP-003-3, -4 R4.2 moves away from prescriptive, checklist of
documentation approach to Reliability Standard requirements.

Accordingly, for the above reasons, it is appropriate to retire CIP-003-3, -4 R4.2.

CIP-005-3a, -4a R2.6 – Cyber Security – Electronic Security Perimeter(s)
R2.6. Appropriate Use Banner -- Where technically feasible, electronic access
control devices shall display an appropriate use banner on the user screen
upon all interactive access attempts. The Responsible Entity shall maintain a
document identifying the content of the banner.
Background/Commission Directives
CIP-005-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 25 CIP-005-2 was filed
for Commission approval on May 22, 2009 in Docket Nos. RD09-7-000 and RM06-22000 and was approved on September 30, 2009. 26 CIP-005-2a was filed for Commission
approval on April 21, 2010 in Docket No. RD10-12-000 and was approved by
unpublished letter order on February 2, 2011. 27 CIP-005-3 was filed for Commission
approval on December 29, 2009 in Docket No. RD09-7-002 and was approved on March
31, 2010. 28 CIP-005-3a was filed for Commission approval on April 21, 2010 in Docket
No. RD10-12-000 and was approved by an unpublished letter order on February 2,
2011. 29 CIP-005-4 was filed for Commission approval on February 10, 2011 in Docket
No. RM11-11-000 and was approved on April 19, 2012 in Order No. 761. 30 CIP-005-4a
was filed for Commission approval as errata to the CIP Version 4 Petition on April 12,

Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008)
(“Order No. 706”).
26
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC
¶ 61,236 (2009) (approving Version 2 of the CIP Reliability Standards)).
27
Letter Order, Petition of the North American Electric Reliability Corporation for Approval of
Interpretation to Reliability Standard CIP-005-1, Cyber Security, Electronic Security Perimeter(s), Section
4.2.2 and Requirement R1.3., Docket RD10-12-000, (February 2, 2011).
28
Order on Compliance 130 FERC ¶ 61,271 (2010).
29
Letter Order, Petition of the North American Electric Reliability Corporation for Approval of
Interpretation to Reliability Standard CIP-005-1, Cyber Security, Electronic Security Perimeter(s), Section
4.2.2 and Requirement R1.3., Docket RD10-12-000, (February 2, 2011).
30
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058 (2012).

P81 Project Technical White Paper

2011 in Docket No. RM11-11-000 and was approved on April 19, 2012 in Order No 761,
the Final Rule on the CIP Version 4 standards. 31
In Order 706 at paragraph 505 the Commission noted that:
Requirement R2 of CIP-005-1 requires a responsible entity to implement
organizational processes and technical and procedural mechanisms for
control of electronic access at all electronic access points to the electronic
security perimeter.
All outstanding directives in Order No. 706 will be addressed in Version 5 of the CIP
Standards and the retirement of CIP-005-3, -4 R2.6 does not impact a Commission
directive.

Technical Justification
The implementation of an appropriate use banner (“banner”) on a user’s screen for all
interactive access attempts into the Electronic Security Perimeter (“ESP”) is an activity or
task that does little, if anything, to benefit or protect the reliable operation of the BES.
Specifically, the banner does not support reliability because people who intend to
inappropriately use sites will simply ignore the banner. (Criterion A). The banner is also
an administrative task since it simply requires a message be displayed on an access
screen. Furthermore, the implementation and administration of a non-beneficial tool,
such as the banner, therefore creates a needlessly burdensome task. As mentioned,
above, the ineffectiveness of the banner also indicates that it does not support reliability.
(Criteria B1 and B3). In addition, banners of this type are generally considered to be a
form of legal protection or mitigation of liability, rather than security protection.
Furthermore, the banner does not ensure a proper or secure access point configuration
which is generally the purpose of CIP-005-3a, -4a. Further, this requirement has also
been the subject of numerous TFEs for devices that cannot support such a banner, and
hence has diverted resources from more productive efforts. Thus, the ERO’s compliance
program would become more efficient if CIP-005-3a, -4a R2.6 was retired, because ERO
time and resources could be reallocated to monitor compliance with the remainder of
CIP-005-3a, -4a, which provides for more effective controls of electronic access at all
electronic access points into the ESP.
Criterion A
The implementation of an appropriate use banner on a user’s screen for all interactive
access attempts into the ESP is an activity or task that does little, if anything, to benefit or
protect reliable operation of the BES, because it is administrative and a static electronic
message that is not an effective deterrent or control against unauthorized access.

Id.

P81 Project Technical White Paper

Criteria B
• Criterion B1 (Administrative)
• Criterion B3 (Documentation)
Criteria C
1.
CIP-005-3a, -4a R2.6 has been part of a FFT filing. 32
2.

CIP-005-3a, -4a R2.6 is part of an on-going Standards Development Project 200806 (Cyber Security). As detailed in the discussion of CIP-003-3, -4 R1.2, the P81
SDT has coordinated its efforts with the chair of Project 2008-06 and there is no
conflict between retirement of CIP-005-3a, -4a R2.6 and the direction of Project
2008-06.

The VRF for CIP-005-3a, -4a R2.6 is Lower. As explained above, CIP-005-3a, 4a R2.6 is not an important part of a scheme of CIP requirements, and, therefore,
it is appropriate to propose it for retirement.

CIP-005-3a, -4a R2.6 is on the first tier of the AML; however, given its clear
ineffective nature the placement on the first tier is not dispositive of whether it
should be retired.

Reliability principle No. 8 – “Bulk power systems shall be protected from
malicious physical or cyber attacks” – is not implicated or negatively impacted by
the retirement of CIP-005-3a, -4a R2.6, because it is not an effective deterrent or
control to unauthorized access into an ESP.

The retirement of this requirement does not negatively impact defense in depth
because no other requirement depends on it to help cover a reliability gap or risk
to reliability. Furthermore, the remainder of CIP-005-3a, -4a provides for actual
controls of electronic access at all electronic access points which addresses the
reliability risk associated with unauthorized access into an ESP.

Its retirement also promotes a results-based approach because CIP-005-3a, -4a
R2.6 is an ineffective administrative task, and, therefore, does not provide the
foundation for performing a reliability task.

Accordingly, for the above reasons, it is appropriate to retire CIP-005-3a, -4a R2.6.

CIP-007-3, -4 R7.3 – Cyber Security – Systems Security Management

NERC FFT Informational Filing, Docket No. RC12-13-000 (June 29, 2012); NERC FFT Informational
Filing, Docket No. RC12-7-000 (January 31, 2012).

P81 Project Technical White Paper

R7.3. The Responsible Entity shall maintain records that such assets were disposed
of or redeployed in accordance with documented procedures.
Background/Commission Directives
CIP-007-1 was filed for Commission approval on August 28, 2006 in Docket No. RM0616-000 and was approved on January 18, 2008 in Order No. 706. 33 CIP-007-2 was filed
for Commission approval on May 22, 2009 in Docket Nos. RM06-22-000 and RD09-7000 and was approved on September 30, 2009. 34 CIP-007-2a was filed for Commission
approval on November 17, 2009 in Docket No. RD10-3-000 and was approved on March
18, 2010. 35 CIP-007-3 was filed for Commission approval on December 29, 2009 in
Docket No. RD09-7-002 and was approved on March 31, 2010. 36 CIP-007-4 was filed
for Commission approval on February 10, 2011 in Docket No. RM11-11-000 and was
approved on April 19, 2012. 37
In Order No. 706 at paragraph 631 the Commission stated that:
Requirement R7 of CIP-007-1 requires the responsible entity to establish
formal methods, processes and procedures for disposal or redeployment of
cyber assets. In the CIP NOPR, the Commission addressed the concern
that solely to “erase the data,” as stated several times in Requirement R7,
may not be adequate because technology exists that allows retrieval of
“erased” data from storage devices, and that effective protection requires
discarded or redeployed assets to undergo high quality degaussing. We
noted that erasure is as much a method as it is a goal, and that the
requirement ultimately needs to assure that there is no opportunity for
unauthorized retrieval of data from a cyber asset prior to discarding it or
redeploying it. Degaussing is not the sole means for achieving this goal.
The Commission therefore proposed to direct the ERO to modify
Requirement R7 to clarify this point. (Footnote omitted)
This Commission directive is unaffected by the retirement of CIP-007-3,-4 R7.3 as
explained below.
Technical Justification
Outside the context of a Reliability Standard, under Section 400 of the NERC Rules of
Procedure, NERC and the Regional Entities have the authority to require an entity to

Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 (2008)
(“Order No. 706”).
34
Order Approving Revised Reliability Standard for Critical Infrastructure Protection and Requiring
Compliance Filing, 128 FERC ¶ 61,291 (2009), order denying reh’g and granting clarification, 129 FERC
¶ 61,236 (2009) (approving Version 2 of the CIP Reliability Standards)).
35
Order Approving Reliability Standard Interpretation, 130 FERC ¶ 61,184 (2010).
36
Order on Compliance 130 FERC ¶ 61,271 (2010).
37
Version 4 Critical Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058 (2012).

P81 Project Technical White Paper

submit data and information for purposes of monitoring compliance. 38 CIP-007-3, -4
R7.3 requires the maintaining of records for the purpose of demonstrating compliance
with disposing of or redeploying of Cyber Assets in accordance with documented
procedures. NERC and the Regions Entities, however, under Section 400 already have
the ability to require the production of records to demonstrate compliance, thus it is
unnecessary to also state the same in CIP-007-3, -4 R7.3. The maintaining of records is
an administrative task, not a task directly related to the protection of the BES from a
cyber attack. The maintaining of records is not a task that by itself, or in conjunction
with other requirements, supports reliability. Also, the maintaining of the records
becomes unnecessarily burdensome in that it requires all records be maintained, which
may or may not be necessary to demonstrate compliance via the production of
information under Section 400. (Criteria B1 and B2). As mentioned, CIP-007-3, -4 R7.3
does not promote reliability because it does not protect the BES from a cyber attack,
instead it is a record retention activity. Therefore, CIP-007-3, -4 R7.3 requires an activity
or task that in and of itself, does little, if anything, to benefit or protect the reliable
operation of the BES. (Criteria A).
In contrast, the remaining substantive requirements in R7 read as follows:
R7. Disposal or Redeployment — The Responsible Entity shall establish
and implement formal methods, processes, and procedures for disposal or
redeployment of Cyber Assets within the Electronic Security Perimeter(s)
as identified and documented in Standard CIP-005-3.
R7.1. Prior to the disposal of such assets, the Responsible Entity shall
destroy or erase the data storage media to prevent unauthorized retrieval of
sensitive cyber security or reliability data.
R7.2. Prior to redeployment of such assets, the Responsible Entity shall, at
a minimum, erase the data storage media to prevent unauthorized retrieval
of sensitive cyber security or reliability data.
An entity’s following of these requirements may help to protect BES reliability, but the
retention of evidence associated with these requirements does not. Hypothetically, an
entity could perform R7, R7.1 and R7.2 flawlessly and protect the BES, but not have any
record of it. While this situation may impact a demonstration of compliance, the lack of
38

Section 401 of NERC’s Rules of Procedure provide for collection of data and information necessary to
monitor compliance outside the context of Reliability Standards:
Data Access — All Bulk Power System owners, operators, and users shall provide to
NERC and the applicable Regional Entity such information as is necessary to monitor
compliance with the Reliability Standards. NERC and the applicable Regional Entity will
define the data retention and reporting requirements in the Reliability Standards and
compliance reporting procedures. (emphasis added).

P81 Project Technical White Paper

records does not necessarily directly impact the reliability of the BES or protect it from a
cyber attack.
Also, there are some inherent inefficiencies resulting from a small number of Reliability
Standard requirements explicitly mandating the collection of data, evidence and records,
while most data and information is collected for ERO compliance monitoring purposes
without specific data collection language in the Reliability Standards. In this regard, for
the ERO, Regional Entities and the entities, Reliability Standards are arguably more
difficult to understand because of this inconsistent approach (typically only implicitly
requiring documentation as a part of an obligation to prove compliance, but occasionally
explicitly requiring it with no discernible pattern or rationale).
Criterion A
CIP-007-3, -4 R7.3 does not promote reliability because it does not protect the BES from
a cyber attack, instead it is a record retention activity. Therefore, CIP-007-3, -4 R7.3
requires an activity or task that in and of itself, does little, if anything, to benefit or
protect the reliable operation of the BES.

Criteria B
• Criterion B1 (Administrative)
• Criterion B2 (Data Collection/Data Retention)
Criteria C
1.
CIP-007-3, -4 R7.3 has not been part of a FFT filing.
2.

CIP-007-3, -4 R7.3 is part of an on-going Standards Development Project 200806 (Cyber Security). As detailed in the discussion of CIP-003-3, -4 R1.2, the P81
SDT has coordinated its efforts with the chair of Project 2008-06 and there is no
conflict between retirement of CIP-007-3, -4 R7.3 and the direction of Project
2008-06.

The VRF for CIP-007-3, -4 R7.3 is Lower. As explained above, CIP-007-3, -4
R7.3 is not an important part of a scheme of CIP requirements, and, therefore, it is
appropriate to propose it for retirement.

CIP-007-3, -4 R7.3 is on the first tier of the AML; however, given that it is simply
requiring the retention of records the fact that is on the first tier is not dispositive
of whether it should be retired.

Given the administrative, data collection nature of this requirement, retirement
does not pose any negative impact to NERC’s published and posted reliability
principle No. 8: “Bulk power systems shall be protected from malicious physical
or cyber attacks.”

P81 Project Technical White Paper

The retirement does not negatively impact defense in depth because data retention
in-and-of-itself is not an activity that other requirements depend on to help cover
a reliability gap or risk to reliability.

Its retirement promotes a results-based approach because the data
collection/retention does not provide the foundation for performing a reliability
task.

Accordingly, for the above reasons, it is appropriate to retire CIP-007-3, -4 R7.3.

EOP-005-2 R3.1– System Restoration from Blackstart Resources
R3.1. If there are no changes to the previously submitted restoration plan, the
Transmission Operator shall confirm annually on a predetermined schedule to
its Reliability Coordinator that it has reviewed its restoration plan and no
changes were necessary.
Background/Commission Directives
EOP-005-1 was submitted for Commission approval on August 28, 2006 in Docket No.
RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 39 EOP-005-2
was submitted for Commission approval on December 31, 2009 in Docket No. RM10-16000 and was approved on March 17, 2011 in Order No. 749. 40 Although the Commission
did not address EOP-005-2 R3 directly in Order No. 749, it stated at paragraph 17 the
following:
EOP-005-2 and EOP-006-2 clarify the responsibilities of the reliability
coordinator and transmission operator in the restoration process and
restoration planning and address the Commission’s directives in Order No.
693 related to the EOP Standards. By enhancing the rigor of the
restoration planning process, the Reliability Standards represent an
improvement from the current Standards and will improve the reliability
of the Bulk-Power System. The Commission is not directing any
modifications to the three new Reliability Standards. Nevertheless, as
discussed below, commenters raised several issues for consideration, at
the time these standards are next revisited, which we believe could
improve these new Reliability Standards

Mandatory Reliability Standards for the Bulk-Power System, Order No. 693, FERC Stats. & Regs. ¶
31,242 (2007).
40
System Restoration Reliability Standards, 134 FERC ¶ 61,215, (March 17, 2011) (“Order No. 749”),
order on clarification, 136 FERC ¶ 61,030 (“Order No. 749-A”) (2011).

P81 Project Technical White Paper

There are no outstanding Commission directives that are affected by the proposed
retirement of EOP-005-2 R3.1.

Technical Justification
The reliability purpose of EOP-005-2 is to ensure that plans, Facilities, and personnel are
prepared to enable System restoration from Blackstart Resources to assure that reliability
is maintained during restoration and priority is placed on restoring the Interconnection.
This reliability purpose is unaffected by the proposed retirement of R3.1.
A review of EOP-005-2 R3.1 indicates that this requirement is redundant with EOP-0052 R3 and a duplicative administrative update that does little, if anything, to benefit or
protect the reliable operation of the BES. (Criteria A, B1, B5 and B7). The primary
reason EOP-005-2 R3.1 is unnecessary is that EOP-005-2 R3 already requires the
Transmission Operator to submit its restoration plan to its Reliability Coordinator
whether or not the plan includes changes. EOP-005-2 R3 reads:
Each Transmission Operator shall review its restoration plan and submit it
to its Reliability Coordinator annually on a mutually agreed predetermined
schedule.
Consequently, since R3 requires the Transmission Operator to submit its restoration plan
to the Reliability Coordinator whether or not there has been a change, R3.1 only adds a
separate, duplicative administrative burden for the entity to also confirm that there were
no changes based upon another pre-determined schedule. While R3.1 may have
attempted to capture the likelihood that unless there have been significant changes to the
entity’s BES, there would be no change to the restoration plan, this is an insufficient
reason to impose a needlessly burdensome, duplicative administrative requirement
relative to the language in R3. EOP-005-2 R3.1 is also clearly needlessly burdensome if
one considers that the time and resources of Transmission Operators is better spent
reliably operating the BES, rather than submitting paperwork to a Reliability Coordinator
on possibly two different pre-determined schedules – one for changes and one for no
changes. For these reasons, there is no reliability gap resulting from the retirement of
EOP-005-2 R3.1 because Transmission Operators already have an obligation to review
and provide its restoration plan annually on a mutually agreed predetermined schedule to
its Reliability Coordinator. It could also be argued that a reason for both R3 and R3.1 is
for the Reliability Coordinator to organize the Transmission Operator submittals into
changes versus no changes. However, with the requirement to annually review
restoration plans comes the need to demonstrate and track annual reviews via the revision
history index, for example, which quickly shows the Reliability Coordinator when
changes have and have not occurred.
The retirement of EOP-005-2 R3.1 would also increase the efficiencies of the ERO
compliance program because the ERO would be able to focus its time and resources on
R3 which already captures R3.1 and not be concerned with tracking the submission of
32

P81 Project Technical White Paper

restoration plans on multiple pre-determined schedules, some with changes and some
without changes. Instead, the focus of the ERO compliance program would be on
whether the Transmission Operators annually submitted its restoration plan to its
Reliability Coordinator on one pre-determined schedule. Thus, the retirement of EOP005-2 R3.1 appears to benefit the ERO compliance program.
Criterion A
EOP-005-2 R3.1 is redundant and a duplicative administrative update that does little, if
anything, to benefit or protect the reliable operation of the BES.
Criteria B
• Criterion B1 (Administrative)
• Criterion B5 (Periodic Updates)
• Criterion B7 (Redundant)
Criteria C
1.
EOP-005-2 R3.1 has not been part of a FFT filing.
2.

EOP-005-2 R3.1 is not part of an on-going Standards Development Project.

EOP-005-2 R3.1 does not yet have a FERC-approved VRF.

EOP-005-2 R3.1 is on the second tier of the AML; however, the duplicative
nature of R3 and R3.1 discounts any indication that R3.1 being in the second tier
is a reason not to proceed with its retirement.

Since EOP-005-2 R3 already requires the Transmission Operator to submit its
restoration plan to its Reliability Coordinator whether or not the plan includes
changes, retirement of EOP-005-2 R3.1 does not pose any negative impact to the
following of NERC’s published and posted reliability principles that appear to
apply:
Principle 1.

Interconnected bulk power systems shall be planned and operated
in a coordinated manner to perform reliably under normal and
abnormal conditions as defined in the NERC Standards.

Principle 3.

Information necessary for the planning and operation of
interconnected bulk power systems shall be made available to
those entities responsible for planning and operating the systems
reliably.

Principle 4.

Plans for emergency operation and system restoration of
interconnected bulk power systems shall be developed,
coordinated, maintained, and implemented.

P81 Project Technical White Paper

Retirement of EOP-005-2 R3.1 does not negatively impact defense in depth
because no other requirement depends on it to help cover a reliability gap or risk
to reliability.

The retirement of EOP-005-2 R3.1 promotes a results-based approach because the
requirement is administrative and unnecessary, and, therefore, does not provide
the foundation for performing a reliability task.

Accordingly, for the above reasons, it is appropriate to retire EOP-005-2 R3.1.

FAC-002-1 R2 – Coordination of Plans for New Facilities
R2.

The Planning Authority, Transmission Planner, Generator Owner,
Transmission Owner, Load-Serving Entity, and Distribution Provider shall
each retain its documentation (of its evaluation of the reliability impact of the
new facilities and their connections on the interconnected transmission
systems) for three years and shall provide the documentation to the Regional
Reliability Organization(s) and NERC on request (within 30 calendar days).

Mandatory Reliability Standards for the Bulk-Power System, 72 FR 16416 (Apr. 4, 2007), FERC Stats. &
Regs. ¶ 31,242 (2007). (“Order No. 693”), order on reh’g, Order No. 693-A, 120 FERC ¶ 61,053 (2007).
42
NERC Petition for Approval of Proposed Modifications to Reliability Standards BAL-002-1; EOP-0023; FAC-002-1; MOD-021-2; PRC-004-2; and VAR-001-2 RD10-15-000 (January 10, 2011).
43
North American Electric Reliability Corporation, 134 FERC ¶ 61,015 (2011).

P81 Project Technical White Paper

provide documentation sufficient to demonstrate compliance. In this regard, entities
already have the obligation to produce the same information required in R2 to
demonstrate compliance to R1 and its sub-requirements, thus making R2 unnecessary.
To have a Reliability Standard requirement that is setting forth a data retention
requirement and a requirement for the entity to deliver, upon request, that data to NERC
or a Regional Entity is unnecessary and also repetitive with the NERC Rules of
Procedure. Accordingly, retiring FAC-002-1 R2 presents no gap to reliability or to the
information NERC and the Regional Entity need to monitor compliance. Thus, FAC002-1 R2 is not necessary to support reliability. Consequently, a review of R2 indicates
that it is an administrative and data collection requirement that that does little, if
anything, to benefit or protect the reliable operation of the BES. (Criteria A, B1 and B2).
The compilation of three years of data is a burdensome task, particularly when one
considers the resources and time spent on stockpiling this information is better spent
coordinating the studies, executing an interconnection agreement and ensuring that
interconnections are safely and reliably energized, maintained and operated. Also, there
are some inherent inefficiencies that result from a small number of requirements, such as
CIP-007-3, -4 R7.3 and FAC-002-1 R2 being data, evidence and record retention
requirements, while there are other and more appropriate established methods to collect
and review the data than a Reliability Standard via Rules of Procedure Section 401. In
this regard, for the ERO, Regional Entities and the entities, arguably Reliability
Standards are more difficult to understand because of this inconsistent approach
(typically only implicitly requiring documentation as a part of an obligation to prove
compliance, but occasionally explicitly requiring it with no discernible pattern or
rationale).
Criterion A
A review of FAC-002-1 R2 indicates that it is an administrative and data collection
requirement that does little, if anything, to benefit or protect reliable operation of the
BES.
Criteria B
• Criterion B1 (Administrative)
• Criterion B2 (Data Collection/Data Retention)
Criteria C
1.
FAC-002-1 R2 has not been part of a FFT filing.
2.

FAC-002-1 R2 is subject to a future Project 2010-02 Connecting New Facilities to
the Grid (a review of FAC-001 and FAC-002) that is scheduled to begin in the
second quarter of 2015. It seems appropriate to retire FAC-002-1 R2 at this time
as it may also make the review of FAC-001 and FAC-002 more effective and
efficient.

FAC-002-1 R2 has a Lower VRF.

P81 Project Technical White Paper

FAC-002-1 R2 is in the third tier of the AML.

The retirement of FAC-002-1 R2 does not pose any negative impact to NERC’s
published and posted reliability principles, since there are no directly applicable
reliability principles.

The retirement does not negatively impact defense in depth because the
compilation of studies for three years has no operational or planning relationship
with any other requirement.

The retirement of FAC-002-1 R2 promotes a results-based approach since the
requirement is administrative and data collection, and, therefore, does not provide
the foundation for performing a reliability task.

Accordingly, for the above reasons, it is appropriate to retire FAC-002-1 R2.

FAC-008-1 R2; FAC-008-1 R3; 44 - Facility Ratings Methodology
R2.

The Transmission Owner and Generator Owner shall each make its Facility
Ratings Methodology available for inspection and technical review by those
Reliability Coordinators, Transmission Operators, Transmission Planners, and
Planning Authorities that have responsibility for the area in which the
associated Facilities are located, within 15 business days of receipt of a
request.

R3.

Background/Commission Directives
FAC-008-1 was submitted for Commission approval on April 4, 2006 in Docket No.
RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 45
44

Unlike the other requirements presented for informational purposes only, FAC-008-1 R2 and FAC-0081 R3 have been maintained within the scope of P81 given that they are essentially identical to FAC-008-3
R4 and FAC-008-3 R5. Inclusion would also appear to be consistent with increasing ERO compliance
program efficiencies. FAC-008-1 R2 and FAC-008-1 R3 became inactive on December 31, 2012, due to
FAC-008-3 becoming enforceable on January 1, 2013.
45
Mandatory Reliability Standards for the Bulk-Power System, 72 FR 16416 (Apr. 4, 2007), FERC Stats. &
Regs. ¶ 31,242 (2007). (“Order No. 693”), order on reh’g, Order No. 693-A, 120 FERC ¶ 61,053 (2007).

P81 Project Technical White Paper

There are no outstanding Commission directives that are affected by the proposed
retirement of FAC-008-1 R2 and R3.

Technical Justification
FAC-008-1 R2 and R3 require that a Transmission Owner and Generator Owner must
make its facilities ratings methodology available for inspection and technical review by
Reliability Coordinators, Transmission Operators, Transmission Planners, and Planning
Authorities that have responsibility for the area in which the associated facilities are
located and also require them to respond to any comments received including whether a
change will be made to the facility ratings methodology. The retirement of FAC-008-1
R2 and R3 does not create a reliability gap, because Transmission Owners and Generator
Owners must comply with the substantive requirements of FAC-008-1 regarding their
facility rating methodologies whether or not the exchange envisioned by FAC-008-1 R2
and R3 occurs. Furthermore, neither FAC-008-1 R2 and R3 require that the
Transmission Owner and Generator Owner change its methodology, rather FAC-008-1
R2 and R3 are designed as an exchange of comments that may be an avenue to advance
commercial interests.
For example, if a Generator Owner’s methodology provides for derating its generator
step up (“GSU”) transformers below the nameplate in an effort to extend the life of its
GSUs, that is a commercial decision it has made, and should not be subject to review by a
Reliability Coordinator, Transmission Operator, Transmission Planner, and Planning
Authority, some of which may have affiliated parts of their company that could benefit
from the Generator Owner changing its methodology and operating its GSUs at
nameplate. In contrast, the reliability objective that facility ratings produced by the
methodologies of the Transmission Owner or Generator Owner shall equal the most
limiting applicable equipment rating, and consider, for example, emergency and normal
conditions, operating conditions, nameplate ratings, etc. is not significantly or
substantively advanced by FAC-008-1 R2 (available for inspection) and R3 (comment
and responsive comments). Furthermore, the reliability objective that facility ratings
produced by the methodologies of the Transmission Owner or Generator Owner are
provided to the reliability entities for the establishment of System Operating Limits
(“SOLs”), Interconnection Reliability Operating Limits (“IROLs”), calculations for MOD
requirements and compliance with the TPL Standards is accomplished without FAC-0081 R2 (available for inspection) and R3 (comment and responsive comments). 46
Accordingly, the requirements in FAC-008-1 R2 and FAC-008-1 R3 to make the facility
ratings methodology available for comment (and if comments are received to respond to
those comments) is an administrative task that does little, if anything, to benefit or protect
46

See MOD-001-1a R9, MOD-028-1 R2.3; MOD-029-1a R2.1; MOD-030-02 R3.1, PRC-023-2,
Attachment A 2.7; TPL-001-0.1 Footnote a; TPL-002-1b, footnotes a and b; TPL-003-0a, footnote a and
TPL-004-0, footnote a. Also, via FAC-011-2 the System Operating Limits methodology of Reliability
Coordinator may also use facility ratings as a key element.

P81 Project Technical White Paper

the reliable operation of the BES, and has the potential to implicate commercially
sensitive issues. (Criteria A, B1, B4 and B6). In this context, it would seem
unnecessarily burdensome to engage in the exchange of comments, given there is no
nexus between the exchange of comments and compliance with the substantive
requirements of FAC-008-1. Instead of spending time and resources on FAC-008-1 R2
and R3, Generator Owners’ and Transmission Owners’ time and resources would be
better spent complying with the substantive requirements of FAC-008-1. For these same
reasons, the ERO compliance program would gain efficiencies by no longer having to
track whether requests for technical review had occurred, comments provided and
reallocate time and resources to monitoring the Transmission Owner’s or Generator
Owner’s adherence to substantive requirements of FAC-008-1.
Criterion A
The requirements in FAC-008-1 R2 and R3 to make the facility ratings methodology
available for comment (and if comments are received to respond to those comments) is an
administrative task that does little, if anything, to benefit or protect the reliable operation
of the BES, and has the potential to implicate commercially sensitive issues.
Criteria B
• Criterion B1 (Administrative)
• Criterion B4 (Reporting)
• Criterion B6 (Commercial or Business Practice)
Criteria C
1.
FAC-008-1 R2 and R3 have not been part of a FFT filing.
2.

FAC-008-1 R2 and R3 are not subject to an on-going Standards Development
Project.

FAC-008-1 R2 and R3 have a Lower VRF.

FAC-008-1 R2 and R3 are in the third tier of the AML.

The retirement of FAC-008-1 R2 and R3 does not pose any negative impact to the
following applicable NERC’s published and posted reliability principles:
Principle 1.

Interconnected bulk power systems shall be planned and
operated in a coordinated manner to perform reliably under
normal and abnormal conditions as defined in the NERC
Standards.

Principle 3.

Information necessary for the planning and operation of
interconnected bulk power systems shall be made available
to those entities responsible for planning and operating the
systems reliably.
38

P81 Project Technical White Paper

It is the adherence to the substantive requirements of FAC-008-1 that promotes
these posted reliability principles, and not receiving comments on the facility
ratings methodology from outside entities and then responding to those
comments.
6.

Retirement of FAC-008-1 R2 and R3, does not negatively impact defense in depth
because no other requirement depends on it to help cover a reliability gap or risk
to reliability. These requirements may invite entities to engage in an exchange or
debate over commercially sensitive information.

The retirement of FAC-008-1 R2 and R3 promotes a results-based approach
because the requirements do not require the performance of a reliability task.

Accordingly, for the above reasons, it is appropriate to retire FAC-008-1 R2 and R3.

FAC-008-3 R4; FAC-008-3 R5 – Facility Ratings
R4.

Each Transmission Owner shall make its Facility Ratings methodology and
each Generator Owner shall each make its documentation for determining its
Facility Ratings and its Facility Ratings methodology available for inspection
and technical review by those Reliability Coordinators, Transmission
Operators, Transmission Planners and Planning Coordinators that have
responsibility for the area in which the associated Facilities are located, within
21 calendar days of receipt of a request.

R5.

P81 Project Technical White Paper

693. NERC’s proposed FAC-008-2 Reliability Standard was not filed with FERC for
approval, but instead was revisited by the standard drafting team so that the third Order
No. 693 directive could be addressed in response to FERC’s March 18, 2010 Order…” 48
FAC-008-3 was submitted for Commission approval on June 15, 2011 in Docket No.
RD11-10-000 and was approved on November 17, 2011. 49
There are no outstanding Commission directives that are affected by the proposed
retirement of FAC-008-3 R4 and R5.
Technical Justification
FAC-008-3 R4 and R5 require that a Transmission Owner and Generator Owner must
make its facilities ratings methodology available for inspection and technical review by
Reliability Coordinators, Transmission Operators, Transmission Planners, and Planning
Authorities that have responsibility for the area in which the associated facilities are
located and also require them to respond to any comments received including whether a
change will be made to the facility ratings methodology. The retirement of FAC-008-3
R4 and R5 does not create a reliability gap, because Transmission Owners and Generator
Owners must comply with the substantive requirements of FAC-008-3 regarding their
facility rating methodologies whether or not the exchange envisioned by FAC-008-3 R4
and R5 occurs. Further, neither FAC-008-3 R4 nor R5 require that the Transmission
Owner and Generator Owner change its methodology, rather FAC-008-3 R4 and R5 are
designed as an exchange of comments that may be an avenue to advance commercial
interests.
For example, if a Generator Owner’s methodology provides for derating its GSU
transformers below the nameplate in an effort to extend the life of its GSUs, that is a
commercial decision it has made, and should not be subject to review by a Reliability
Coordinator, Transmission Operator, Transmission Planner, and Planning Authority,
some of which may have affiliated parts of their company that could benefit from the
Generator Owner changing its methodology and operating its GSUs at nameplate. In
contrast, the reliability objective that facility ratings produced by the methodologies of
the Transmission Owner or Generator Owner shall equal the most limiting applicable
equipment rating, and consider, for example, emergency and normal conditions, historical
performance, nameplate ratings, etc. is not significantly or substantively advanced by
FAC-008-3 R4 (available for inspection) and R5 (comment and responsive comments).
Furthermore, the reliability objective that facility ratings produced by the methodologies
of the Transmission Owner or Generator Owner are provided to the reliability entities for
the establishment of SOLs, IROLs, calculations for MOD requirements and compliance
with the TPL Standards is accomplished without FAC-008-3 R4 (available for
inspection) and R5 (comment and responsive comments). 50 Accordingly, the
48

Petition of the North American Electric Reliability Corporation for Approval of Proposed Reliability
Standard FAC-008-3 — Facility Ratings, Docket No. RD11-10-000, (June 15, 2011).
49
Order Approving Reliability Standard, 137 FERC ¶ 61,123 (2011).
50
See MOD-001-1a R9, MOD-028-1 R2.3; MOD-029-1a R2.1; MOD-030-2 R3.1, PRC-023-2, Attachment
A 2.7; TPL-001-0.1 Footnote a; TPL-002-1b, footnotes a and b; TPL-003-0a, footnote a and TPL-004-0,

P81 Project Technical White Paper

requirements in FAC-008-3 R4 and R5 to make the facility ratings methodology available
for comment (and if comments are received to respond to those comments) is an
administrative task that does little, if anything, to benefit or protect the reliable operation
of the BES, and has the potential to implicate commercially sensitive issues. (Criteria A,
B1, B4 and B6). In this context, it would seem unnecessarily burdensome to engage in
the exchange of comments, given there is no nexus between the exchange and
compliance with the substantive requirements of FAC-008-3. Instead of spending time
and resources on FAC-008-3 R4 and R5, Generator Owners’ and Transmission Owners’
time and resources would be better spent complying with the substantive requirements of
FAC-008-3. For these same reasons, the ERO compliance program would gain
efficiencies by no longer having to track whether requests for technical review had
occurred, comments provided and reallocate time and resources to monitoring the
Transmission Owner’s or Generator Owner’s adherence to substantive requirements of
FAC-008-3.
Criterion A
The requirements in FAC-008-3 R4 and R5 to make the facility ratings methodology
available for comment (and if comments are received to respond to those comments) is an
administrative task that does little, if anything, to benefit or protect the reliable operation
of the BES, and has the potential to implicate commercially sensitive issues.
Criteria B
• Criterion B1 (Administrative)
• Criterion B4 (Reporting)
• Criterion B6 (Commercial or Business Practice)
Criteria C
1.
FAC-008-3 R4 and R5 have not been part of a FFT filing.
2.

FAC-008-3 R4 and R5 are not subject to an on-going Standards Development
Project.

FAC-008-3 R4 and R5 have a Lower VRF.

FAC-008-3 R4 and R5 are in the third tier of the AML.

The retirement of FAC-008-3 R4 and R5 does not pose any negative impact to the
following applicable NERC’s published and posted reliability principles:
Principle 1.

Interconnected bulk power systems shall be planned and
operated in a coordinated manner to perform reliably under

footnote a. Also, via FAC-011-2 the System Operating Limits methodology of Reliability Coordinator may
also use facility ratings as a key element. Also, FAC-008-3 R7 and R8 require the transmission of facility
ratings to reliability entities.

P81 Project Technical White Paper

normal and abnormal conditions as defined in the NERC
Standards.
Principle 3.

Information necessary for the planning and operation of
interconnected bulk power systems shall be made available
to those entities responsible for planning and operating the
systems reliably.

It is the adherence to the substantive requirements of FAC-008-3 that promotes
these posted reliability principles, and not receiving comments on the facility
ratings methodology from outside entities and then responding to those
comments.
6.

Retirement of FAC-008-3 R4 and R5, does not negatively impact defense in depth
because no other requirement depends on it to help cover a reliability gap or risk
to reliability. These may invite entities to engage in an exchange or debate over
commercially sensitive information.

The retirement of FAC-008-3 R4 and R5 promotes a results-based approach
because the requirements do not require the performance of a reliability task.

Accordingly, for the above reasons, it is appropriate to retire FAC-008-3 R4 and R5.

**FAC-010-2.1 R5 – System Operating Limits Methodology for the
Planning Horizon
R5.

If a recipient of the SOL Methodology provides documented technical
comments on the methodology, the Planning Authority shall provide a
documented response to that recipient within 45 calendar days of receipt of
those comments. The response shall indicate whether a change will be made
to the SOL Methodology and, if no change will be made to that SOL
Methodology, the reason why.

P81 Project Technical White Paper

and was approved on April 19, 2010. 53 In Order No. 722, 54 the Commission approved
FAC-010-2.1 R5 without specifically addressing R5.
There are no outstanding Commission directives with respect to this R5.
Technical Justification
The reliability purpose of FAC-010-2.1, to ensure that System Operating Limits used in
the reliable planning of the BES are determined based on an established methodology, is
unaffected by the proposed retirement of R5. FAC-010-2.1 R5 requires that when a
Planning Authority receives comments on its SOL methodology, it must respond and
indicate whether it has changed its methodology. The retirement of FAC-010-2.1 R5
does not create a reliability gap, because the Planning Authority must comply with the
substantive requirements of FAC-010-2.1 whether or not the exchange envisioned by
FAC-010-2.1 R5 occurs. FAC-010-2.1 R5 may support an avenue to advance
commercial interests.
For example, if a Transmission Operator or Transmission Planner is also a Transmission
Owner it may have a commercial interest in lowering SOLs on its transmission lines in an
effort to extend the life of its equipment and, therefore, challenge the Planning
Authority’s methodology to reduce its SOLs. The Transmission Owner’s interests are
better considered in the context of its development of a facility ratings methodology
under FAC-008-1, -3 than the Planning Authority’s methodology. FAC-010-2.1 R5,
however, is an invitation to advance commercial interests not through established means,
but by challenging the Planning Authority’s SOL methodology. Accordingly, FAC-0102.1 R5 sets forth an administrative task that does little, if anything, to benefit or protect
the reliable operation of the BES, and has the potential to implicate commercially
sensitive issues. (Criteria A, B1, B4 and B6). In this context, it would seem
unnecessarily burdensome to engage in the exchange of comments, given there is no
nexus between the exchange and compliance with the substantive requirements of FAC010-2.1. Instead of spending time and resources on FAC-010-2.1, a Planning Authority’s
time and resources would be better spent complying with the substantive requirements of
FAC-010-2.1. For these same reasons, the ERO compliance program would gain
efficiencies by no longer having to track whether requests for technical review had
occurred, comments provided and reallocate time and resources to monitoring the
Planning Authority’s adherence to substantive requirements of FAC-010-2.1.
Criterion A
The requirement in FAC-010-2.1 R5 to respond to comments on the SOL methodology is
an administrative task that does little, if anything, to benefit or protect the reliable
operation of the BES.
53

Letter Order, Electric Reliability Organization Errata Petition Updating Accepted Transmission
Operations Reliability Standards, Docket No. RD10-9-000 (April 19, 2010).
54
Version Two Facilities Design, Connections and Maintenance Reliability Standards 125 FERC ¶ 61,040
(2009).

P81 Project Technical White Paper

Criteria B
• Criterion B1 (Administrative)
• Criterion B4 (Reporting)
• Criterion B6 (Commercial or Business Practice)
Criteria C
1.
FAC-010-2.1 R5 has not been part of a FFT filing.
2.

FAC-010-2.1 R5 is subject to future Standards Development Project 2012-11
FAC Review, which is a placeholder for the five year review of FAC-010 and
FAC-011. Thus, it is appropriate to process the retirement of this requirement as
part of the P81 Project.

FAC-010-2.1 R5 has a Lower VRF.

FAC-010-2.1 R5 is not on the AML.

The retirement of this requirement does not pose any negative impact to NERC’s
published and posted reliability principles No. 1 or No. 3.
Principle 1.

Interconnected bulk power systems shall be planned and
operated in a coordinated manner to perform reliably under
normal and abnormal conditions as defined in the NERC
Standards.

Principle 3.

Information necessary for the planning and operation of
interconnected bulk power systems shall be made available
to those entities responsible for planning and operating the
systems reliably.

It is the adherence to the substantive requirements of FAC-010-2.1 that promotes
these posted reliability principles, and not receiving comments on the facility
ratings methodology from outside entities and then responding to those
comments.
6.

The retirement of this requirement does not negatively impact defense in depth
because no other requirement depends on it to help cover a reliability gap or risk
to reliability.

The retirement of FAC-010-2.1 R5 also promotes a results-based approach
because the requirements have no direct nexus to the performance of a reliability
task.

P81 Project Technical White Paper

Accordingly, for the above reasons, it is appropriate to retire FAC-010-2.1 R5.

**FAC-011-2 R5– System Operating Limits Methodology for the
Operations Horizon
R5.

If a recipient of the SOL Methodology provides documented technical
comments on the methodology, the Reliability Coordinator shall provide a
documented response to that recipient within 45 calendar days of receipt of
those comments. The response shall indicate whether a change will be made
to the SOL Methodology and, if no change will be made to that SOL
Methodology, the reason why.

Background/Commission Directives
FAC-011-1 was filed for Commission approval on November 15, 2006 in Docket Nos.
RM06-16-000 and RM07-3-000 and was approved on December 27, 2007 in Order No.
705. 55 FAC-011-2 was filed for Commission approval on June 30, 2008 in Docket No.
RM08-11-000 and was approved on March 20, 2009 in Order No. 722. 56 In Order No.
722, the Commission approved FAC-011-2 R5 without specifically addressing R5.
There are no outstanding Commission directives with respect to this R5.
Technical Justification
FAC-011-2 R5 requires that when a Reliability Coordinator receives comments on its
SOL methodology that it must respond and indicate whether it has changed its
methodology. The retirement of FAC-011-2 R5 does not create a reliability gap, because
the Reliability Coordinator must comply with the substantive requirements of FAC-011-2
R5 whether or not the exchange envisioned by FAC-011-2 R5 occurs. FAC-011-2 R5
may support an avenue to advance commercial interests.
For example, similar to FAC-010-2.1 R5, if a Transmission Operator or Transmission
Planner also is a Transmission Owner it may have a commercial interest in lowering
SOLs on its transmission lines in an effort to extend the life of its equipment and,
therefore, challenge the Reliability Coordinator’s methodology to reduce its SOLs. The
Transmission Owner’s interests are better considered in the context of the development of
its facility ratings methodology under FAC-008-1, -3 than the Reliability Coordinator’s
methodology. FAC-011-2 R5, however, is an invitation to advance commercial interests
not through established means, but by challenging the Reliability Coordinator’s SOL
methodology. Accordingly, FAC-011-2 R5 sets forth an administrative task that does
little, if anything, to benefit or protect the reliable operation of the BES, and has the
55

Facilities Design, Connections and Maintenance Reliability Standards, 121 FERC ¶ 61,296 (December
27, 2007) (Order No. 705).
56
Version Two Facilities Design, Connections and Maintenance Reliability Standards, 126 FERC ¶ 61,255
(March 20, 2009) (Order No. 722).

P81 Project Technical White Paper

potential to implicate commercially sensitive issues. (Criteria A, B1, B4 and B6). In
this context, it would seem unnecessarily burdensome to engage in the exchange of
comments, given there is no nexus between the exchange and compliance with the
substantive requirements of FAC-011-2. Instead of spending time and resources on
FAC-011-2 R5 a Reliability Coordinator’s time and resources would be better spent
complying with the substantive requirements of FAC-011-2 R5. For these same reasons,
the ERO compliance program would gain efficiencies by no longer having to track
whether requests for technical review had occurred, comments provided and reallocate
time and resources to monitoring the Reliability Coordinator’s adherence to substantive
requirements of FAC-011-2 R5.

Criterion A
The requirement in FAC-011-2 R5 to respond to comments on the SOL methodology is
an administrative task that does little, if anything, to benefit or protect the reliable
operation of the BES, and has the potential to implicate commercially sensitive issues.
Criteria B
• Criterion B1 (Administrative)
• Criterion B4 (Reporting)
• Criterion B6 (Commercial or Business Practice)
Criteria C
1.
FAC-011-2 R5 has not been part of a FFT filing.
2.

FAC-011-2 R5 is subject to future Standards Development Project 2012-11 FAC
Review, which is a placeholder for the five year review of FAC-010 and FAC011which is not currently scheduled and thus it is appropriate to process the
retirement of this requirement as part of the P81 Project.

FAC-011-2 R5 has a Lower VRF.

FAC-011-2 R5 is not on the AML.

The retirement of this requirement does not pose any negative impact to NERC’s
published and posted reliability principles No. 1 or No. 3.
Principle 1.

Interconnected bulk power systems shall be planned and
operated in a coordinated manner to perform reliably under
normal and abnormal conditions as defined in the NERC
Standards.

Principle 3.

Information necessary for the planning and operation of
interconnected bulk power systems shall be made available

P81 Project Technical White Paper

to those entities responsible for planning and operating the
systems reliably.
It is the adherence to the substantive requirements of FAC-011-2 that promotes
these posted reliability principles, and not receiving comments on the facility
ratings methodology from outside entities and then responding to those
comments.
6.

The retirement of this requirement does not negatively impact defense in depth
because no other requirement depends on it to help cover a reliability gap or risk
to reliability.

The retirement of FAC-011-2 R5 also promotes a results-based approach because
the requirements have no direct nexus to the performance of a reliability task.

Accordingly, for the above reasons, it is appropriate to retire FAC-011-2 R5.

FAC-013-2 R3 – Assessment of Transfer Capability for the Near-term
Transmission Planning Horizon
R3.

If a recipient of the Transfer Capability methodology provides documented
concerns with the methodology, the Planning Coordinator shall provide a
documented response to that recipient within 45 calendar days of receipt of
those comments. The response shall indicate whether a change will be made
to the Transfer Capability methodology and, if no change will be made to that
Transfer Capability methodology, the reason why.

P81 Project Technical White Paper

comply with the relevant directives of Order No. 693 and, as otherwise necessary,
to make the requirements of those Reliability Standards consistent with those of
the MOD Reliability Standards approved herein as well as this Final Rule. These
modifications should also remove redundant provisions for the calculation of
transfer capability addressed elsewhere in the MOD Reliability Standards. In
making these revisions, the ERO should consider the development of a
methodology for calculation of inter-regional and intra-regional transfer
capabilities. The Commission accepts the ERO’s request for additional time to
prepare the modifications and so directs the ERO to submit the modifications to
FAC-012-1 and FAC-013-1 no later than 60 days before the MOD Reliability
Standards become effective.
Although the Commission did not directly address the merits of FAC-013-2 R3 when
approving FAC-013-2, 59 similar to FAC-008-3, the developer of the Transfer Capability
methodology and data must follow specific technical requirements and provide the data
to reliability entities for use in their models. There are no outstanding Commission
directives with respect to this R3.
Technical Justification
A review of FAC-013-2 R3 indicates that it is a needlessly burdensome administrative
task that does little, if anything, to benefit or protect the reliable operation of the BES.
(Criteria A, B1 and B4). Specifically, FAC-013-2 R1 and its sub-requirements set forth
the information that each Planning Authority must include when developing its Transfer
Capability methodology. FAC-013-2 R3 sets forth a requirement that if an entity
comments on this methodology, the Planning Authority must respond and indicate
whether or not it will make a change to its Transfer Capability methodology. Thus, while
R1 sets forth substantive requirements, R3 sets forth more of an administrative task of the
Planning Authority responding to comments on its methodology.
The following NERC glossary definition of Transfer Capability states:
The measure of the ability of interconnected electric systems to move or
transfer power in a reliable manner from one area to another over all
transmission lines (or paths) between those areas under specified system
conditions. The units of transfer capability are in terms of electric power,
generally expressed in megawatts (MW). The transfer capability from
“Area A” to “Area B” is not generally equal to the transfer capability from
“Area B” to “Area A.”
In the context of a Planning Authority engaging in an exchange with an entity over the
Transfer Capability there is a possibility of a scenario that a group of generators 60 try to
59

Id. (approval of FAC-013-2).
Generators that receive the Transfer Capability methodology via an association with one of the entities in
the R2 sub-requirements.

P81 Project Technical White Paper

get the Planning Authority to revise its Transfer Capability methodology to advance
commercial interests via changes to the methodology that would increase or decrease
transfer capability from Area A to Area B. (Criterion B6). Such issues should be raised
in the context of receipt of transmission services, not the Reliability Standards.
Moreover, even without the possible commercial motivation of certain entities to get the
Planning Authority to revise its Transfer Capability methodology, implementing an
exchange between entities and the Planning Authority seems much better suited via
regional planning committees, than mandatory Reliability Standards.
In this context, it would seem unnecessarily burdensome to engage in the exchange of
comments, given there is no nexus between the exchange and compliance with the
substantive requirements of FAC-013-2. Instead of spending time and resources on
FAC-013-2 R3, time and resources would be better spent complying with the substantive
requirements of FAC-013-2. For these same reasons, the ERO compliance program
would gain efficiencies by no longer having to track whether requests for technical
review had occurred, comments provided and reallocate time and resources to monitoring
the Reliability Coordinator’s adherence to substantive requirements of FAC-013-2.
Criterion A
The requirement in FAC-013-2 R3 to respond to comments on the Transfer Capability
methodology is an administrative task that does little, if anything, to benefit or protect the
reliable operation of the BES, and has the potential to implicate commercially sensitive
issues.
Criteria B
• Criterion B1 (Administrative)
• Criterion B4 (Reporting)
• Criterion B6 (Commercial or Business Practice)
Criteria C
1.
FAC-013-2 R3 has not been part of a FFT filing.
2.

FAC-013-2 R3 is not subject to an on-going Standards Development Project.

FAC-013-2 R3 has a Lower VRF.

FAC-013-2 R3 is not on the AML.

The retirement of FAC-013-2 R3 does not pose any negative impact to NERC’s
published and posted reliability principles No. 1 or No. 3.
Principle 1.

Interconnected bulk power systems shall be planned and
operated in a coordinated manner to perform reliably under
normal and abnormal conditions as defined in the NERC
Standards.
49

P81 Project Technical White Paper

Principle 3.

Information necessary for the planning and operation of
interconnected bulk power systems shall be made available
to those entities responsible for planning and operating the
systems reliably.

It is the adherence to the substantive requirements of FAC-013-2 that promotes
these posted reliability principles, and not receiving comments on the facility
ratings methodology from outside entities and then responding to those
comments.
6.

The retirement of FAC-013-2 R3 does not negatively impact defense in depth
because no other requirement depends on it to help cover a reliability gap or risk
to reliability.

The retirement of FAC-013-2 R3 promotes a results-based approach because the
requirements do not require the performance of a reliability task.

Accordingly, for the above reasons, it is appropriate to retire FAC-013-2 R3.

P81 Project Technical White Paper

number came from the NERC TSIN system, by now it is handled via NAESB Electric
Industry Registry. 62 Also, under the E-Tag protocols, no entity may engage in an
Interchange transaction without first registering with the E-Tag system and receiving an
identification number. Further, the entity desiring the transaction enters this
identification number in the E-Tag system to pre-qualify and engage in an Arranged
Interchange. Accordingly, the task set forth in INT-007-1 R1.2 is an outdated activity
that is no longer necessary, and thus, does little, if anything, to benefit or protect the
reliable operation of the BES. (Criterion A). The ERO compliance program would
benefit and be more efficient if it was not monitoring an outdated requirement.
Criterion A
The task set forth in INT-007-1 R1.2 is an outdated activity that is no longer necessary,
and thus, does little, if anything, to benefit or protect the reliable operation of the BES.
Criteria B
• Criterion B1 (Administrative)
Criteria C
1.
INT-007-1 R1.2 has not been part of a FFT filing.
2.

INT-007-1 R1.2 is part of a pending Standards Development Project – Project
2008-12 Coordinate Interchange Standards, which is estimated to start in the
second quarter of 2013. Given this timeline, it is appropriate to move forward
with the retirement of INT-007-1 R1.2. Such a retirement may also help to
streamline Project 2008-12 once it is active and progressing.

INT-007-1 R1.2 has a Lower VRF.

INT-007-1 R1.2 is not on the AML.

The retirement of INT-007-1 R1.2 does not pose any negative impact to NERC’s
published and posted reliability principles No. 1 or No. 3.
Principle 1.

Interconnected bulk power systems shall be planned and
operated in a coordinated manner to perform reliably under
normal and abnormal conditions as defined in the NERC
Standards.

Principle 3.

Information necessary for the planning and operation of
interconnected bulk power systems shall be made available
to those entities responsible for planning and operating the
systems reliably.

See, North American Energy Standards Board Webregistry Technical Guide v1.4 (Proprietary) (July
2012). The new NAESB system has updated and implemented more automation to the process.

P81 Project Technical White Paper

It is the adherence to the substantive requirements of INT-007-1 that promotes
these posted reliability principles, not R1.2.
6.

The retirement of INT-007-1 R1.2 does not impact any defense in depth strategies
because the task is no longer necessary.

The retirement of INT-007-1 R1.2 promotes a results-based approach because the
requirement does not require the performance of a reliability task.

Accordingly, for the above reasons, it is appropriate to retire INT-007-1 R1.2.

IRO-016-1 R2 – Coordination of Real-time Activities Between Reliability
Coordinators
R2.

The Reliability Coordinator shall document (via operator logs or other data
sources) its actions taken for either the event or for the disagreement on the
problem(s) or for both.

Background/Commission Directives
IRO-016-1 was submitted for Commission approval on April 4, 2006 in Docket No.
RM06-16-000 and was approved on March 16, 2007 in Order No. 693. The Commission
did not directly address R2 when approving IRO-016-1 in Order No. 693 at paragraphs
1004 and 1005. There are no outstanding Commission directives with respect to R2.
Technical Justification
The reliability purpose of IRO-016-1 is to ensure that each Reliability Coordinator’s
operations are coordinated such that they will not have an adverse reliability impact on
other Reliability Coordinator Areas and to preserve the reliability benefits of
interconnected operations. To implement the purpose, IRO-016-1 R1 and its subrequirements state:
R1. The Reliability Coordinator that identifies a potential, expected, or
actual problem that requires the actions of one or more other Reliability
Coordinators shall contact the other Reliability Coordinator(s) to confirm
that there is a problem and then discuss options and decide upon a solution
to prevent or resolve the identified problem.
R1.1. If the involved Reliability Coordinators agree on the problem and
the actions to take to prevent or mitigate the system condition, each
involved Reliability Coordinator shall implement the agreed-upon
solution, and notify the involved Reliability Coordinators of the action(s)
taken.

P81 Project Technical White Paper

R1.2. If the involved Reliability Coordinators cannot agree on the
problem(s) each Reliability Coordinator shall re-evaluate the causes of the
disagreement (bad data, status, study results, tools, etc.).
R1.2.1. If time permits, this re-evaluation shall be done before taking
corrective actions.
R1.2.2. If time does not permit, then each Reliability Coordinator shall
operate as though the problem(s) exist(s) until the conflicting system
status is resolved.
These requirements are specific actions and decision points among Reliability
Coordinators that promote the reliable operation of the BES. In contrast, a review of R2
indicates that it is a needlessly burdensome administrative and data collection
requirement that does little, if anything, to benefit or protect the reliable operation of the
BES. (Criteria A, B1 and B2). Therefore, the reliability purpose of IRO-016-1 is
unaffected by the proposed retirement of R2.
Furthermore, outside the context of a Reliability Standard, under Section 400 of the
NERC Rules of Procedure, NERC and the Regional Entities have the authority to require
an entity to submit data and information for purposes of monitoring compliance. Thus,
the retirement of IRO-016-1 R2 does not affect the ability for NERC and the Regional
Entities to require Reliability Coordinators to produce documentation to demonstrate
compliance with IRO-016-1 R1 and its sub-requirements. Accordingly, retiring IRO016-1 R2 presents no gap to reliability or to the information NERC and the Regional
Entities need to monitor compliance. Thus, IRO-016-1 R2 does not support reliability.
Consequently, R2 is an administrative and data collection requirement that does little, if
anything, to benefit or protect the reliable operation of the BES. (Criteria A, B1 and B2).
Also, there are some inherent inefficiencies that result by a small number of
requirements, such as IRO-016-1 R2 being a data, evidence and record retention
requirement, while there are other and more appropriate established methods to collect
and review the data than a Reliability Standard via Rules of Procedure Section 401. In
this regard, for the ERO, Regional Entities and the entities, arguably Reliability
Standards are more difficult to understand because of this inconsistent approach
(typically only implicitly requiring documentation as a part of an obligation to prove
compliance, but occasionally explicitly requiring it with no discernible pattern or
rationale).
Criterion A
A review of R2 indicates that it is a needlessly burdensome administrative and data
collection requirement that does little, if anything, to benefit or protect the reliable
operation of the BES.
Criteria B
53

P81 Project Technical White Paper

•
•

Criterion B1 (Administrative)
Criterion B2 (Data Collection/Data Retention)

Criteria C
1.
IRO-016-1 R2 has not been part of a FFT filing
2.

IRO-016-1 R2 is not subject to an on-going Standards Development project.

IRO-016-1 R2 has a Lower VRF.

IRO-016-1 R2 is not on the AML.

The retirement of IRO-016-1 R2 does not pose any negative impact to NERC’s
published and posted reliability principles, since none of the principles appear to
apply to a data retention requirement.

IRO-016-1 R2 does not negatively impact defense in depth because no other
requirement depends on it to help cover a reliability gap or risk to reliability.

The retirement of IRO-016-1 R2 promotes a results-based approach because the
requirement is administrative and data collection, and, therefore, does not provide
the foundation for performing a reliability task.

Accordingly, for the above reasons, it is appropriate to retire IRO-016-1 R2.

NUC-001-2 R9.1; NUC-001-2 R9.1.1; NUC-001-2 R9.1.2; NUC-001-2 R9.1.3;
NUC-001-2 R9.1.4 – Nuclear Plant Interface Coordination
R9.1.

Administrative elements:

P81 Project Technical White Paper

NUC-001-1 was submitted for Commission approval on November 19, 2007 in Docket
No. RM08-3-000 and was approved on October 16, 2008. 63 NUC-001-2 was submitted
for Commission approval on August 14, 2009 in Docket No. RD09-10-000 and was
approved on January 21, 2010. 64
Although in Order No. 716 the merits of R9.1 and its sub-requirements were not directly
addressed, the Commission did state the following in the context of the VRFs for all of
R9: 65
Consistent with the NOPR, the Commission directs the ERO to revise the
violation risk factor assignment for Requirement R9 from lower to
medium. The Commission disagrees with commenters that a lower
violation risk factor is appropriate because Requirement R9 is an
administrative requirement to include the specified provisions. While the
Commission recognized in the NOPR that many of the requirements of the
proposed Reliability Standard are administrative in nature, these same
requirements provide for the development of procedures to ensure the safe
and reliable operation of the grid, and responses to potential emergency
conditions.
There are no outstanding Commission directives with respect to these requirements.
Technical Justification
The reliability purpose of NUC-001-2 is to ensure the coordination between Nuclear
Plant Generator Operators and Transmission Entities for nuclear plant safe operation and
shutdown. The reliability purpose of NUC-001-2 is unaffected by the proposed
retirement of requirements 9.1, 9.1.1, 9.1.2, 9.1.3 and 9.1.4. Requirement 9.1 and its subrequirements specify certain administrative elements that must be included in the
agreement (required by R2) between the Nuclear Plant Generator Operator and the
applicable Transmission Entities. These are a mix of technical, communication, training
and administrative requirements. Of those that may be classified as administrative, R9.1
and its sub-requirements clearly stand out as unnecessarily burdensome administrative
tasks that do little, if anything, to benefit or protect the reliable operation of the BES.
(Criteria A and B1). R9.1 and its sub-requirements are a check list of certain nontechnical boilerplate provisions generally included in modern agreements. These
provisions do not directly relate to protecting BES reliability. Further, requiring via a
mandatory Reliability Standard the inclusion of boilerplate provisions is unnecessarily
burdensome relative to the other significant requirements in NUC-001-2 that pertain to
performance based reliability coordination and protocols between Transmission Entities
63

Mandatory Reliability Standard for Nuclear Plant Interface Coordination, 125 FERC ¶ 61,065 (2008)
(“Order No. 716”), order on reh’g, Order No. 716-A, 126 FERC ¶ 61,122 (2009).
64
Order Approving Reliability Standard, 130 FERC ¶ 61,051 (2010).
65
NUC-001-1 was approved in Order No. 716, while NUC-001-2 was approved without discussion of
R9.1 and its sub-requirements in a subsequent order. Mandatory Reliability Standard for Nuclear Plant
Interface Coordination, 125 FERC ¶ 61,065 (2008); 130 FERC ¶ 61,051 (2010).

P81 Project Technical White Paper

and Nuclear Plant Generator Operators. Therefore, the retirement of NUC-001-2 R9.1
and all its sub-requirements creates no reliability gap and are the type of provisions that
would likely be in a modern agreement anyway.
For these same reasons, the ERO compliance program efficiency will increase with the
retirement of NUC-001-2 R9.1 and its sub-requirements because compliance monitoring
time and resources will not be spent conducting a checklist of whether an agreement
includes boilerplate provisions, and instead, the time and resources may be spent
reviewing adherence with the technical, substantive coordination and protocol provisions
of NUC-001-2.
Criterion A
R9.1 and its sub-requirements are unnecessarily burdensome administrative tasks that do
little, if anything, to benefit or protect the reliable operation of the BES.
Criteria B
• Criterion B1 (Administrative)
Criteria C
1.
NUC-001-2 R9.1 and its sub-requirements have not been part of a FFT filing.
2.

NUC-001-2 R9.1 and its sub-requirements are not part of an on-going Standards
Development Project, but NUC-001-2 is part of Project 2012-13, which is a
placeholder for a five year review. Given the as yet undetermined start date for
Project 2012-13, it is appropriate to move forward with the retirement of NUC001-2 R9.1 and its sub-requirements.

Individual VRFs are not assigned to the sub-requirements of NUC-001-2 R9.

NUC-001-2 R9.1 and its sub-requirements are in the third tier of the AML.

The retirement of NUC-001-2 R9.1 and its sub-requirements do not pose any
negative impact to NERC’s published and posted reliability principles, since none
of them seem to apply to the inclusion of boilerplate contractual provisions.

There is no impact on a defense in depth strategy because no other requirement
depends on it to help cover a reliability gap or risk to reliability.

The retirement of NUC-001-2 R9.1 and its sub-requirements promote a resultsbased approach by eliminating administrative check-list requirements.

Accordingly, for the above reasons, it is appropriate to retire NUC-001-2 R9.1 and its
sub-requirements.

P81 Project Technical White Paper

PRC-010-0 R2 – Assessment of the Design and Effectiveness of UVLS
Program;
R2.

The Load-Serving Entity, Transmission Owner, Transmission Operator, and
Distribution Provider that owns or operates a UVLS program shall provide
documentation of its current UVLS program assessment to its Regional
Reliability Organization and NERC on request (30 calendar days).

Background/Commission Directives
PRC-010-0 was filed for Commission approval on April 4, 2006 in Docket No. RM0616-000 and was approved on March 16, 2007 in Order No. 693. 66 Although not
specifically addressing PRC-010-0 R2, in Order No. 693 at paragraph 1506 and 1507 the
Commission stated that:
With regard to ISO-NE’s disagreement on integration of various system
protections “because such integration cannot be technologically
accomplished”, we note that the evidence collected in the Blackout Report
indicates that “the relay protection settings for the transmission lines,
generators and underfrequency load shedding in the northeast may not be
entirely appropriate and are certainly not coordinated and integrated to
reduce the likelihood and consequence of a cascade – nor were they
intended to do so.” In addition, the Blackout Report stated that one of the
common causes of major outages in North America is a lack of
coordination on system protection. The Commission agrees with the
protection experts who participated in the investigation, formulated
Blackout Recommendation No. 21 and recommended that UVLS
programs have an integrated approach.
Regarding FirstEnergy’s question of whether universal coordination
among UVLS programs that address local system problems makes sense,
we believe that PRC-010-0’s objective in requiring an integrated and
coordinated approach is to address the possible adverse interactions of
these protection systems among themselves and to determine whether they
could aggravate or accelerate cascading events. We do not believe this
Reliability Standard is aimed at universal coordination among UVLS
programs that address local system problems. (Footnote omitted).
The retirement of PRC-010-0 R2 does not affect a Commission directive.
Technical Justification

P81 Project Technical White Paper

Outside the context of a Reliability Standard, under Section 400 of the NERC Rules of
Procedure, NERC and the Regional Entities have the authority to require an entity to
submit documentation of its current UVLS program assessment for purposes of
monitoring compliance. Thus, the retirement of PRC-010-0 R2 does not affect the ability
of NERC and the Regional Entities to require Reliability Coordinators to produce
documentation to monitor compliance with PRC-010-0 R1 and its sub-requirements.
Furthermore, PRC-010-0 R1 requires that the entity document an assessment of the
effectiveness of its UVLS program:
The Load-Serving Entity, Transmission Owner, Transmission Operator,
and Distribution Provider that owns or operates a UVLS program shall
periodically (at least every five years or as required by changes in system
conditions) conduct and document an assessment of the effectiveness of
the UVLS program.
Accordingly, retiring PRC-010-0 R2 presents no gap to reliability or to the information
NERC and the Regional Entity need to monitor compliance. A review of R2 indicates
that it is a needlessly burdensome administrative and data collection/retention
requirement that does little, if anything, to benefit or protect the reliable operation of the
BES. (Criteria A, B1 and B2). Also, there are some inherent inefficiencies that result by
a small number of requirements, such as PRC-010-0 R2 being a data production
requirement, while there are other and more appropriate established methods to collect
and review the data than a Reliability Standard via Rules of Procedure Section 401.
Criterion A
R2 is an administrative and data collection requirement that does little, if anything, to
benefit or protect the reliable operation of the BES.
Criteria B
• Criterion B1(Administrative)
• Criterion B2 (Data Collection/Data Retention)
Criteria C
1.
PRC-010-0 R2 has not been part of a FFT filing.
2.

PRC-010-0 R2 is subject to Standards Development Project 2008-02
Undervoltage Load Shedding, which is not currently active and is only estimated
to be completed until the second quarter of 2014. Since the purpose of Project
2008-02 does not necessarily include a review of R2 and its 2014 completion date
is well into the future, it is appropriate to include PRC-010-0 R2 in the P81
Project.

This requirement has a Lower VRF.

This requirement is not part of the AML.
58

P81 Project Technical White Paper

The retirement of PRC-010-0 R2 does not pose any negative impact to NERC’s
published and posted reliability principles, particularly since submission of a
program assessment or documentation of its analysis of UVLS program
performance to a Regional Entity does not seem to implicate any of the principles.

For similar reasons, there is no negative impact on a defense in depth strategy
because no other requirement depends on it to help cover a reliability gap or risk
to reliability.

The retirement of PRC-010-0 R2 promotes a results-based approach because it is
a data collection requirement, and, therefore, does not provide the foundation for
performing a reliability task.

Accordingly, for the above reasons, it is appropriate to retire PRC-010-0 R2.

PRC-022-1 R2 – Under-Voltage Load Shedding Program Performance
R2.

Each Transmission Operator, Load-Serving Entity, and Distribution Provider
that operates a UVLS program shall provide documentation of its analysis of
UVLS program performance to its Regional Reliability Organization within
90 calendar days of a request.

P81 Project Technical White Paper

collapse or voltage instability in the BES shall analyze and document all
UVLS operations and Misoperations.
Accordingly, retiring PRC-022-1 R2 presents no gap to reliability or to the information
NERC and the Regional Entities need to monitor compliance. In this context, a review of
R2 indicates that it is a needlessly burdensome administrative and data collection
requirement that that does little, if anything, to benefit or protect the reliable operation of
the BES. (Criteria A, B1 and B2). Also, similar to the retention of records requirements
in CIP-007-3, -4 R7.3, FAC-002-1 R2 and PRC-010-0 R2, the ERO compliance program
efficiency will increase since it will no longer need to track a static requirement of
whether a UVLS program assessment was submitted within 30 days of a request by
NERC or the Regional Entity, and instead, compliance monitoring may focus on the
more substantive requirements of PRC-022-1.
Criterion A
R2 is an administrative and data collection requirement that does little, if anything, to
benefit or protect the reliable operation of the BES.
Criteria B
• Criterion B1(Administrative)
• Criterion B2 (Data Collection/Data Retention)
Criteria C
1.
PRC-022-1 R2 has not been part of a FFT filing.
2.

PRC-022-1 R2 is subject to Standards Development Project 2008-02
Undervoltage Load Shedding, which is not currently active and is only estimated
to be completed until the second quarter of 2014. Since the purpose of Project
2008-02 does not necessarily include a review of R2 and its 2014 completion date
is well into the future, it is appropriate to include PRC-022-1 R2 in the P81
Project.

PRC-022-1 R2 has a Lower VRF.

This requirement is not part of the AML.

The retirement of PRC-022-1 R2 does not pose any negative impact to NERC’s
published and posted reliability principles, particularly since submission of a
program assessment or documentation of its analysis of UVLS program
performance to a Regional Entity does not seem to implicate any of the principles.

For similar reasons, there is no negative impact defense in depth because no other
requirement depends on it to help cover a reliability gap or risk to reliability.

P81 Project Technical White Paper

The retirement of PRC-022-1 R2 promotes a results-based approach because it is
a data collection requirement, and, therefore, does not provide the foundation for
performing a reliability task.

Accordingly, for the above reasons, it is appropriate to retire PRC-022-1 R2.

**VAR-001-2 R5 – Voltage and Reactive Control
R5.

Each Purchasing-Selling Entity and Load Serving Entity shall arrange for
(self-provide or purchase) reactive resources – which may include, but is not
limited to, reactive generation scheduling; transmission line and reactive
resource switching;, and controllable load– to satisfy its reactive requirements
identified by its Transmission Service Provider.

P81 Project Technical White Paper

Schedule 2 Reactive Supply and Voltage Control from Generation or
Other
In order to maintain transmission voltages on the Transmission Provider's
transmission facilities within acceptable limits, generation facilities and
non-generation resources capable of providing this service that are under
the control of the control area operator) are operated to produce (or
absorb) reactive power. Thus, Reactive Supply and Voltage Control from
Generation or Other Sources Service must be provided for each
transaction on the Transmission Provider's transmission facilities. The
amount of Reactive Supply and Voltage Control from Generation or Other
Sources Service that must be supplied with respect to the Transmission
Customer's transaction will be determined based on the reactive power
support necessary to maintain transmission voltages within limits that are
generally accepted in the region and consistently adhered to by the
Transmission Provider.
Reactive Supply and Voltage Control from Generation or Other Sources
Service is to be provided directly by the Transmission Provider (if the
Transmission Provider is the Control Area operator) or indirectly by the
Transmission Provider making arrangements with the Control Area
operator that performs this service for the Transmission Provider's
Transmission System. The Transmission Customer must purchase this
service from the Transmission Provider or the Control Area operator. A
Transmission Customer may satisfy all or part of its obligation through
self provision or purchases provided that the self-provided or purchased
reactive power reduces the Transmission Provider’s reactive power
requirements and is from generating facilities under the control of the
Transmission Provider or Control Area operator. The Transmission
Customer’s Service Agreement shall specify any such reactive supply
arrangements. To the extent the Control Area operator performs this
service for the Transmission Provider, charges to the Transmission
Customer are to reflect only a pass-through of the costs charged to the
Transmission Provider by the Control Area operator. The Transmission
Provider’s rates for Reactive Supply and Voltage Control from Generation
Sources Services shall be set out in Appendix A to this Schedule.
Given the importance of the procurement or self providing of reactive power, even in a
market setting a form of Schedule 2 is found in the tariffs of MISO and PJM, for
example. Also, other contractual mechanism, such as Interchange agreements, also are
used to ensure transmission customers (such as PSEs and LSEs) provide reactive power,
While NERC complied with the Commission’s directive to add LSEs to VAR-001-2 R5,
a review of this requirement in light of Schedule 2 indicates that the reliability objective
of ensuring that PSEs as well as LSEs either acquire or self provide reactive power
62

P81 Project Technical White Paper

resources associated with its transmission service requests is accomplished via Schedule
2, and, therefore, there is no need to reiterate it in VAR-001-2 R5. The repetitive nature
of VAR-001-2 R5 is also apparent in the context of how a PSE or LSE generally
demonstrates compliance – via screenshots from Open Access Same-Time Information
System (“OASIS”) reservations that show the mandatory acquiring or self providing of
reactive power resources per Schedule 2.
The reliability objective of VAR-001-2 is also accomplished in VAR-001-2 R2 (that is
not proposed for retirement) which reads:
Each Transmission Operator shall acquire sufficient reactive resources –
which may include, but is not limited to, reactive generation scheduling;
transmission line and reactive resource switching;, [sic] and controllable
load – within its area to protect the voltage levels under normal and
Contingency conditions. This includes the Transmission Operator’s share
of the reactive requirements of interconnecting transmission circuits.
The Transmission Operator’s adherence to R2 is a double check for the obligations under
Schedule 2 to ensure there are sufficient reactive power resources to protect the voltage
levels under normal and Contingency conditions. This double check, however, does not
relieve PESs and LESs from their obligations under Schedule 2 of the OATT or
Interchange agreements.
In addition, in the Electric Reliability Council of Texas (ERCOT) region, where there is
no FERC approved OATT, reactive power is handled via Section 3.15 of the ERCOT
Nodal Protocols that describes how ERCOT establishes a Voltage Profile for the grid,
and then in detail explains the responsibilities of the Generators, Distribution Providers
and Texas Transmission Service Providers (not to be confused with a NERC TSP), to
meet the Voltage Profile and ensure that those entities have sufficient reactive support to
do so. There is further Operating Guide detail on the responsibilities for entities to deploy
reactive resources approximately, within performance criteria in the Operating Guide
Section 3. Thus, as in non-ERCOT regions, ERCOT has protocols that are duplicative of
VAR-001-2 R5.
Given the redundant nature of VAR-001-2 R5 it would also assist the ERO compliance
program to retire it, so that time and resources can be reallocated to focus on adherence to
other Reliability Standard requirements.
Criterion A
VAR-001-2 R5 does little, if anything, to benefit or protect the reliable operation of the
BES because it is redundant with FERC’s pro forma OATT.
Criteria B
• Criterion B7 (Redundant)
Criteria C
63

P81 Project Technical White Paper

VAR-001-2 R5 has not been part of a FFT filing.

VAR-001-2 R5 is subject to Standards Development Project 2008-01 Voltage and
Reactive Planning Control. Given that Project 2008-01 is not currently active and
is only estimated to be completed until the second quarter of 2014 and the purpose
of this project does not necessarily include a review of R5, it is appropriate to
include VAR-001-2 R5 in the P81 Project. Also, retiring this requirement via P81
Project may facilitate the efficiency of Project 2008-01.

This requirement has a High VRF. However, the reliability objective of VAR001-2 R5 will be accomplished via Schedule 2 of the OATT, ERCOT protocols
and R2 of VAR-001-2. Thus, the High VRF is not dispositive, and VAR-001-2
R5 remains appropriate for retirement.

VAR-001-2 R5 is in the third tier of the AML.

Because VAR-001-2 R5 is redundant with the pro forma OATT and ERCOT
protocols, (as well as the reliability objective of VAR-001-2 R5 is accomplished
via Schedule 2 of the OATT, ERCOT protocols and R2 of VAR-001-2), the
retirement of VAR-001-2 R5 does not pose any negative impact to the following
NERC published and posted reliability principles:
Principle 1.

Interconnected bulk power systems shall be planned and
operated in a coordinated manner to perform reliably under
normal and abnormal conditions as defined in the NERC
Standards.

Principle 2.

The frequency and voltage of interconnected bulk power
systems shall be controlled within defined limits through
the balancing of real and reactive power supply and
demand.

Retirement does not negatively impact defense in depth because no other
requirement depends on it to help cover a reliability gap or risk to reliability.

The retirement of VAR-001-2 R5 is neutral regarding whether it promotes a
results-based approach because the requirement is results-based, but already
covered in the pro forma OATT, Schedule 2 and ERCOT protocols.

Accordingly, for the above reasons, it is appropriate to retire VAR-001-2 R5.

P81 Project Technical White Paper

V. The Initial Phase Reliability Standards Provided for Informational
Purposes

The following requirements are already scheduled to be retired or subsumed via another
Standards Development Project that has been approved by stakeholders and the NERC
Board of Trustees (or due to be before the NERC Board of Trustees in November), and,
thus, are presented here for informational purposes only. For regulatory efficiency, these
requirements will not be presented for comment and vote, and, therefore, will not be
presented to the NERC Board of Trustees for approval or filed with the Commission or
Canadian governmental authorities as part of the P81 Project.

P81 Project Technical White Paper

COM-001-1.1 R6- Telecommunications
Each NERCNet User Organization shall adhere to the requirements in Attachment 1COM-001-0, “NERCNet Security Policy.”
Background
COM-001-1 was submitted for Commission approval on November 15, 2006 in Docket
No. RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 73 COM-0011.1 was submitted for Commission approval on February 6, 2009 in Docket No. RD09-2000 as errata and was approved by unpublished letter order on May 13, 2009. 74
As part of COM-001-2, on September 17, 2012, stakeholders approved the retirement of
COM-001-1.1 R6 in Project 2006-06 (Reliability Coordination). This project is due to be
presented to the NERC Board of Trustees in November. Thus, COM-001-1 R6 is
presented here for informational purposes only.

EOP-004-1 R1 – Disturbance Reporting
R1.

Each Regional Reliability Organization shall establish and maintain a
Regional reporting procedure to facilitate preparation of preliminary and final
disturbance reports.

Background
EOP-004-1 was submitted to the Commission for approval on November 15, 2006 in
Docket No. RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 75
As part of EOP-004-2, on November 5, 2012, stakeholders approved the retirement of
EOP-001-1 R1. EOP-004-2 was approved by the NERC Board of Trustees on November
7, 2012. Thus, EOP-001-1 R1 is presented here for informational purposes only.

EOP-009-0 R2 – Documentation of Blackstart Generating Unit Test Results
R2.

The Generator Owner or Generator Operator shall provide documentation of
the test results of the startup and operation of each blackstart generating unit
to the Regional Reliability Organizations and upon request to NERC.

Background
73

Mandatory Reliability Standards for the Bulk-Power System, 72 FR 16416 (Apr. 4, 2007), FERC Stats. &
Regs. ¶ 31,242 (2007). (“Order No. 693”), order on reh’g, Order No. 693-A, 120 FERC ¶ 61,053 (2007).
74
Letter Order, Electric Reliability Organization Errata Petition Updating Accepted Reliability
Coordination and Transmission Operations Reliability Standards, Docket No. RD09-2-000 (May 13, 2009).
75
Mandatory Reliability Standards for the Bulk-Power System, Order No. 693, FERC Stats. & Regs. ¶
31,242, order on reh’g, Order No. 693-A, 120 FERC ¶ 61,053 (2007).

P81 Project Technical White Paper

EOP-009-0 was submitted for Commission approval on April 4, 2006 in Docket No.
RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 76 In Order No.
749, the Commission approved the retirement of EOP-009-0 as of July 1, 2013, based on
the approval of EOP-005-2, which did not carry forward R2 of EOP-009-0. Thus, EOP009-0 R2 is presented here for informational purposes only.

FAC-008-1 R1.3.5 – Facility Ratings Methodology
R1.3.5.

Other assumptions.

Background
FAC-008-1 was submitted for Commission approval on April 4, 2006 in Docket No.
RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 77
“On May 12, 2010, the NERC Board of Trustees approved the proposed FAC-0082 Reliability Standard that addressed the first two of the FERC directives in Order No.
693. NERC’s proposed FAC-008-2 Reliability Standard was not filed with FERC for
approval, but instead was revisited by the standard drafting team so that the third Order
No. 693 directive could be addressed in response to FERC’s March 18, 2010 Order…” 78
FAC-008-3 was submitted for Commission approval on June 15, 2011 in Docket No.
RD11-10-000 and was approved on November 17, 2011. 79
FAC-008-3 (which combined FAC-008 and FAC-009) has been approved by the
Commission without the “other assumptions” language. 80 Since FAC-008-3 will become
effective on January 1, 2013, FAC-008-1 R1.3.5 is presented here for informational
purposes only.

PRC-008-0 R1; PRC-008-0 R2 – Underfrequency Load Shedding Equipment
Maintenance Programs
R1.

The Transmission Owner and Distribution Provider with a UFLS program (as
required by its Regional Reliability Organization) shall have a UFLS

Mandatory Reliability Standards for the Bulk-Power System, 72 FR 16416 (Apr. 4, 2007), FERC Stats. &
Regs. ¶ 31,242 (2007). (“Order No. 693”), order on reh’g, Order No. 693-A, 120 FERC ¶ 61,053 (2007).
77
Mandatory Reliability Standards for the Bulk-Power System, 72 FR 16416 (Apr. 4, 2007), FERC Stats. &
Regs. ¶ 31,242 (2007). (“Order No. 693”), order on reh’g, Order No. 693-A, 120 FERC ¶ 61,053 (2007).
78
Petition of the North American Electric Reliability Corporation for Approval of Proposed Reliability
Standard FAC-008-3 — Facility Ratings, Docket No. RD11-10-000, (June 15, 2011).
79
Order Approving Reliability Standard, 137 FERC ¶ 61,123 (2011).
80
Id.

P81 Project Technical White Paper

equipment maintenance and testing program in place. This UFLS equipment
maintenance and testing program shall include UFLS equipment
identification, the schedule for UFLS equipment testing, and the schedule for
UFLS equipment maintenance.
R2.

The Transmission Owner and Distribution Provider with a UFLS program (as
required by its Regional Reliability Organization) shall implement its UFLS
equipment maintenance and testing program and shall provide UFLS
maintenance and testing program results to its Regional Reliability
Organization and NERC on request (within 30 calendar days).

Background
PRC-008-0 was submitted for Commission approval on April 4, 2006 in Docket No.
RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 81
Under Standards Development Project 2007-17 Protection System Maintenance, which
recently passed on August 27, 2012, PRC-008-0 is scheduled to be retired, subsumed and
replaced with PRC-005-2. PRC-005-2 will likely be presented to the NERC Board of
Trustees in November for approval, and, thus, PRC-008-0 is only presented here for
informational purposes.

PRC-009-0 R1; PRC-009-0 R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC009-0 R1.4; PRC-009-0 R2 – UFLS Performance Following an
Underfrequency Event
R1.

The Transmission Owner, Transmission Operator, Load-Serving Entity and
Distribution Provider that owns or operates a UFLS program (as required by
its Regional Reliability Organization) shall analyze and document its UFLS
program performance in accordance with its Regional Reliability
Organization’s UFLS program. The analysis shall address the performance of
UFLS equipment and program effectiveness following system events resulting
in system frequency excursions below the initializing set points of the UFLS
program. The analysis shall include, but not be limited to:
R1.1. A description of the event including initiating conditions.
R1.2. A review of the UFLS set points and tripping times.
R1.3. A simulation of the event.

P81 Project Technical White Paper

R1.4. A summary of the findings.
R2.

The Transmission Owner, Transmission Operator, Load-Serving Entity, and
Distribution Provider that owns or operates a UFLS program (as required by
its Regional Reliability Organization) shall provide documentation of the
analysis of the UFLS program to its Regional Reliability Organization and
NERC on request 90 calendar days after the system event.

Background
PRC-009-0 was submitted for Commission approval on April 4, 2006 in Docket No.
RM06-16-000 and was approved on March 16, 2007 in Order No. 693. 82 In Order No.
763 at paragraph 103 83 the Commission accepted the retirement of PRC-009-0 as
appropriately replaced with PRC-006-1. Consistent with Order No. 763, PRC-009-0 will
become inactive on September 30, 2013 and will be replaced by PRC-006-1. Thus, PRC009-0 is presented here for informational purposes only.

TOP-001-1a R3 – Reliability Responsibilities and Authorities
R3.

Each Transmission Operator, Balancing Authority, and Generator Operator
shall comply with reliability directives issued by the Reliability Coordinator,
and each Balancing Authority and Generator Operator shall comply with
reliability directives issued by the Transmission Operator, unless such actions
would violate safety, equipment, regulatory or statutory requirements. Under
these circumstances the Transmission Operator, Balancing Authority, or
Generator Operator shall immediately inform the Reliability Coordinator or
Transmission Operator of the inability to perform the directive so that the
Reliability Coordinator or Transmission Operator can implement alternate
remedial actions.

Mandatory Reliability Standards for the Bulk-Power System, 72 FR 16416 (Apr. 4, 2007), FERC Stats. &
Regs. ¶ 31,242 (2007). (“Order No. 693”), order on reh’g, Order No. 693-A, 120 FERC ¶ 61,053 (2007).
83
Automatic Underfrequency Load Shedding and Load Shedding Plans Re-liability Standards, 139 FERC ¶
61,098 (2012).
84
Mandatory Reliability Standards for the Bulk-Power System, 72 FR 16416 (Apr. 4, 2007), FERC Stats. &
Regs. ¶ 31,242 (2007). (“Order No. 693”), order on reh’g, Order No. 693-A, 120 FERC ¶ 61,053 (2007).
85
Electric Reliability Organization Interpretation of Transmission Operations Reliability Standard, 136
FERC ¶ 61,176, (September 15, 2011) (Order No. 753).

P81 Project Technical White Paper

Transmission Operators, Balancing Authorities, Generator Operators,
Transmission Service Providers, Load-Serving Entities, and PurchasingSelling Entities shall comply with Reliability Coordinator directives unless
such actions would violate safety, equipment, or regulatory or statutory
requirements. Under these circumstances, the Transmission Operator,
Balancing Authority, Generator Operator, Transmission Service Provider,
Load-Serving Entity, or Purchasing-Selling Entity shall immediately
inform the Reliability Coordinator of the inability to perform the directive
so that the Reliability Coordinator may implement alternate remedial
actions.
Although there is redundancy between TOP-001-1a R3 and IRO-001-1a R8 as related to
Reliability Coordinators, this redundancy was addressed in Standards Development
Project 2007-03 (Real-time Operations). Specifically, Project 2007-03 eliminated the
redundancy in the current version of TOP-001-2 R1 that replaces TOP-001-1a R3 and
reads:
Each Balancing Authority, Generator Operator, Distribution Provider, and
Load-Serving Entity shall comply with each Reliability Directive issued
and identified as such by its Transmission Operator(s), unless such action
would violate safety, equipment, regulatory, or statutory requirements.
TOP-001-2 has been approved by the NERC Board of Trustees and will be filed with the
Commission for approval; therefore, TOP-001-1a R3 is presented for informational
purposes only.

TOP-005-2a R1 – Operational Reliability Information
R1.

As a condition of receiving data from the Interregional Security Network
(ISN), each ISN data recipient shall sign the NERC Confidentiality
Agreement for “Electric System Reliability Data.”

Order No. 693 at paragraphs 1648 through 1652 (approval of TOP-005-1); Mandatory Reliability
Standards for Interconnection Reliability Operating Limits, 134 F.E.R.C. ¶ 61,213 (2011) (approval of
TOP-005-2a).

P81 Project Technical White Paper

Confidentiality is not a reliability issue, but a market or business issue.
Since this is not a reliability issue, it does not belong in the Reliability
Standards and can be deleted. 87
As stated above, in the context of Project 2007-03, TOP-001-1a was approved by the
NERC Board of Trustees and will be filed with the Commission for approval; therefore,
TOP-005-2a R1 is presented for informational purposes only.

Mapping Document Project 2007-03 Real-time Operations at page 31 (April 27 2012).

R7.3

√

R3.1
R2
R2,
R3
R4

√
√
√

√

FAC-008-3

√

Results-based
promoted?

√
√

In-depth
Protection
Implicated?

√
√

√

Reliability
Principles
Implicated?

√
√

Criteria C
C4
C5
AML Tier

√

VRF

√
√

Ongoing Project

√
√

FFT

R1.2
R3,
R3.1
R3.2
R3.3
R4.2
R2.6

Redundant

CIP-003-3, -4
CIP-003-3, -4

Updates

√

Reporting

Documentation

BAL-005-0.2b

EOP-005-2
FAC-002-1
FAC-008-1

Data

Req.

CIP-003-3, -4
CIP-005-3a, 4a
CIP-007-3, -4

Criteria B
B3 B4 B5

Standard

Reliability
Impact

Criterion A

Administrative

Appendix A

Commercial

P81 Project Technical White Paper

Yes

√
√

L
L

2
3

No
No

Yes
Yes

√
√

L
L

3
1

No
No

Yes
Yes

√

Yes

2
3
3

No
No
No

Yes
Yes
Yes

Yes

√

N/A
L
L

√

√
√
√
√
√
√

√
√
√

√
√

Redundant

FFT

Ongoing Project

√
√
√

L
L
L
L
L
N/A

√

√
√

√

L
L
H

Criteria C
C4
C5

No
No
No
No
No
No

Yes
Yes
Yes
Yes
Yes
Yes

No
No
No

Yes
Yes
Yes

AML Tier

VRF

Commercial

Updates

Reporting

√
√
√

Results-based
promoted?

√
√
√
√
√
√

Criteria B
B3 B4 B5

In-depth
Protection
Implicated?

PRC-010-0
PRC-022-1
VAR-001-2

Reliability
Principles
Implicated?

FAC-010-2.1
FAC-011-2
FAC-013-2
INT-007-1
IRO-016-1
NUC-001-2

R5
R5**
R5**
R3
R1.2
R2
R9.1
R9.1.1
R9.1.2
R9.1.3
R9.1.4
R2
R2
R5**

Documentation

Criterion A

Data

Req.

Reliability
Impact

Standard

Administrative

P81 Project Technical White Paper

Exhibit F

Summary of the Standard Development Proceedings and Record of Development of
Proposed Reliability Standard

Exhibit F — Summary of the Standard Development Proceedings and Record of
Development of Proposed Reliability Standard

SUMMARY OF THE STANDARD DEVELOPMENT PROCEEDINGS
a. NERC Reliability Standards Development Procedure
The proposed retirement of Reliability Standards was developed in an open and fair

manner and in accordance with the Commission-approved Reliability Standard development
process. 74 NERC develops Reliability Standards in accordance with Section 300 (Reliability
Standards Development) of its Rules of Procedure and the NERC Standard Processes Manual. 75
In its ERO Certification Order, the Commission found that NERC’s proposed rules provide for
reasonable notice and opportunity for public comment, due process, openness, and a balance of
interests in developing Reliability Standards and thus satisfies certain of the criteria for
approving Reliability Standards. The development process is open to any person or entity with a
legitimate interest in the reliability of the Bulk-Power System. NERC considers the comments
of all stakeholders, and a vote of stakeholders and the NERC Board of Trustees is required to
approve a Reliability Standard, including the retirement of any Requirement in a Reliability
Standard, before the Reliability Standard is submitted to the Commission for approval.
b. Overview of the Project 2013-02 Team
When evaluating proposed Reliability Standards and associated modifications, the
Commission is expected to give “due weight” to the technical expertise of the ERO. 76 The
74

Order No. 672 at P 334 (“Further, in considering whether a proposed Reliability Standard meets the legal
standard of review, we will entertain comments about whether the ERO implemented its Commission-approved
Reliability Standard development process for the development of the particular proposed Reliability Standard in a
proper manner, especially whether the process was open and fair. However, we caution that we will not be
sympathetic to arguments by interested parties that choose, for whatever reason, not to participate in the ERO’s
Reliability Standard development process if it is conducted in good faith in accordance with the procedures
approved by FERC.”).
75
The NERC Rules of Procedure are available here: http://www.nerc.com/page.php?cid=1%7C8%7C169.
The current NERC Standard Processes Manual is available here:
http://www.nerc.com/files/Appendix_3A_StandardsProcessesManual_20120131.pdf.
76
Section 215(d)(2) of the Federal Power Act; 16 U.S.C. § 824o(d)(2) (2012).

technical expertise of the ERO is derived from the drafting team. For this project, the Team
consisted of fifteen industry experts with a diversity of experience. A detailed set of
biographical information for each of the team members is included along with the P 81 Team
roster in Exhibit G. The development record for the P 81 Project is summarized below.
c. First Posting, Informal Comment Period
The draft SAR, which included criteria for retiring or modifying requirements, defined
phases for the project, and a suggested list of requirements put together by NERC, the regions,
and the trades and their member companies for consideration in Phase I, was posted for an
informal comment period from August 3, 2012 through September 4, 2012.
In September, the P81 drafting team met to respond to the comments received and
finalize the SAR. The revisions resulted in a list of 38 requirements in 22 Reliability Standard
versions being proposed for retirement and an additional 13 requirements included for
informational purposes only. The P81 Team also developed a Technical White Paper which
includes the justification for retiring the proposed requirements included herein as Exhibit E.
d. Second Posting, Formal Comment and Initial Ballot
The project with redlined versions of 22 standards showing 38 requirements proposed to
be retired for Phase 2 was posted for a 45-day public comment period and initial ballot from
October 25, 2012 through December 10, 2012. The initial ballot for the project received a
quorum of 75.77% and a 96.45% approval.
The P 81 Team received 32 sets of comments from 113 people from 64 companies
representing 8 of the 10 industry segments. No entity showed that a gap in reliability would
result from the retirement of the proposed Reliability Standard requirements. The comments
were very supportive of the retirement of the proposed Reliability Standard requirements. A few

entities provided clarifying comments for consideration in the technical white paper, and those
comments have been incorporated to enhance the readability and clarity of the technical white
paper. Based on the comments, CIP-001-2a R4 and EOP-004-1 R1 will be moved to Section V
of the technical paper entitled “The Initial Phase Reliability Standards Provided for
Informational Purposes,” as EOP-004-2 has been filed with regulatory authorities and the EOP004-2 implementation plan calls for the retirement of CIP-001-2a R4 and EOP-004-1 R1. This
resulted in a final list of 34 requirements in 19 Reliability Standard versions.
e. Third Posting, Recirculation Ballot
The project with redlined versions of 20 standards showing 36 requirements proposed to
be retired for Phase 3 was posted for a 10-day recirculation ballot from January 8, 2013 through
January 17, 2013. The project received a quorum of 84.60% and a 95.22% approval.
f. Board of Trustees Approval
The final project was approved by the NERC Board of Trustees on February 7, 2013.

Draft

Action

Redline of Standards
with Proposed
Retirements (22)
Implementation Plan
Clean (23) | Redline to
Last Posted (24)
Supporting Materials:
Technical White Paper
Clean (25)| Redline to
Last Posted (26)
Redline of VSL Matrix
(27)
Spreadsheet with
Proposed Retirements
(28)

Recirculation
Ballot
Info (30)
Vote>>

Dates

Results

Consideration of
Comments

01/08/13 ‐
01/17/13
(closed)

Summary
(31)
Ballot Results
(32)

Clean Set of Standards
with Proposed
Retirements (29)
Updated Info
Redline of Standards
(16)
with Proposed
Retirements (8)
Initial Ballot >>
Implementation Plan
Join Ballot
(9)
Pool>>
Supporting Materials:
Final SAR
Clean (10) | Redline to
draft SAR (11)
Technical White Paper
Comment
(12)
Period
Redline of VSL Matrix
Info (17)
(13)
Submit
Spreadsheet with
Comments>>
Proposed Retirements
(14)
Comment Form (Word)
(15)

Proposed SAR
Draft SAR Version 1 (1)
Supporting Materials:
Complete Set of
Standards with
Proposed Retirements

Comment
Period
Info (5)
Submit
Comments>>

11/30/12 ‐
12/10/12
(closed)

Summary
(18)
Full Record
(19)

10/25/12 ‐
11/23/12

10/25/12 ‐
12/10/12
(closed)

Comments
Received (20)

Consideration of
Comments (21)

08/03/12 ‐
09/04/12
(closed)

Comments
Received (6)

Consideration of
Comments (7)

for Phase 1 (2)
Spreadsheet with
Proposed Retirements
(3)
Comment Form (Word)
(4)

Standards Authorization Request Form
NERC welcomes suggestions to improve the reliability of the bulk power system through improved
reliability standards. Please use this form to submit your request to propose a new or a revision to a
NERC’s Reliability Standard.
Request to propose a new or a revision to a Reliability Standard
Title of Proposed Standard:

Retirement of Reliability Standard Requirements

Date Submitted:

June 29, 2012

SAR Requester Information
Name:

Brian J. Murphy on behalf of the following:

Organization:

Edison Electric Institute, American Public Power Association, National Rural Electric
Cooperative Association, Large Public Power Council, Electricity Consumers Resource
Council, The Electric Power Supply Association, Transmission Access Policy Study
Group, the North American Electric Reliability Corporation, and the Regional Entity
Management Group

Telephone:

305-442-5132

SAR Type (Check as many as applicable)
New Standard

Withdrawal of existing Standard

Revision to existing Standard

Urgent Action

SAR Information
Industry Need (What is the industry problem this request is trying to solve?):
On March 15, 2012, the Federal Energy Regulatory Commission (FERC) issued an order on NERC’s Find,
Fix and Track process that stated:
“The Commission notes that NERC’s FFT initiative is predicated on the view that
many violations of requirements currently included in Reliability Standards pose lesser

SAR Information
risk to the Bulk-Power System. If so, some current requirements likely provide little
protection for Bulk-Power System reliability or may be redundant. The Commission is
interested in obtaining views on whether such requirements could be removed from the
Reliability Standards with little effect on reliability and an increase in efficiency of the
ERO compliance program. If NERC believes that specific Reliability Standards or
specific requirements within certain Standards should be revised or removed, we invite
NERC to make specific proposals to the Commission identifying the Standards or
requirements and setting forth in detail the technical basis for its belief. In addition, or in
the alternative, we invite NERC, the Regional Entities and other interested entities to
propose appropriate mechanisms to identify and remove from the Commission-approved
Reliability Standards unnecessary or redundant requirements. We will not impose a
deadline on when these comments should be submitted, but ask that to the extent such
comments are submitted NERC, the Regional Entities, and interested entities coordinate
to submit their respective comments concurrently.”
North American Electric Reliability Corporation, 138 FERC ¶ 61,193 at p 81 (March 15, 2012) (“P81”).
Consistent with P81, the problem this SAR is resolving is to identify Reliability Standards requirements
that either: (a) provide little protection to the BPS; 1 (b) are unnecessary or (c) are redundant; and,
thereafter, to have NERC file the identified Reliability Standard requirements with FERC to have them
removed from the FERC-approved list of Reliability Standards.
In addition to addressing P81, this SAR is also consistent with Recommendation #4 set forth in NERC’s
Recommendations to Improve The Standards Development Process at page 12 (April 2012), which states:
Recommendation 4: Standards Product Issues — The NERC board is encouraged to
require that the standards development process address: . . . The retirement of
standards no longer needed to meet an adequate level of reliability.

Given NERC’s Reliability Standards are based on the definition of a Bulk Electric System (BES), the remainder of this SAR
will use the term BES rather than Bulk Power System or BPS.

Standard Authorization Request Form
2

SAR Information

Purpose or Goal (How does this request propose to address the problem described above?):
The SAR addresses the problem identified above by:
(1) Setting forth specific criteria (below) to evaluate whether a Reliability Standard requirement
provides little protection to BES reliability or is unnecessary or redundant.
(2) Establishing a multi-phased process for addressing these Reliability Standard requirements. During
the Initial Phase, the Standards Drafting Team will identify those Reliability Standard requirements that
easily satisfy the criteria and either recommend: (a) the retirement of the requirement 2 or (b) a
modification to the requirement, 3 while future phases will identify the remaining Reliability Standard
requirements that satisfy the criteria, but could not be included in the Initial Phase due to the need for
additional analysis or a modification of language. This multi-phased approach is also proposed to
address FERC’s interest in increasing the efficiency of the ERO compliance program, so that the first set
of identified Reliability Standard requirements may be filed with FERC on an expedited basis, and,
therefore, start increasing ERO efficiencies as soon as practical.
(3) To facilitate the Initial Phase of the Standard Drafting Team’s process, a list of Reliability Standard
requirements that appear to easily satisfy the criteria are set forth below.
(4) During each phase, as a list of Reliability Standard requirements is identified and passes through the
Standards Development Process, the Standards Drafting Team 4 will also assist NERC staff to file these
requirements with FERC so the requirements are removed from the FERC-approved list, including
providing additional technical justification, as needed.

The Standards Drafting Team will work with NERC staff to determine the manner to eliminate the identified Reliability
Standards requirements.

Given the expedited nature of the Initial Phase, it is unlikely there will be a large number of modifications considered, and
the Standards Drafting Team may decide to defer all requested modifications to subsequent phases.

While this SAR applies to all phases of the P81 project, it is understood that the composition of the Standard Drafting
Team may need to change or be supplemented in subsequent phases depending on the technical expertise required.

Standard Authorization Request Form
3

SAR Information
Identify the Objectives of the proposed standard’s requirements (What specific reliability deliverables
are required to achieve the goal?):
The objectives of this SAR for all phases of this project are to retire or modify FERC-approved Reliability
Standard requirements that provide little protection to the reliable operations of the BES, are
redundant or unnecessary, or to retire or modify a FERC-approved Reliability Standard requirement to
increase the efficiency of the ERO’s compliance programs.
Brief Description (Provide a paragraph that describes the scope of this standard action.)
The scope of this SAR is all FERC-approved Reliability Standards.
Detailed Description (Provide a description of the proposed project with sufficient details for the
standard drafting team to execute the SAR. Also provide a justification for the development or revision
of the standard, including an assessment of the reliability and market interface impacts of implementing
or not implementing the standard action.)
The Standard Drafting Team shall implement a phased process. The Initial Phase shall identify all FERCapproved Reliability Standard requirements that easily satisfy the criteria set forth below, while future
phases shall identify FERC-approved Reliability Standard requirements that satisfy the criteria set forth
below, but could not be included in the Initial Phase due to the need for additional analysis or an editing
of language. During each phase the Standards Drafting Team shall identify Reliability Standard
requirements that satisfy both: (A) the overarching criteria and (B) at least one of the technical criteria.
In addition, for all phases, the Standards Drafting Team shall also consider the data and reference points
set forth below in Criterion C when deciding whether a Reliability Standard requirement should be
retired or modified.
A. Overarching Criterion:
In the event no responsible entity performed the FERC-approved Reliability Standard requirement,
there would be little or no impact to the protection or reliable operation of the BES.
Section 215(a)(4) of the Federal Power Act defines “reliable operation” as: “… operating the elements
of the bulk-power system within equipment and electric system thermal, voltage, and stability limits so
that instability, uncontrolled separation, or cascading failures of such system will not occur as a result of
a sudden disturbance, including a cybersecurity incident, or unanticipated failure of system elements.”

Standard Authorization Request Form
4

SAR Information
B. Technical Criteria:
1. Administrative
The Reliability Standard requirement requires responsible entities to perform a function that is
administrative in nature, does not support reliability and is needlessly burdensome.
2. Data Collection/Data Retention
The Reliability Standard requirement requires responsible entities to collect or retain data and does not
contribute to: (a) the reliable operation of the BES or (b) an effective compliance enforcement
processes. These are requirements that obligate responsible entities to retain data which document
prior events or activities, and should be collected via some other method under NERC’s rules and
processes or addressed in the data retention sections of Reliability Standards.
3. Purely Documentation
The Reliability Standard requirement requires responsible entities to develop a document (e.g., plan,
policy or procedure) which is not necessary to protect BES reliability.
4. Purely Reporting
The Reliability Standard requirement obligates responsible entities to report out to a Regional Entity,
NERC or another party or entity. These are requirements that obligate responsible entities to report to
a Regional Entity on activities which have no discernable impact on promoting reliable operation of the
BES and if the entity failed to meet this requirement it would have little impact on the reliable operation
of the BES.
5. Periodic Updates
The Reliability Standard requirement requires responsible entities to periodically update (e.g., annually)
documentation, such as a plan, procedure or policy without an operational benefit to reliability.
6. Commercial or Business Practice
The Reliability Standard requirement is a commercial or business practice, e.g., better served as a

Standard Authorization Request Form
5

SAR Information
NAESB standard or as part of NAESB Electric Industry Registry (EIR).
7.

Redundant

The Reliability Standard requirement is redundant with either another Reliability Standard requirement
or governmental regulation (e.g., Open Access Transmission Tariff, NAESB, etc.).
8.

Hinders the protection or reliable operation of the BES

The Reliability Standard requirement requires responsible entities to conduct an activity or task that
hinders, distracts or is counterproductive to the protection or reliable operation of the BES.
9.

Little, if any, value as a reliability requirement

The tasks or activities in the Reliability Standard requirement do little, if anything, to promote the
protection the BES.
C.

Additional data and reference points

In those instances when there is the need for additional information to assist in the determination of
whether a Reliability Standard requirement satisfies both Criteria A and B, the Standards Drafting Team
shall consider the following data and reference points to make a more informed decision:
1.

Was the Reliability Standard requirement part of a Find, Fix and Track filing?

2.
Is the Reliability Standard requirement being reviewed in an on-going Standards Development
Project?
3.

What is the Violation Risk Factor of the Reliability Standard requirement?

In which tier of the Actively Monitored Standards does the Reliability Standard requirement fall?

Any negative impact on NERC’s published and posted reliability principles?

Standard Authorization Request Form
6

SAR Information
6.

Any negative impact on the defense in depth protection of the BES?

7.
Does the retirement or modification promote results or performance-based Reliability
Standards?
To facilitate the Standard Drafting Team’s consideration of the above questions, NERC staff will provide
the team with relevant known data and statistics.
To facilitate the Standard Drafting Team’s Initial Phase, below is a list of Reliability Standard
requirements that appear to satisfy both Criteria A and B, with consideration of Criterion C. To assist
the Team’s review of these requirements, Criterion B coding is provided, along with a brief statement
explaining why the requirement provides little protection to the BES, is unnecessary or is redundant.

List of Phase One Reliability Standard requirements that satisfy both Criteria A and B,
with consideration of Criterion C

To be retired:
BAL-005-0.1b R2
Each Balancing Authority shall maintain Regulating Reserve that can be controlled by AGC to meet the
Control Performance Standard.
Criterion B 7.
Statement: BAL-005-0.1b is redundant with the Control Performance Standard defined in BAL-001 R1
and R2. This is also redundant in that it is measured by whether or not BAL-001 R1 and R2 are met.

Standard Authorization Request Form
7

SAR Information
Conclusion: This is redundant with the Control Performance Standard defined in BAL-001 R1 and R2.
This is also redundant in that it is measured by whether or not BAL-001 R1 and R2 are met. This may be
double jeopardy in that failure to achieve compliance with BAL-001 R1 and R2 could imply failure of this
standard as well. This is misleading in requiring entities to maintain Regulating Reserve, but providing
no way to measurably comply, apart from achieving compliance with BAL-001 R1 and R2.
CIP-001-2a R4.
Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator, and
Load-Serving Entity shall establish communications contacts, as applicable, with local Federal Bureau of
Investigation (FBI) or Royal Canadian Mounted Police (RCMP) officials and develop reporting procedures
as appropriate to their circumstances.
Criterion B 1, 2, 3, 8 and 9.
Statement: CIP-001-2a is administrative, documentation and data collection in nature, because the
establishment of communication contacts, in and of itself, with the FBI and RCMP has little or no impact
on protection or the reliable operation of the BES. Instead, compliance with R1-R3 of CIP-001-2a
provides the actions that responsible entities take to protect the BES in the event of sabotage.
Specifically, R1 through R3 require that the Reliability Coordinator, Balancing Authority, Transmission
Operator, Generator Operator, and Load Serving Entity to have procedures for the recognition of
sabotage, reporting of sabotage and communication of sabotage events to appropriate parties in the
Interconnection, which may include local law enforcement, the FBI, etc. Thus, in CIP-001-2a, R1 through
R3 serve a reliability function, while R4 is a static, administrative requirement that has no clear resultsbased nexus to protecting the Bulk Electric System (BES).
Conclusion: Since this requirement provides little protection to the BES and is administrative in nature,
Requirement 4 should be removed from Reliability Standard CIP-001-2a.
CIP-003-3, -4 R1.2
The cyber security policy is readily available to all personnel who have access to, or are responsible for,
Critical Cyber Assets.

Standard Authorization Request Form
8

SAR Information
Criterion B 1.
Statement: Whether there is a robust CIP compliance plan on which employees are trained may
impact reliability, not whether the cyber security policy is readily available. Employees that are
responsible for executing the cyber security policy are required to undergo a variety of training, follow
multiple processes and procedures that are already required by the CIP requirements. Simply requiring
that the policy be readily available is an administrative task that provides little, if any, benefit to
reliability of the BES.
Conclusion: Since this requirement provides little protection to the BES and is purely administrative in
nature, Requirement 1.2 should be removed from Reliability Standards CIP-003-3 and CIP-003-4.
CIP-003-3, -4 R3, R3.1, R3.2, R3.3
R3 Exceptions – Instances where the Responsible Entity cannot conform to its cyber security policy
must be documented as exceptions and authorized by the senior manager or delegate(s).
R3.1 Exceptions to the Responsible Entity’s cyber security policy must be documented
within thirty days of being approved by the senior manager or delegate(s).
R3.2 Documented exceptions to the cyber security policy must include an explanation as to why the
exception is necessary and any compensating measures.
R3.3 Authorized exceptions to the cyber security policy must be reviewed and approved
annually by the senior manager or delegate(s) to ensure the exceptions are still
required and valid. Such review and approval shall be documented.
Criterion B 1, 3 and 8.
Statement: Over time, these exception requirements have proven to not be useful and have been
Standard Authorization Request Form
9

SAR Information
subject to misinterpretation, including responsible entities believing they can exempt themselves from
compliance with the CIP requirements.
Conclusion: For regulatory efficiency, since these requirements provide little protection to the BES and
are open to misinterpretation, in addition to being entirely documentation, Requirement 3 and its
subrequirements should be removed from Reliability Standard CIP-003-3 and CIP-003-4.
CIP-003-3, -4 R4.2.
The Responsible Entity shall classify information to be protected under this program based on the
sensitivity of the Critical Cyber Asset information.
Criterion B 1, 3 and 7.
Statement: CIP-003-3, -4 already requires the classification of information associated with Critical
Cyber Assets, which makes R4.2 redundant. The only difference in R4.2 is the term, “based on the
sensitivity” has been added. The addition of this term can be viewed as overly managing the
responsible entities’ process of classification or simply not adding sufficient value to reliability to require
new requirement over and above R4.
Conclusion: Since these requirements are redundant and provide little protection to the BES,
Requirement 4.2 should be removed from both Reliability Standards CIP-003-3 and CIP-003-4.
CIP-005-3a, -4a R2.6.
Appropriate Use Banner -- Where technically feasible, electronic access control
devices shall display an appropriate use banner on the user screen upon all interactive
access attempts. The Responsible Entity shall maintain a document identifying the
content of the banner.
Criterion B 1, 3, 8 and 9.

Standard Authorization Request Form
10

SAR Information
Statement: Over time, the banner requirement (or no trespass sign) has not been shown to be useful
or consistent with a results-based approach to implementing a cyber security program. Additionally, it
is administrative in nature.
Conclusion: Since this requirement provides little protection to the BES and is purely administrative in
nature, Requirement R2 should be removed from Reliability Standards CIP-005-3a and CIP-005-4.
CIP-007-3, -4 R7.3
The Responsible Entity shall maintain records that such assets were disposed of or redeployed in
accordance with documented procedures.
Criterion B 2.
Statement: CIP-007-3, -4 R7.3 is evidence collection and possible for inclusion in an RSAW.
Conclusion: Since this requirement provides little protection to the BES and is data collection in nature,
it should be removed from CIP-007-3, -4.
COM-001-1.1 R6.
Each NERCNet User Organization shall adhere to the requirements in Attachment 1-COM-001-0,
“NERCNet Security Policy.”
Criterion B 6.
Statement: Whether the entity has a robust up-to-date CIP compliance plan may impact reliability, but
not whether it employs a specific business practice such as the NERCNet. NOTE: This requirement is
proposed for removal per Project 2006-06 (Reliability Coordination) with the rationale: “The RC SDT is
recommending that R6 be retired. This is an ERO procedural issue and should not be in a reliability
standard. It should be included in the ERO Rules of Procedure.”

Standard Authorization Request Form
11

SAR Information
Conclusion: Since this requirement provides little protection to the BES and is more appropriate as a
Commercial and Business Practice, Requirement 6 should be removed from Reliability Standard COM001-1.1.
EOP-004-1 R1.
Each Regional Reliability Organization shall establish and maintain a Regional reporting procedure to
facilitate preparation of preliminary and final disturbance reports.
Criterion B 1, 3 and 4.
Statement: Whether or not there is a Regional Entity procedure to report disturbances has no impact
on reliability. In other words, while a procedure for the collection of reports on disturbances may be
useful information for purposes of Regional Entities to stay informed during events, is not an activity
that protects the reliability of BES. The collection of such information should be established outside
mandatory Reliability Standards.
Conclusion: Since this requirement provides little protection to the BES and is purely documentation,
Requirement 1 should be removed from Reliability Standard EOP-004-1.
EOP-005-2 R3.1.
If there are no changes to the previously submitted restoration plan, the Transmission Operator shall
confirm annually on a predetermined schedule to its Reliability Coordinator that it has reviewed its
restoration plan and no changes were necessary.
Criterion B 1, 5, 7 and 9.
Statement: EOP-005-2 R3 reads: “Each Transmission Operator shall review its restoration plan and
submit it to its Reliability Coordinator annually on a mutually agreed predetermined schedule.” This
requirement requires the Transmission Operator to submit its restoration plan to the Reliability

Standard Authorization Request Form
12

SAR Information
Coordinator whether or not there have been changes. Therefore, R3.1 only adds a duplicative
administrative burden for the entity to also confirm that there were no changes based upon another
possible pre-determined schedule. Whether or not there was a change from year to year in the
restoration plan will be documented in the revision history of the restoration plan, and thus the
Reliability Coordinator will be able to ascertain whether or not there were changes based on R3. Thus,
EOP-005-2 R3.1 provides little, if any, value to promoting the protection of the BES.
Conclusion: For regulatory efficiency, and since this requirement appears redundant to R3,
Requirement 3.1 should be removed from Reliability Standard EOP-005-2.
EOP-009-0 R2.
The Generator Owner or Generator Operator shall provide documentation of the test results of the
startup and operation of each blackstart generating unit to the Regional Reliability Organizations and
upon request to NERC.
Criterion B 4.
Statement: The requirement to report blackstart test results to the Regional Entity and NERC has no
impact on reliability. If the Regional Entity desires to review or track this information, a better vehicle
to obtain it is via a Compliance Audit or Spot-Check, or some other compliance monitoring procedure.
Conclusion: For regulatory efficiency and since this requirement is purely a reporting activity,
Requirement 2 should be removed from Reliability Standard EOP-009-0.
FAC-002-1 R2.
The Planning Authority, Transmission Planner, Generator Owner, Transmission Owner, Load-Serving
Entity, and Distribution Provider shall each retain its documentation (of its evaluation of the reliability
impact of the new facilities and their connections on the interconnected transmission systems) for three
years and shall provide the documentation to the Regional Reliability Organization(s) and NERC on
request (within 30 calendar days).

Standard Authorization Request Form
13

SAR Information
Criterion B 2, 3 and 4.
Statement: Requiring the retention of studies for three years has no impact on protecting or the
reliable operation of the BES, and is merely a data retention requirement that is better suited to be
considered during an audit or in the context of compliance monitoring.
Conclusion: Since this requirement provides little protection to the BES and is purely data
collection/retention, Requirement 2 should be removed from Reliability Standard FAC-002-1.
FAC-008-1 R1.3.5.
Other assumptions.
Criterion B 8.
Statement: The term “other assumptions" in the context of facility ratings is very close to meaningless
from a technical standpoint, generic and, therefore, yields no protection of the BES.
Conclusion: Since this requirement provides little or no protection to the BES and is unnecessary,
Requirement 1.3.5 should be removed from Reliability Standard FAC-008-1.
FAC-008-1 R2; FAC-008-1 R3; FAC-008-3 R4; FAC-008-3 R5
FAC-008-1 R2 The Transmission Owner and Generator Owner shall each make its Facility Ratings
Methodology available for inspection and technical review by those Reliability Coordinators,
Transmission Operators, Transmission Planners, and Planning Authorities that have responsibility for
the area in which the associated Facilities are located, within 15 business days of receipt of a request.
FAC-008-1 R3 If a Reliability Coordinator, Transmission Operator, Transmission Planner, or Planning
Authority provides written comments on its technical review of a Transmission Owner’s or Generator
Owner’s Facility Ratings Methodology, the Transmission Owner or Generator Owner shall provide a

Standard Authorization Request Form
14

SAR Information
written response to that commenting entity within 45 calendar days of receipt of those comments. The
response shall indicate whether a change will be made to the Facility Ratings Methodology and, if no
change will be made to that Facility Ratings Methodology, the reason why.
FAC-008-3 R4 Each Transmission Owner shall make its Facility Ratings methodology and each Generator
Owner shall each make its documentation for determining its Facility Ratings and its Facility Ratings
methodology available for inspection and technical review by those Reliability Coordinators,
Transmission Operators, Transmission Planners and Planning Coordinators that have responsibility for
the area in which the associated Facilities are located, within 21 calendar days of receipt of a request.
FAC-008-3 R5 If a Reliability Coordinator, Transmission Operator, Transmission Planner or Planning
Coordinator provides documented comments on its technical review of a Transmission Owner’s Facility
Ratings methodology or Generator Owner’s documentation for determining its Facility Ratings and its
Facility Rating methodology, the Transmission Owner or Generator Owner shall provide a response to
that commenting entity within 45 calendar days of receipt of those comments. The response shall
indicate whether a change will be made to the Facility Ratings methodology and, if no change will be
made to that Facility Ratings methodology, the reason why.
Criterion B 1, 2, 4 and 6.
Statement: For purposes of reliability, facility ratings are transmitted and used via the FAC (System
Operating Limits), MOD and TPL Standards, 5 and posting the rating methodology for comment and
responding to comments in and of itself has no reliability benefit. Furthermore, these requirements do
not appear appropriate given the possible commercial or market related implications of sharing and
debating with a competitor the facility ratings methodology of a facility.

MOD-001-1a R9, MOD-028-1 R2.3; MOD-029-1a R2.1; MOD-030-02 R3.1, PRC-023-2, Attachment A 2.7; TPL-001-0.1
Footnote a; TPL-002-1b, footnotes a and b; TPL-003-0a, footnote a and TPL-004-0, footnote a. Also, via FAC-011-2 the
System Operating Limits methodology of Reliability Coordinator may also use facility ratings as a key element. Also, FAC008-3 R7 and R8 require the transmission of facility ratings to reliability entities.

Standard Authorization Request Form
15

SAR Information
Conclusion: For regulatory efficiency and possible commercial or market implications in sharing the
facility ratings, and since these requirements are purely administrative in nature along with reporting
activities, Requirements R2 and R3 of Reliability Standard FAC-008-1 and Requirements 4 and 5 of
Reliability Standard FAC-008-3 should be removed from the Standards.
FAC-013-2 R3
If a recipient of the Transfer Capability methodology provides documented concerns with the
methodology, the Planning Coordinator shall provide a documented response to that recipient within
45 calendar days of receipt of those comments. The response shall indicate whether a change will be
made to the Transfer Capability methodology and, if no change will be made to that Transfer Capability
methodology, the reason why.
Criterion B 1, 2, 4 and 6.
Statement: Similar to the concerns with FAC-008, the FAC-013-2 requirement to reply to comments on
a transfer capability methodology has no reliability benefit, and, moreover, a back and forward on
transfer capability could have commercial or market implications.
Conclusion: For regulatory efficiency and possible commercial or market implications in sharing
transfer capability methodology, and since these requirements are purely administrative in nature along
with reporting activities, Requirement R3 of Reliability Standard FAC-013-2 should be removed from the
Standards.
INT-007-1 R1.2
All reliability entities involved in the Arranged Interchange are currently in the NERC registry.
Criterion B 1
Statement: INT-007-1, R1.2 is administrative in nature, and adds little to reliability.

Standard Authorization Request Form
16

SAR Information
Conclusion: Since INT-007-1 R1.2 provides little protection to the BES, it should be removed.
IRO-016-1 R2
The Reliability Coordinator shall document (via operator logs or other data sources) its actions taken for
either the event or for the disagreement on the problem(s) or for both.
Criterion B 2.
Statement:
IRO-016-1 R2 is an evidence requirement. Candidate to go into RSAW.
Conclusion: Since IRO-016-1 R2 provides little protection to the BES and is data collection in nature, it
should be removed.
MOD-004-1 R1; MOD-004-1 R1.1; MOD-004-1 R1.2; MOD-004-1 R1.3; MOD-004-1 R2; MOD-004-1 R3;
MOD-004-1 R3.1; MOD-004-1 R3.2; MOD-004-1 R4; MOD-004-1 R4.1; MOD-004-1 R4.2; MOD-004-1
R5; MOD-004-1 R5.1; MOD-004-1 R5.2; MOD-004-1 R6; MOD-004-1 R6.1; MOD-004-1 R6.2; MOD-0041 R7; MOD-004-1 R8; MOD-004-1 R9; MOD-004-1 R9.1; MOD-004-1 R9.2; MOD-004-1 R10; MOD-004-1
R11; MOD-004-1 R12; MOD-004-1 R12.1; MOD-004-1 R12.2; MOD-004-1 R12.3.
R1 The Transmission Service Provider that maintains CBM shall prepare and keep current a “Capacity
Benefit Margin Implementation Document” (CBMID) that includes, at a minimum, the following
information: [Time Horizon: Operations Planning, Long-term Planning]
R1.1 The process through which a Load-Serving Entity within a Balancing Authority Area associated with
the Transmission Service Provider, or the Resource Planner associated with that Balancing Authority
Area, may ensure that its need for Transmission capacity to be set aside as CBM will be reviewed and
accommodated by the Transmission Service Provider to the extent Transmission capacity is available.
R1.2 The procedure and assumptions for establishing CBM for each Available Transfer Capability (ATC)

Standard Authorization Request Form
17

SAR Information
Path or Flowgate.
R1.3 The procedure for a Load-Serving Entity or Balancing Authority to use Transmission capacity set
aside as CBM, including the manner in which the Transmission Service Provider will manage situations
where the requested use of CBM exceeds the amount of CBM available.
R2 The Transmission Service Provider that maintains CBM shall make available its current CBMID to the
Transmission Operators, Transmission Service Providers, Reliability Coordinators, Transmission
Planners, Resource Planners, and Planning Coordinators that are within or adjacent to the Transmission
Service Provider’s area, and to the Load Serving Entities and Balancing Authorities within the
Transmission Service Provider’s area, and notify those entities of any changes to the CBMID prior to the
effective date of the change. [Time Horizon: Operations Planning]
R3 Each Load-Serving Entity determining the need for Transmission capacity to be set aside as CBM for
imports into a Balancing Authority Area shall determine that need by: [Time Horizon: Operations
Planning]
R3.1 Using one or more of the following to determine the GCIR:
Loss of Load Expectation (LOLE) studies
Loss of Load Probability (LOLP) studies
Deterministic risk-analysis studies
Reserve margin or resource adequacy requirements established by other entities, such as
municipalities, state commissions, regional transmission organizations, independent system operators,
Regional Reliability Organizations, or regional entities
R3.2 Identifying expected import path(s) or source region(s).
R4 Each Resource Planner determining the need for Transmission capacity to be set aside as CBM for
imports into a Balancing Authority Area shall determine that need by: [Time Horizon: Operations
Planning]

Standard Authorization Request Form
18

SAR Information
R4.1 Using one or more of the following to determine the GCIR:
Loss of Load Expectation (LOLE) studies
Loss of Load Probability (LOLP) studies
Deterministic risk-analysis studies
Reserve margin or resource adequacy requirements established by other entities, such as
municipalities, state commissions, regional transmission organizations, independent system operators,
Regional Reliability Organizations, or regional entities
R4.2 Identifying expected import path(s) or source region(s).
R5 At least every 13 months, the Transmission Service Provider that maintains CBM shall establish a
CBM value for each ATC Path or Flowgate to be used for ATC or Available Flowgate Capability (AFC)
calculations during the 13 full calendar months (months 2-14) following the current month (the month
in which the Transmission Service Provider is establishing the CBM values). This value shall: [Time
Horizon: Operations Planning]
R5.1 Reflect consideration of each of the following if available:
Any studies (as described in R3.1) performed by Load-Serving Entities for loads within the Transmission
Service Provider’s area
Any studies (as described in R4.1) performed by Resource Planners for loads within the Transmission
Service Provider’s area
Any reserve margin or resource adequacy requirements for loads within the Transmission Service
Provider’s area established by other entities, such as municipalities, state commissions, regional
transmission organizations, independent system operators, Regional Reliability Organizations, or
regional entities
R5.2 Be allocated as follows:
For ATC Paths, based on the expected import paths or source regions provided by Load-Serving Entities
or Resource Planners

Standard Authorization Request Form
19

SAR Information
For Flowgates, based on the expected import paths or source regions provided by Load-Serving Entities
or Resource Planners and the distribution factors associated with those paths or regions, as determined
by the Transmission Service Provider
R6 At least every 13 months, the Transmission Planner shall establish a CBM value for each ATC Path or
Flowgate to be used in planning during each of the full calendar years two through ten following the
current year (the year in which the Transmission Planner is establishing the CBM values). This value
shall: [Time Horizon: Long-term Planning]
R6.1 Reflect consideration of each of the following if available:
Any studies (as described in R3.1) performed by Load-Serving Entities for loads within the Transmission
Planner’s area
Any studies (as described in R4.1) performed by Resource Planners for loads within the Transmission
Planner’s area
Any reserve margin or resource adequacy requirements for loads within the Transmission Planner’s area
established by other entities, such as municipalities, state commissions, regional transmission
organizations, independent system operators, Regional Reliability Organizations, or regional entities
R6.2 Be allocated as follows:
For ATC Paths, based on the expected import paths or source regions provided by Load-Serving Entities
or Resource Planners
For Flowgates, based on the expected import paths or source regions provided by Load-Serving Entities
or Resource Planners and the distribution factors associated with those paths or regions, as determined
by the Transmission Planner.
R7 Less than 31 calendar days after the establishment of CBM, the Transmission Service Provider that
maintains CBM shall notify all the Load-Serving Entities and Resource Planners that determined they
had a need for CBM on the Transmission Service
Provider’s system of the amount of CBM set aside. [Time Horizon: Operations Planning]

Standard Authorization Request Form
20

SAR Information
R8 Less than 31 calendar days after the establishment of CBM, the Transmission Planner shall notify all
the Load-Serving Entities and Resource Planners that determined they had a need for CBM on the
system being planned by the Transmission Planner of the amount of CBM set aside. [Time Horizon:
Operations Planning]
R9 The Transmission Service Provider that maintains CBM and the Transmission Planner shall each
provide (subject to confidentiality and security requirements) copies of the applicable supporting data,
including any models, used for determining CBM or allocating CBM over each ATC Path or Flowgate to
the following: [Time Horizon: Operations Planning, Long-term Planning]
R9.1 Each of its associated Transmission Operators within 30 calendar days of their making a request
for the data.
R9.2 To any Transmission Service Provider, Reliability Coordinator, Transmission Planner, Resource
Planner, or Planning Coordinator within 30 calendar days of their making a request for the data.
R10 The Load-Serving Entity or Balancing Authority shall request to import energy over firm Transfer
Capability set aside as CBM only when experiencing a declared NERC Energy Emergency Alert (EEA) 2 or
higher. [Time Horizon: Same-day Operations]
R11 When reviewing an Arranged Interchange using CBM, all Balancing Authorities and Transmission
Service Providers shall waive, within the bounds of reliable operation, any Real-time timing and ramping
requirements. [Time Horizon: Same-day Operations]
R12 The Transmission Service Provider that maintains CBM shall approve, within the bounds of reliable
operation, any Arranged Interchange using CBM that is submitted by an “energy deficient entity ” under
an EEA 2 if: [Time Horizon: Same-day Operations]
R12.1 The CBM is available

Standard Authorization Request Form
21

SAR Information
R12.2 The EEA 2 is declared within the Balancing Authority Area of the “energy deficient entity,” and
R12.3 The Load of the “energy deficient entity” is located within the Transmission Service Provider’s
area.
Criterion B 6.
Statement: Capacity Benefit Margin (CBM) is better integrated in marketing functions and is not a
reliability function. In the NERC TOP-002 Operations Planning Standard, Requirement R1 specifies that
the Transmission Operator shall have an Operating Planning Analysis that represents projected System
conditions to assess planned operation for the next day that do not exceed Facility Ratings or Stability
Limits for anticipated normal and contingency events. Further, the CBM standard is redundant to the
TOP-002 R1 where the marketer would schedule their transmission reserve within the limits established
by the Transmission Operator. The Transmission Operator ensures that the established reserve along
with other identified schedules are modeled to anticipate next-day conditions and remain within
established operating limits.
In addition, this Standard is not necessary for the support of BES reliability as evidenced by the fact that
of the entities that once used CBM, many dropped it when it became effective due to the unnecessary
burdens it placed on the entities.
Conclusion: The requirements above relate to commercial and market issues regulated under OATT.
Furthermore, they provide little protection to the BES and unnecessary as part of NERC Reliability
Standards. Requirements 1 through 12 and associated subrequirements should be removed from
Reliability Standard MOD-004-1.
NUC-001-2 R9.1; NUC-001-2 R9.1.1; NUC-001-2 R9.1.2; NUC-001-2 R9.1.3; NUC-001-2 R9.1.4
R9.1 Administrative elements:

Standard Authorization Request Form
22

SAR Information
R9.1.1 Definitions of key terms used in the agreement.
R9.1.2 Names of the responsible entities, organizational relationships, and
responsibilities related to the NPIRs.
R9.1.3 A requirement to review the agreement(s) at least every three years.
R9.1.4 A dispute resolution mechanism.
Criterion B 1, 3, 5, 6.
Statement: These requirements of NUC-001-2 do not address reliability, rather they address
administrative and commercial terms of an agreement. Given there is no clear nexus between these
requirements and reliability, they should be retired.
Conclusion: Since these requirements are purely administrative in nature, provide for a periodic update
and commercial terms of the agreement, they provide little protection to the BES. Requirement 9.1 and
associated subrequirements should be removed from Reliability Standard NUC-001-2.
PRC-008-0 R1; PRC-008-0 R2; PRC-009-0 R1; PRC-009-0 R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC009-0 R1.4; PRC-009-0 R2; PRC-010-0 R2; PRC-022-1 R2.
PRC-008-0 R1 The Transmission Owner and Distribution Provider with a UFLS program (as required by
its Regional Reliability Organization) shall have a UFLS equipment maintenance and testing program in
place. This UFLS equipment maintenance and testing program shall include UFLS equipment
identification, the schedule for UFLS equipment testing, and the schedule for UFLS equipment
maintenance.
PRC-008-0 R2 The Transmission Owner and Distribution Provider with a UFLS program (as required by
its Regional Reliability Organization) shall implement its UFLS equipment maintenance and testing
program and shall provide UFLS maintenance and testing program results to its Regional Reliability

Standard Authorization Request Form
23

SAR Information
Organization and NERC on request (within 30 calendar days).
PRC-009-0 R1 The Transmission Owner, Transmission Operator, Load-Serving Entity and Distribution
Provider that owns or operates a UFLS program (as required by its Regional Reliability Organization)
shall analyze and document its UFLS program performance in accordance with its Regional Reliability
Organization’s UFLS program. The analysis shall address the performance of UFLS equipment and
program effectiveness following system events resulting in system frequency excursions below the
initializing set points of the UFLS program. The analysis shall include, but not be limited to:
PRC-009-0 R1.1 A description of the event including initiating conditions.
PRC-009-0 R1.2 A review of the UFLS set points and tripping times.
PRC-009-0 R1.3 A simulation of the event.
PRC-009-0 R1.4 A summary of the findings.
PRC-009-0 R2 The Transmission Owner, Transmission Operator, Load-Serving Entity, and Distribution
Provider that owns or operates a UFLS program (as required by its Regional Reliability Organization)
shall provide documentation of the analysis of the UFLS program to its Regional Reliability Organization
and NERC on request 90 calendar days after the system event.
PRC-010-0 R2 The Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall provide documentation of its current UVLS
program assessment to its Regional Reliability Organization and NERC on request (30 calendar days).
PRC-022-1 R2 Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates
a UVLS program shall provide documentation of its analysis of UVLS program performance to its
Regional Reliability Organization within 90 calendar days of a request.

Standard Authorization Request Form
24

SAR Information
Criterion B 4, 9.
Statement: Since UVLS and UFLS information is being collected under event analysis, and also PRC-0090 will become inactive September 30, 2013 and replaced by PRC-006-1, the above requirements add
little to reliability.
Conclusion: Since PRC-008-0 R1; PRC-008-0 R2; PRC-009-0 R1; PRC-009-0 R1.1; PRC-009-0 R1.2; PRC009-0 R1.3; PRC-009-0 R1.4; PRC-009-0 R2; PRC-010-0 R2; PRC-022-1 R2 provides little protection to the
BES and better handled under event analysis and lessons learned papers, it should be removed.
TOP-001-1a R3
Each Transmission Operator, Balancing Authority, and Generator Operator shall comply with reliability
directives issued by the Reliability Coordinator, and each Balancing Authority and Generator Operator
shall comply with reliability directives issued by the Transmission Operator, unless such actions would
violate safety, equipment, regulatory or statutory requirements. Under these circumstances the
Transmission Operator, Balancing Authority, or Generator Operator shall immediately inform the
Reliability Coordinator or Transmission Operator of the inability to perform the directive so that the
Reliability Coordinator or Transmission Operator can implement alternate remedial actions.
Criterion B 7.
Statement: TOP-001-1a R3 is redundant with IRO-001-1a R8. NOTE: per project 2007-03 (Real-time
Operations), this requirement was removed from TOP-001-1a and proposed to be replaced by IRO-0013, R2, R3, R4.
IRO-001-1a R8 reads:
Transmission Operators, Balancing Authorities, Generator Operators, Transmission Service
Providers, Load-Serving Entities, and Purchasing-Selling Entities shall comply with Reliability
Coordinator directives unless such actions would violate safety, equipment, or regulatory or
statutory requirements. Under these circumstances, the Transmission Operator, Balancing
Authority, Generator Operator, Transmission Service Provider, Load-Serving Entity, or
Standard Authorization Request Form
25

SAR Information
Purchasing-Selling Entity shall immediately inform the Reliability Coordinator of the inability to
perform the directive so that the Reliability Coordinator may implement alternate remedial
actions.
The next proposed version of IRO-001 for this requirement also reads the same. As is apparent from a
comparison of the two requirements, there is no need for TOP-001-1a R3 which is duplicative of IRO001-1a R8. Also, in the next proposed version of TOP-001, Reliability Coordinator has been deleted
from this requirement.
Conclusion: Requirement 3 is redundant to Reliability Standard IRO-001-1a R8 and should be removed
from Reliability Standard TOP-001-1a.
TOP-005-2a R1
As a condition of receiving data from the Interregional Security Network (ISN), each ISN data recipient
shall sign the NERC Confidentiality Agreement for “Electric System Reliability Data.”
Criterion B 3.
Statement:
TOP-005-2a R1 is better suited for ROP than reliability requirement.
Conclusion: Since TOP-005-2a R1 provides little protection to the BES and is purely documentation in
nature, it should be removed.
VAR-002-WECC-1 R2; VAR-501-WECC-1 R2
VAR-002-WECC-1 R2 Generator Operators and Transmission Operators shall have documentation
identifying the number of hours excluded for each requirement R1.1 through R1.10.
VAR-501-WECC-1 R2 Generator Operators shall have documentation identifying the number of hours
excluded for each requirement in R1.1 through R1.12.

Standard Authorization Request Form
26

SAR Information
Criterion B 3 and 4.
Statement: Communication of the status of AVR and PSS with the Transmission Operator may impact
reliability, but not documenting or reporting out of this information to a Regional Entity. If the Regional
Entity desires to review or track the AVR and PSS hours, such information should be collected via
vehicles other than the Reliability Standards, such as Compliance Audits, Spot-Checks and other
compliance monitoring procedures.
Conclusion: For regulatory efficiency and since the requirements are purely documentation and
reporting activities, Requirement 2 in Regional Reliability Standards VAR-002-WECC-1 and VAR-501WECC-1 should be removed from the Standards.

Reliability Functions
The Standard will Apply to the Following Functions (Check each one that applies.)
Regional Reliability
Organization

Conducts the regional activities related to planning and operations, and
coordinates activities of responsible entities to secure the reliability of
the Bulk Electric System within the region and adjacent regions.

Reliability Coordinator

Responsible for the real-time operating reliability of its Reliability
Coordinator Area in coordination with its neighboring Reliability
Coordinator’s wide area view.

Balancing Authority

Integrates resource plans ahead of time, and maintains loadinterchange-resource balance within a Balancing Authority Area and
supports Interconnection frequency in real time.

Interchange Authority

Ensures communication of interchange transactions for reliability

Standard Authorization Request Form
27

Reliability Functions
evaluation purposes and coordinates implementation of valid and
balanced interchange schedules between Balancing Authority Areas.
Planning Coordinator

Assesses the longer-term reliability of its Planning Coordinator Area.

Resource Planner

Develops a >one year plan for the resource adequacy of its specific loads
within a Planning Coordinator area.

Transmission Planner

Develops a >one year plan for the reliability of the interconnected Bulk
Electric System within its portion of the Planning Coordinator area.

Transmission Service
Provider

Administers the transmission tariff and provides transmission services
under applicable transmission service agreements (e.g., the pro forma
tariff).

Transmission Owner

Owns and maintains transmission facilities.

Transmission
Operator

Ensures the real-time operating reliability of the transmission assets
within a Transmission Operator Area.

Distribution Provider

Delivers electrical energy to the End-use customer.

Generator Owner

Owns and maintains generation facilities.

Generator Operator

Operates generation unit(s) to provide real and reactive power.

Purchasing-Selling
Entity

Purchases or sells energy, capacity, and necessary reliability-related
services as required.

Market Operator

Interface point for reliability functions with commercial functions.

Load-Serving Entity

Secures energy and transmission service (and reliability-related services)
to serve the End-use Customer.

Reliability and Market Interface Principles
3. Information necessary for the planning and operation of interconnected bulk power systems
shall be made available to those entities responsible for planning and operating the systems
reliably.
4. Plans for emergency operation and system restoration of interconnected bulk power systems
shall be developed, coordinated, maintained and implemented.
5. Facilities for communication, monitoring and control shall be provided, used and maintained
for the reliability of interconnected bulk power systems.
6. Personnel responsible for planning and operating interconnected bulk power systems shall be
trained, qualified, and have the responsibility and authority to implement actions.
7. The security of the interconnected bulk power systems shall be assessed, monitored and
maintained on a wide area basis.
8. Bulk power systems shall be protected from malicious physical or cyber attacks.
Does the proposed Standard comply with all of the following Market Interface
Principles?
1. A reliability standard shall not give any market participant an unfair competitive
advantage.
2. A reliability standard shall neither mandate nor prohibit any specific market
structure.
3. A reliability standard shall not preclude market solutions to achieving compliance
with that standard.
4. A reliability standard shall not require the public disclosure of commercially
sensitive information. All market participants shall have equal opportunity to
access commercially non-sensitive information that is required for compliance
with reliability standards.

Enter
(yes/no)
Yes
Yes
Yes

Yes

Related Standards
Standard No.

Explanation

Standard Authorization Request Form
29

Related SARs
SAR ID

Explanation

Regional Variances
Region

Explanation

ERCOT
FRCC
MRO
NPCC
RFC
SERC
SPP
WECC

Standard Authorization Request Form
30

Standard BAL-005-0.1b — Automatic Generation Control
A.

Introduction
1.

Title:

Automatic Generation Control

Number:

BAL-005-0.1b

Applicability:

5.
B.

4.1.

Balancing Authorities

4.2.

Generator Operators

4.3.

Transmission Operators

4.4.

Load Serving Entities

Effective Date:

May 13, 2009

Requirements
R1. All generation, transmission, and load operating within an Interconnection must be included
within the metered boundaries of a Balancing Authority Area.
R1.1. Each Generator Operator with generation facilities operating in an Interconnection
shall ensure that those generation facilities are included within the metered boundaries
of a Balancing Authority Area.
R1.2. Each Transmission Operator with transmission facilities operating in an
Interconnection shall ensure that those transmission facilities are included within the
metered boundaries of a Balancing Authority Area.
R1.3. Each Load-Serving Entity with load operating in an Interconnection shall ensure that
those loads are included within the metered boundaries of a Balancing Authority Area.
R2. Each Balancing Authority shall maintain Regulating Reserve that can be controlled by AGC to
meet the Control Performance Standard.
R3. A Balancing Authority providing Regulation Service shall ensure that adequate metering,
communications, and control equipment are employed to prevent such service from becoming
a Burden on the Interconnection or other Balancing Authority Areas.
R4. A Balancing Authority providing Regulation Service shall notify the Host Balancing
Authority for whom it is controlling if it is unable to provide the service, as well as any
Intermediate Balancing Authorities.
R5. A Balancing Authority receiving Regulation Service shall ensure that backup plans are in
place to provide replacement Regulation Service should the supplying Balancing Authority no
longer be able to provide this service.
R6. The Balancing Authority’s AGC shall compare total Net Actual Interchange to total Net
Scheduled Interchange plus Frequency Bias obligation to determine the Balancing Authority’s
ACE. Single Balancing Authorities operating asynchronously may employ alternative ACE
calculations such as (but not limited to) flat frequency control. If a Balancing Authority is
unable to calculate ACE for more than 30 minutes it shall notify its Reliability Coordinator.

Page 1 of 5

Standard BAL-005-0.1b — Automatic Generation Control
R7. The Balancing Authority shall operate AGC continuously unless such operation adversely
impacts the reliability of the Interconnection. If AGC has become inoperative, the Balancing
Authority shall use manual control to adjust generation to maintain the Net Scheduled
Interchange.
R8. The Balancing Authority shall ensure that data acquisition for and calculation of ACE occur at
least every six seconds.
R8.1. Each Balancing Authority shall provide redundant and independent frequency metering
equipment that shall automatically activate upon detection of failure of the primary
source. This overall installation shall provide a minimum availability of 99.95%.
R9. The Balancing Authority shall include all Interchange Schedules with Adjacent Balancing
Authorities in the calculation of Net Scheduled Interchange for the ACE equation.
R9.1. Balancing Authorities with a high voltage direct current (HVDC) link to another
Balancing Authority connected asynchronously to their Interconnection may choose to
omit the Interchange Schedule related to the HVDC link from the ACE equation if it is
modeled as internal generation or load.
R10. The Balancing Authority shall include all Dynamic Schedules in the calculation of Net
Scheduled Interchange for the ACE equation.
R11. Balancing Authorities shall include the effect of ramp rates, which shall be identical and
agreed to between affected Balancing Authorities, in the Scheduled Interchange values to
calculate ACE.
R12. Each Balancing Authority shall include all Tie Line flows with Adjacent Balancing Authority
Areas in the ACE calculation.
R12.1. Balancing Authorities that share a tie shall ensure Tie Line MW metering is
telemetered to both control centers, and emanates from a common, agreed-upon source
using common primary metering equipment. Balancing Authorities shall ensure that
megawatt-hour data is telemetered or reported at the end of each hour.
R12.2. Balancing Authorities shall ensure the power flow and ACE signals that are utilized for
calculating Balancing Authority performance or that are transmitted for Regulation
Service are not filtered prior to transmission, except for the Anti-aliasing Filters of Tie
Lines.
R12.3. Balancing Authorities shall install common metering equipment where Dynamic
Schedules or Pseudo-Ties are implemented between two or more Balancing
Authorities to deliver the output of Jointly Owned Units or to serve remote load.
R13. Each Balancing Authority shall perform hourly error checks using Tie Line megawatt-hour
meters with common time synchronization to determine the accuracy of its control equipment.
The Balancing Authority shall adjust the component (e.g., Tie Line meter) of ACE that is in
error (if known) or use the interchange meter error (IME) term of the ACE equation to
compensate for any equipment error until repairs can be made.
R14. The Balancing Authority shall provide its operating personnel with sufficient instrumentation
and data recording equipment to facilitate monitoring of control performance, generation
response, and after-the-fact analysis of area performance. As a minimum, the Balancing
Authority shall provide its operating personnel with real-time values for ACE, Interconnection
frequency and Net Actual Interchange with each Adjacent Balancing Authority Area.
R15. The Balancing Authority shall provide adequate and reliable backup power supplies and shall
periodically test these supplies at the Balancing Authority’s control center and other critical

Page 2 of 5

Standard BAL-005-0.1b — Automatic Generation Control
locations to ensure continuous operation of AGC and vital data recording equipment during
loss of the normal power supply.
R16. The Balancing Authority shall sample data at least at the same periodicity with which ACE is
calculated. The Balancing Authority shall flag missing or bad data for operator display and
archival purposes. The Balancing Authority shall collect coincident data to the greatest
practical extent, i.e., ACE, Interconnection frequency, Net Actual Interchange, and other data
shall all be sampled at the same time.
R17. Each Balancing Authority shall at least annually check and calibrate its time error and
frequency devices against a common reference. The Balancing Authority shall adhere to the
minimum values for measuring devices as listed below:

Device

Accuracy

Digital frequency transducer

≤ 0.001 Hz

MW, MVAR, and voltage transducer

≤ 0.25 % of full scale

Remote terminal unit

≤ 0.25 % of full scale

Potential transformer

≤ 0.30 % of full scale

Current transformer

≤ 0.50 % of full scale

Measures
Not specified.

Compliance
1.

Compliance Monitoring Process
1.1.

Compliance Monitoring Responsibility
Balancing Authorities shall be prepared to supply data to NERC in the format defined
below:

1.2.

1.1.1.

1.1.2.

Compliance Monitoring Period and Reset Timeframe
Not specified.

1.3.

Data Retention
1.3.1.

1.3.2.

Page 3 of 5

Standard BAL-005-0.1b — Automatic Generation Control
Reserve Sharing Group disturbance recovery values. The data shall be
retained for one year following the reporting quarter for which the data was
recorded.
1.4.

Additional Compliance Information
Not specified.

Levels of Non-Compliance
Not specified.

Regional Differences
None identified.

Associated Documents
1.

Appendix 1  Interpretation of Requirement R17 (February 12, 2008).

Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from Effective Date

Errata

December 19, 2007

Added Appendix 1 – Interpretation of R17
approved by BOT on May 2, 2007

Addition

January 16, 2008

Section F: added “1.”; changed hyphen to “en
dash.” Changed font style for “Appendix 1” to
Arial

Errata

February 12, 2008

Replaced Appendix 1 – Interpretation of R17
approved by BOT on February 12, 2008

Replacement

0.1b

October 29, 2008

BOT approved errata changes; updated version
number to “0.1b”

Errata

0.1b

May 13, 2009

FERC approved – Updated Effective Date

Addition

Page 4 of 5

Standard BAL-005-0.1b — Automatic Generation Control
Appendix 1
Request: PGE requests clarification regarding the measuring devices for which the requirement
applies, specifically clarification if the requirement applies to the following measuring devices:
•
•
•
•
•
•

BAL-005-1
R17. Each Balancing Authority shall at least annually check and calibrate its time error and frequency
devices against a common reference. The Balancing Authority shall adhere to the minimum values for
measuring devices as listed below:
Device

Accuracy

Digital frequency transducer

≤ 0.001 Hz

MW, MVAR, and voltage transducer

≤ 0.25% of full scale

Remote terminal unit

≤ 0.25% of full scale

Potential transformer

≤ 0.30% of full scale

Current transformer

≤ 0.50% of full scale

Existing Interpretation Approved by Board of Trustees May 2, 2007
BAL-005-0, Requirement 17 requires that the Balancing Authority check and calibrate its control room
time error and frequency devices against a common reference at least annually. The requirement to
“annually check and calibrate” does not address any devices outside of the operations control room.
The table represents the design accuracy of the listed devices. There is no requirement within the standard
to “annually check and calibrate” the devices listed in the table, unless they are included in the control
center time error and frequency devices.
Interpretation:
As noted in the existing interpretation, BAL-005-1 Requirement 17 applies only to the time error and
frequency devices that provide, or in the case of back-up equipment may provide, input into the reporting
or compliance ACE equation or provide real-time time error or frequency information to the system
operator. Frequency inputs from other sources that are for reference only are excluded. The time error and
frequency measurement devices may not necessarily be located in the system operations control room or
owned by the Balancing Authority; however the Balancing Authority has the responsibility for the
accuracy of the frequency and time error measurement devices. No other devices are included in R 17.
The other devices listed in the table at the end of R17 are for reference only and do not have any
mandatory calibration or accuracy requirements.
New or replacement equipment that provides the same functions noted above requires the same
calibrations. Some devices used for time error and frequency measurement cannot be calibrated as such.
In this case, these devices should be cross-checked against other properly calibrated equipment and
replaced if the devices do not meet the required level of accuracy.

Page 5 of 5

Standard CIP-001-2a— Sabotage Reporting

A. Introduction
1.

Title:

Sabotage Reporting

Number:

CIP-001-2a

Purpose:
Disturbances or unusual occurrences, suspected or determined to be caused by
sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory
bodies.

Applicability
4.1. Reliability Coordinators.
4.2. Balancing Authorities.
4.3. Transmission Operators.
4.4. Generator Operators.
4.5. Load Serving Entities.
4.6. Transmission Owners (only in ERCOT Region).
4.7. Generator Owners (only in ERCOT Region).

ERCOT Regional Variance will be effective the first day of
the first calendar quarter after applicable regulatory approval.

Effective Date:

B. Requirements
R1.

Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall have procedures for the recognition of and for making
their operating personnel aware of sabotage events on its facilities and multi-site sabotage
affecting larger portions of the Interconnection.

R2.

Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall have procedures for the communication of information
concerning sabotage events to appropriate parties in the Interconnection.

R3.

Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall provide its operating personnel with sabotage response
guidelines, including personnel to contact, for reporting disturbances due to sabotage events.

R4.

Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall establish communications contacts, as applicable, with
local Federal Bureau of Investigation (FBI) or Royal Canadian Mounted Police (RCMP)
officials and develop reporting procedures as appropriate to their circumstances.

C. Measures
M1. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall have and provide upon request a procedure (either
electronic or hard copy) as defined in Requirement 1
M2. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall have and provide upon request the procedures or
guidelines that will be used to confirm that it meets Requirements 2 and 3.

Page 1 of 6

Standard CIP-001-2a— Sabotage Reporting
M3. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall have and provide upon request evidence that could
include, but is not limited to procedures, policies, a letter of understanding, communication
records, or other equivalent evidence that will be used to confirm that it has established
communications contacts with the applicable, local FBI or RCMP officials to communicate
sabotage events (Requirement 4).

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Regional Reliability Organizations shall be responsible for compliance monitoring.
1.2. Compliance Monitoring and Reset Time Frame
One or more of the following methods will be used to verify compliance:
-

Self-certification (Conducted annually with submission according to schedule.)

Spot Check Audits (Conducted anytime with up to 30 days notice given to prepare.)

Periodic Audit (Conducted once every three years according to schedule.)

Triggered Investigations (Notification of an investigation must be made within 60
days of an event or complaint of noncompliance. The entity will have up to 30 days
to prepare for the investigation. An entity may request an extension of the
preparation period and the extension will be considered by the Compliance Monitor
on a case-by-case basis.)

The Performance-Reset Period shall be 12 months from the last finding of noncompliance.
1.3. Data Retention
Each Reliability Coordinator, Transmission Operator, Generator Operator, Distribution
Provider, and Load Serving Entity shall have current, in-force documents available as
evidence of compliance as specified in each of the Measures.
If an entity is found non-compliant the entity shall keep information related to the noncompliance until found compliant or for two years plus the current year, whichever is
longer.
Evidence used as part of a triggered investigation shall be retained by the entity being
investigated for one year from the date that the investigation is closed, as determined by
the Compliance Monitor,
The Compliance Monitor shall keep the last periodic audit report and all requested and
submitted subsequent compliance records.
1.4. Additional Compliance Information
None.
2.

Levels of Non-Compliance:
2.1. Level 1: There shall be a separate Level 1 non-compliance, for every one of the
following requirements that is in violation:
2.1.1

Does not have procedures for the recognition of and for making its operating
personnel aware of sabotage events (R1).

Page 2 of 6

Standard CIP-001-2a— Sabotage Reporting
2.1.2

Does not have procedures or guidelines for the communication of information
concerning sabotage events to appropriate parties in the Interconnection (R2).

2.1.3

Has not established communications contacts, as specified in R4.

2.2. Level 2: Not applicable.
2.3. Level 3: Has not provided its operating personnel with sabotage response procedures or
guidelines (R3).
2.4. Level 4:.Not applicable.

E. ERCOT Interconnection-wide Regional Variance
Requirements
EA.1. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have procedures for the recognition of and for making their operating
personnel aware of sabotage events on its facilities and multi-site sabotage affecting
larger portions of the Interconnection.
EA.2. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have procedures for the communication of information concerning
sabotage events to appropriate parties in the Interconnection.
EA.3. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall provide its operating personnel with sabotage response guidelines,
including personnel to contact, for reporting disturbances due to sabotage events.
EA.4. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall establish communications contacts with local Federal Bureau of
Investigation (FBI) officials and develop reporting procedures as appropriate to their
circumstances.
Measures
M.A.1. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have and provide upon request a procedure (either electronic or hard
copy) as defined in Requirement EA1.
M.A.2. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have and provide upon request the procedures or guidelines that will be
used to confirm that it meets Requirements EA2 and EA3.
M.A.3. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have and provide upon request evidence that could include, but is not
limited to, procedures, policies, a letter of understanding, communication records,
Page 3 of 6

Standard CIP-001-2a— Sabotage Reporting

or other equivalent evidence that will be used to confirm that it has established
communications contacts with the local FBI officials to communicate sabotage
events (Requirement EA4).
Compliance
1. Compliance Monitoring Process
1.1. Compliance Enforcement Authority
Regional Entity shall be responsible for compliance monitoring.
1.2. Data Retention
Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have current, in-force documents available as evidence of compliance
as specified in each of the Measures.
If an entity is found non-compliant the entity shall keep information related to the
non-compliance until found compliant or for two years plus the current year,
whichever is longer.
Evidence used as part of a triggered investigation shall be retained by the entity
being investigated for one year from the date that the investigation is closed, as
determined by the Compliance Monitor,
The Compliance Monitor shall keep the last periodic audit report and all requested
and submitted subsequent compliance records.

Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from Effective Date

Errata

November 1, 2006

Adopted by Board of Trustees

Amended

April 4, 2007

Regulatory Approval — Effective Date

New

February 16, 2010

Added Appendix 1 — Interpretation of R2
approved by the NERC Board of Trustees

Addition

February 2, 2011

Interpretation of R2 approved by FERC on
February 2, 2011

Same addition

June 10, 2010

TRE regional ballot approved variance

By Texas RE

August 24, 2010

Regional Variance Approved by Texas RE
Board of Directors

February 16, 2011

Approved by NERC Board of Trustees

Page 4 of 6

Standard CIP-001-2a— Sabotage Reporting

August 2, 2011

FERC Order issued approving Texas RE
Regional Variance

Page 5 of 6

Standard CIP-001-2a— Sabotage Reporting

Appendix 1
Requirement Number and Text of Requirement
CIP-001-1:
R2. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall have procedures for the communication of information
concerning sabotage events to appropriate parties in the Interconnection.
Question
Please clarify what is meant by the term, “appropriate parties.” Moreover, who within the Interconnection
hierarchy deems parties to be appropriate?
Response
The drafting team interprets the phrase “appropriate parties in the Interconnection” to refer collectively to
entities with whom the reporting party has responsibilities and/or obligations for the communication of
physical or cyber security event information. For example, reporting responsibilities result from NERC
standards IRO-001 Reliability Coordination — Responsibilities and Authorities, COM-002-2
Communication and Coordination, and TOP-001 Reliability Responsibilities and Authorities, among
others. Obligations to report could also result from agreements, processes, or procedures with other
parties, such as may be found in operating agreements and interconnection agreements.
The drafting team asserts that those entities to which communicating sabotage events is appropriate would
be identified by the reporting entity and documented within the procedure required in CIP-001-1
Requirement R2.
Regarding “who within the Interconnection hierarchy deems parties to be appropriate,” the drafting team
knows of no interconnection authority that has such a role.

Page 6 of 6

Standard CIP–003–3 — Cyber Security — Security Management Controls

A. Introduction
1.

Title:

Cyber Security — Security Management Controls

Number:

CIP-003-3

Applicability:
4.1. Within the text of Standard CIP-003-3, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-003-3:

4.2.1

Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets shall only be required to comply with CIP003-3 Requirement R2.

The cyber security policy addresses the requirements in Standards CIP-002-3 through
CIP-009-3, including provision for emergency situations.

Approved by Board of Trustees: December 16, 2009

Standard CIP–003–3 — Cyber Security — Security Management Controls

R1.2.

The cyber security policy is readily available to all personnel who have access to, or are
responsible for, Critical Cyber Assets.

R1.3.

Annual review and approval of the cyber security policy by the senior manager
assigned pursuant to R2.

The senior manager shall be identified by name, title, and date of designation.

R2.2.

Changes to the senior manager must be documented within thirty calendar days of the
effective date.

R2.3.

R2.4.

The senior manager or delegate(s), shall authorize and document any exception from
the requirements of the cyber security policy.

R3. Exceptions — Instances where the Responsible Entity cannot conform to its cyber security
policy must be documented as exceptions and authorized by the senior manager or delegate(s).
R3.1.

Exceptions to the Responsible Entity’s cyber security policy must be documented
within thirty days of being approved by the senior manager or delegate(s).

R3.2.

Documented exceptions to the cyber security policy must include an explanation as to
why the exception is necessary and any compensating measures.

R3.3.

R4. Information Protection — The Responsible Entity shall implement and document a program to
identify, classify, and protect information associated with Critical Cyber Assets.
R4.1.

R4.2.

The Responsible Entity shall classify information to be protected under this program
based on the sensitivity of the Critical Cyber Asset information.

R4.3.

R5. Access Control — The Responsible Entity shall document and implement a program for
managing access to protected Critical Cyber Asset information.
R5.1.

The Responsible Entity shall maintain a list of designated personnel who are
responsible for authorizing logical or physical access to protected information.
R5.1.1.

Personnel shall be identified by name, title, and the information for which
they are responsible for authorizing access.

Approved by Board of Trustees: December 16, 2009

Standard CIP–003–3 — Cyber Security — Security Management Controls

R5.1.2.

The list of personnel responsible for authorizing access to protected
information shall be verified at least annually.

R5.2.

R5.3.

The Responsible Entity shall assess and document at least annually the processes for
controlling access privileges to protected information.

R6. Change Control and Configuration Management — The Responsible Entity shall establish and
document a process of change control and configuration management for adding, modifying,
replacing, or removing Critical Cyber Asset hardware or software, and implement supporting
configuration management activities to identify, control and document all entity or vendorrelated changes to hardware and software components of Critical Cyber Assets pursuant to the
change control process.
C. Measures
M1. The Responsible Entity shall make available documentation of its cyber security policy as
specified in Requirement R1. Additionally, the Responsible Entity shall demonstrate that the
cyber security policy is available as specified in Requirement R1.2.
M2. The Responsible Entity shall make available documentation of the assignment of, and changes
to, its leadership as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of the exceptions, as specified in
Requirement R3.
M4. The Responsible Entity shall make available documentation of its information protection
program as specified in Requirement R4.
M5. The Responsible Entity shall make available its access control documentation as specified in
Requirement R5.
M6. The Responsible Entity shall make available its change control and configuration management
documentation as specified in Requirement R6.
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.1.1

Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.

1.1.2

ERO for Regional Entity.

1.1.3

Third-party monitor without vested interest in the outcome for NERC.

1.2. Compliance Monitoring Period and Reset Time Frame
Not applicable.
1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications

Approved by Board of Trustees: December 16, 2009

Standard CIP–003–3 — Cyber Security — Security Management Controls

Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

1.4.2

The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.

1.5. Additional Compliance Information
1.5.1
2.

None

Violation Severity Levels (To be developed later.)

E. Regional Variances
None identified.
Version History
Version

Date

Action

Update version number from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

Approved by Board of Trustees: December 16, 2009

Change Tracking

Update

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

A. Introduction
1.

Title:

Cyber Security — Security Management Controls

Number:

CIP-003-4

Applicability:
4.1. Within the text of Standard CIP-003-4, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-003-4:

4.2.1

Facilities regulated by the Canadian Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54

4.2.4

Responsible Entities that, in compliance with Standard CIP-002-4, identify that
they have no Critical Cyber Assets shall only be required to comply with CIP003-4 Requirement R2.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R1.1.

The cyber security policy addresses the requirements in Standards CIP-002-4 through
CIP-009-4, including provision for emergency situations.

R1.2.

The cyber security policy is readily available to all personnel who have access to, or are
responsible for, Critical Cyber Assets.

R1.3.

Annual review and approval of the cyber security policy by the senior manager
assigned pursuant to R2.

The senior manager shall be identified by name, title, and date of designation.

R2.2.

Changes to the senior manager must be documented within thirty calendar days of the
effective date.

R2.3.

R2.4.

The senior manager or delegate(s), shall authorize and document any exception from
the requirements of the cyber security policy.

R3. Exceptions — Instances where the Responsible Entity cannot conform to its cyber security
policy must be documented as exceptions and authorized by the senior manager or delegate(s).
R3.1.

Exceptions to the Responsible Entity’s cyber security policy must be documented
within thirty days of being approved by the senior manager or delegate(s).

R3.2.

Documented exceptions to the cyber security policy must include an explanation as to
why the exception is necessary and any compensating measures.

R3.3.

R4. Information Protection — The Responsible Entity shall implement and document a program to
identify, classify, and protect information associated with Critical Cyber Assets.
R4.1.

R4.2.

The Responsible Entity shall classify information to be protected under this program
based on the sensitivity of the Critical Cyber Asset information.

R4.3.

R5. Access Control — The Responsible Entity shall document and implement a program for
managing access to protected Critical Cyber Asset information.
R5.1.

The Responsible Entity shall maintain a list of designated personnel who are
responsible for authorizing logical or physical access to protected information.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R5.1.1.

Personnel shall be identified by name, title, and the information for which
they are responsible for authorizing access.

R5.1.2.

The list of personnel responsible for authorizing access to protected
information shall be verified at least annually.

R5.2.

R5.3.

The Responsible Entity shall assess and document at least annually the processes for
controlling access privileges to protected information.

R6. Change Control and Configuration Management — The Responsible Entity shall establish and
document a process of change control and configuration management for adding, modifying,
replacing, or removing Critical Cyber Asset hardware or software, and implement supporting
configuration management activities to identify, control and document all entity or vendorrelated changes to hardware and software components of Critical Cyber Assets pursuant to the
change control process.
C. Measures
M1. The Responsible Entity shall make available documentation of its cyber security policy as
specified in Requirement R1. Additionally, the Responsible Entity shall demonstrate that the
cyber security policy is available as specified in Requirement R1.2.
M2. The Responsible Entity shall make available documentation of the assignment of, and changes
to, its leadership as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of the exceptions, as specified in
Requirement R3.
M4. The Responsible Entity shall make available documentation of its information protection
program as specified in Requirement R4.
M5. The Responsible Entity shall make available its access control documentation as specified in
Requirement R5.
M6. The Responsible Entity shall make available its change control and configuration management
documentation as specified in Requirement R6.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1

For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement
Authority.

1.2.2

For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the
Compliance Enforcement Authority.

1.2.3

1.2.4

For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance
Enforcement Authority.

1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

The Responsible Entity shall keep all documentation and records from the previous full calendar year unless directed by
its Compliance Enforcement Authority to retain specific evidence for a longer period of time as part of an investigation.

1.4.2

The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all
requested and submitted subsequent audit records.

1.5. Additional Compliance Information
1.5.1
2.

None

Violation Severity Levels

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

R1.

MEDIUM

N/A

The Responsible Entity has documented but not
implemented a cyber security policy.

The Responsible Entity has not documented nor implemented a
cyber security policy.

R1.1.

LOWER

N/A

The Responsible Entity's cyber security policy does not address
all the requirements in Standards CIP-002-4 through CIP-009-4,
including provision for emergency situations.

R1.2.

LOWER

N/A

The Responsible Entity's cyber security policy is not readily
available to all personnel who have access to, or are responsible
for, Critical Cyber Assets.

R1.3

LOWER

N/A

The Responsible Entity's senior manager, assigned pursuant
to R2, annually reviewed but did not annually approve its
cyber security policy.

The Responsible Entity's senior manager, assigned pursuant to
R2, did not annually review nor approve its cyber security
policy.

R2.

LOWER

N/A

The Responsible Entity has not assigned a single senior manager
with overall responsibility and
authority for leading and managing the entity’s implementation
of, and adherence to, Standards CIP-002-4 through CIP-009-4.

R2.1.

LOWER

N/A

The senior manager is not identified by name, title, and date of
designation.

R2.2.

LOWER

Changes to the senior
manager were
documented in greater
than 30 but less than 60
days of the effective
date.

Changes to the senior manager
were documented in 60 or more
but less than 90 days of the
effective date.

Changes to the senior manager were documented in 90 or
more but less than 120 days of the effective date.

Changes to the senior manager were documented in 120 or more
days of the effective date.

R2.3.

LOWER

N/A

The identification of a senior manager’s delegate does not
include at least one of the following; name, title, or date of
the designation,

A senior manager’s delegate is not identified by name, title, and
date

delegating the authority is not approved by the senior manager;

The document is not approved by the senior manager,

AND

changes to the delegated authority are not documented within
thirty calendar days of the effective date.

Changes to the delegated authority are not documented

of designation; the document delegating the authority does not
identify the authority being delegated; the document

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

within thirty calendar days of the effective date.

R2.4

LOWER

N/A

The senior manager or delegate(s) did not authorize and
document any exceptions from the requirements of the cyber
security policy as required.

R3.

LOWER

N/A

R3.1.

LOWER

Exceptions to the
Responsible Entity’s
cyber security policy
were documented in
more than 30 but less
than 60 days of being
approved by the senior
manager or delegate(s).

Exceptions to the Responsible
Entity’s cyber security policy
were documented in 60 or more
but less than 90 days of being
approved by the senior manager
or delegate(s).

Exceptions to the Responsible Entity’s cyber security policy
were documented in 90 or more but less than 120 days of
being approved by the senior manager or delegate(s).

Exceptions to the Responsible Entity’s cyber security policy
were documented in 120 or more days of being approved by the
senior manager or delegate(s).

R3.2.

LOWER

N/A

The Responsible Entity has a documented exception to the
cyber

The Responsible Entity has a documented exception to the cyber
security policy (pertaining to CIP 002-4 through CIP 009-4) but
did not include both:

security policy (pertaining to CIP 002-4 through CIP 009-4)
but did not include either:

1) an explanation as to why the exception is necessary, and

1) an explanation as to why the exception is necessary, or

2) any compensating measures.

2) any compensating measures.
R3.3.

LOWER

N/A

R4.

MEDIUM

N/A

The Responsible Entity
implemented but did not
document a program to identify,
classify, and protect information
associated with Critical Cyber
Assets.

The Responsible Entity documented but did not implement a
program to identify, classify, and protect information
associated with Critical Cyber Assets.

The Responsible Entity did not implement nor document a
program to identify, classify, and protect information associated
with Critical Cyber Assets.

R4.1.

MEDIUM

N/A

The information protection program does not include one of
the minimum information types to be protected as detailed in
R4.1.

The information protection program does not include two or
more of the minimum information types to be protected as
detailed in R4.1.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

R4.2.

LOWER

N/A

The Responsible Entity did not classify the information to be
protected under this program based on the sensitivity of the
Critical Cyber Asset information.

R4.3.

LOWER

N/A

The Responsible Entity annually assessed adherence to its
Critical Cyber Asset information protection program, did not
document the assessment results, and did not implement a
remediation plan.

R5.

LOWER

N/A

The Responsible Entity
implemented but did not
document a program for
managing access to protected
Critical Cyber Asset
information.

The Responsible Entity documented but did not implement a
program for managing access to protected Critical Cyber
Asset information.

The Responsible Entity did not implement nor document a
program for managing access to protected Critical Cyber Asset
information.

R5.1.

LOWER

N/A

The Responsible Entity maintained a list of designated
personnel for authorizing either logical or physical access
but not both.

The Responsible Entity did not maintain a list of designated
personnel who are responsible for authorizing logical or physical
access to protected information.

R5.1.1.

LOWER

N/A

The Responsible Entity did identify the personnel by name
and title but did not identify the information for which they
are responsible for authorizing access.

The Responsible Entity did not identify the personnel by name
and title nor the information for which they are responsible for
authorizing access.

R5.1.2.

LOWER

N/A

The Responsible Entity did not verify at least annually the list of
personnel responsible for authorizing access to protected
information.

R5.2.

LOWER

N/A

R5.3.

LOWER

N/A

The Responsible Entity did not assess and document at least
annually the processes for controlling access privileges to
protected information.

R6.

LOWER

The Responsible Entity
has established but not
documented a change

The Responsible Entity has
established but not documented
both a change control process
and configuration management

The Responsible Entity has not established and documented
a change control process

The Responsible Entity has not established and documented a
change control process

AND

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL
control process
OR

Moderate VSL
process.

High VSL

Severe VSL

The Responsible Entity has not established and documented
a configuration management process.

The Responsible Entity
has established but not
documented a
configuration
management process.

Regional Variances
None identified.

The Responsible Entity has not established and documented a
configuration management process.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Version History
Version Date

Action

Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing
compliance elements of standards.
Removal of reasonable business judgment.
Replaced the RRO with the RE as a responsible
entity.
Rewording of Effective Date.
Requirement R2 applies to all Responsible Entities,
including Responsible Entities which have no
Critical Cyber Assets.
Modified the personnel identification information
requirements in R5.1.1 to include name, title, and
the information for which they are responsible for
authorizing access (removed the business phone
information).
Changed compliance monitor to Compliance
Enforcement Authority.

Update version number from -2 to -3

Change
Tracking

12/16/09

Approved by the NERC Board of Trustees

Update

Board approved
01/24/2011

Update version number from “3” to “4”

Update to conform
to changes to CIP002-4 (Project
2008-06)

4/19/12

FERC Order issued approving CIP-003-4 (approval
becomes effective June 25, 2012)
Added approved VRF/VSL table to section D.2.

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

A. Introduction
1.

Title:

Cyber Security — Electronic Security Perimeter(s)

Number:

CIP-005-3a

Applicability
4.1. Within the text of Standard CIP-005-3, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity
4.2. The following are exempt from Standard CIP-005-3:

4.2.1

Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets.

Effective Date: The first day of the third calendar quarter after applicable regulatory approvals
have been received (or the Reliability Standard otherwise becomes effective in those
jurisdictions where regulatory approval is not required).

R1.2.

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R1.3.

R1.4.

Any non-critical Cyber Asset within a defined Electronic Security Perimeter shall be
identified and protected pursuant to the requirements of Standard CIP-005-3.

R1.5.

R1.6.

These processes and mechanisms shall use an access control model that denies access
by default, such that explicit access permissions must be specified.

R2.2.

R2.3.

The Responsible Entity shall implement and maintain a procedure for securing dial-up
access to the Electronic Security Perimeter(s).

R2.4.

R2.5.

The required documentation shall, at least, identify and describe:

R2.6.

R2.5.1.

The processes for access request and authorization.

R2.5.2.

The authentication methods.

R2.5.3.

The review process for authorization rights, in accordance with Standard
CIP-004-3 Requirement R4.

R2.5.4.

The controls used to secure dial-up accessible connections.

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R3.1.

R3.2.

A document identifying the vulnerability assessment process;

R4.2.

A review to verify that only ports and services required for operations at these access
points are enabled;

R4.3.

The discovery of all access points to the Electronic Security Perimeter;

R4.4.

A review of controls for default accounts, passwords, and network management
community strings;

R4.5.

Documentation of the results of the assessment, the action plan to remediate or mitigate
vulnerabilities identified in the assessment, and the execution status of that action plan.

R5. Documentation Review and Maintenance — The Responsible Entity shall review, update, and
maintain all documentation to support compliance with the requirements of Standard CIP-0053.
R5.1.

R5.2.

The Responsible Entity shall update the documentation to reflect the modification of
the network or controls within ninety calendar days of the change.

R5.3.

Compliance Monitoring Process
3

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

1.1. Compliance Enforcement Authority
1.1.1

Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.

1.1.2

ERO for Regional Entity.

1.1.3

Third-party monitor without vested interest in the outcome for NERC.

1.4.2

The Responsible Entity shall keep other documents and records required by
Standard CIP-005-3 from the previous full calendar year.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.

1.5. Additional Compliance Information
2.

Violation Severity Levels (To be developed later.)

E. Regional Variances
None identified.
Version History
Version
1
2

Date

Action

Change Tracking

01/16/06

D.2.3.1 — Change “Critical Assets,” to “Critical Cyber Assets”
as intended.

03/24/06

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

shall “implement and maintain” a procedure for securing dial-up
access to the Electronic Security Perimeter(s).
Changed compliance monitor to Compliance Enforcement
Authority.
3

Update version from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

Update

02/16/10

Added Appendix 1 – Interpretation of R1.3 approved by BOT
on February 16, 2010

Interpretation

02/02/11

Approved by FERC

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

A. Introduction
1.

Title:

Cyber Security — Electronic Security Perimeter(s)

Number:

CIP-005-4a

Applicability
4.1. Within the text of Standard CIP-005-4a, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity
4.2. The following are exempt from Standard CIP-005-4a:

4.2.1

Facilities regulated by the Canadian Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-4, identify that
they have no Critical Cyber Assets.

4.2.4

In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54.

Effective Date: The first day of the eighth calendar quarter after applicable regulatory
approvals have been received (or the Reliability Standard otherwise becomes effective the
first day of the ninth calendar quarter after BOT adoption in those jurisdictions where
regulatory approval is not required).

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R1.2.

R1.3.

R1.4.

Any non-critical Cyber Asset within a defined Electronic Security Perimeter shall be
identified and protected pursuant to the requirements of Standard CIP-005-4a.

R1.5.

R1.6.

These processes and mechanisms shall use an access control model that denies access
by default, such that explicit access permissions must be specified.

R2.2.

R2.3.

The Responsible Entity shall implement and maintain a procedure for securing dial-up
access to the Electronic Security Perimeter(s).

R2.4.

R2.5.

The required documentation shall, at least, identify and describe:

R2.6.

R2.5.1.

The processes for access request and authorization.

R2.5.2.

The authentication methods.

R2.5.3.

The review process for authorization rights, in accordance with Standard
CIP-004-4 Requirement R4.

R2.5.4.

The controls used to secure dial-up accessible connections.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R3.2.

A document identifying the vulnerability assessment process;

R4.2.

A review to verify that only ports and services required for operations at these access
points are enabled;

R4.3.

The discovery of all access points to the Electronic Security Perimeter;

R4.4.

A review of controls for default accounts, passwords, and network management
community strings;

R4.5.

Documentation of the results of the assessment, the action plan to remediate or mitigate
vulnerabilities identified in the assessment, and the execution status of that action plan.

R5. Documentation Review and Maintenance — The Responsible Entity shall review, update, and
maintain all documentation to support compliance with the requirements of Standard CIP-0054a.
R5.1.

R5.2.

The Responsible Entity shall update the documentation to reflect the modification of
the network or controls within ninety calendar days of the change.

R5.3.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1

For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement Authority.

1.2.1

For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the Compliance
Enforcement Authority.

1.2.1

For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other applicable
governmental authorities shall serve as the Compliance Enforcement Authority.

1.2.2

For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance Enforcement
Authority.

1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

1.4.2

The Responsible Entity shall keep other documents and records required by Standard CIP-005-4a from the previous full calendar year.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all requested and
submitted subsequent audit records.

1.5. Additional Compliance Information
2.

Violation Severity Levels
4

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement
R1.

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

MEDIUM

The Responsible Entity
did not document one
or more access points
to the Electronic
Security Perimeter(s).

The Responsible Entity
identified but did not document
one or more Electronic Security
Perimeter(s).

The Responsible Entity did not ensure that one or more of
the Critical Cyber Assets resides within an Electronic
Security Perimeter.

OR
The Responsible Entity did not identify nor document one
or more Electronic Security Perimeter(s).

R1.1.

MEDIUM

N/A

R1.2.

MEDIUM

N/A

R1.3.

MEDIUM

N/A

R1.4.

MEDIUM

N/A

One or more non-critical Cyber
Asset within a defined
Electronic Security Perimeter is
not identified but is protected
pursuant to the requirements of
Standard CIP-005.

One or more non-critical Cyber Asset within a defined
Electronic Security Perimeter is identified but not
protected pursuant to the requirements of Standard CIP005.

One or more non-critical Cyber Asset within a defined
Electronic Security Perimeter is not identified and is not
protected pursuant to the requirements of Standard CIP-005.

R1.5.

MEDIUM

A Cyber Asset used in
the access

A Cyber Asset used in the
access

A Cyber Asset used in the access

control and/or monitoring of the

control and/or
monitoring of the

control and/or monitoring of
the

Electronic Security Perimeter(s) is

Electronic Security
Perimeter(s) is

provided with all but three (3) of

provided without four (4) or

the protective measures as

more of the protective measures as
specified in Standard CIP-003-4;

provided with all but
one (1) of

provided with all but two (2) of

specified in Standard CIP-003-4;

the protective measures as

Standard CIP-004-4 Requirement

the protective measures
as

specified in Standard CIP-0034;

R3; Standard CIP-005-4

Requirements R2 and R3;

specified in Standard
CIP-003-4;

Standard CIP-004-4
Requirement

Standard CIP-006-4

R3; Standard CIP-005-4

Requirement R3; Standard CIP-007-4 Requirements R1
and R3

Requirement R3; Standard CIP-007-4 Requirements R1 and
R3

Requirements R2 and R3;

through R9; Standard CIP-008-4;

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL
R3; Standard CIP-0054
Requirements R2 and
R3;
Standard CIP-006-4
Requirement R3;
Standard CIP-007-4
Requirements R1 and
R3

Moderate VSL
Standard CIP-006-4

High VSL

Severe VSL

and Standard CIP-009-4.

Requirement R3; Standard CIP007-4 Requirements R1 and R3
through R9; Standard CIP-0084;
and Standard CIP-009-4.

through R9; Standard
CIP-008-4;
and Standard CIP-0094.
R1.6.

LOWER

N/A

R2.

MEDIUM

N/A

R2.1.

MEDIUM

N/A

The processes and mechanisms did not use an access control
model that denies access by default, such that explicit access
permissions must be specified.

R2.2.

MEDIUM

N/A

At one or more access points to the Electronic Security
Perimeter(s), the Responsible Entity enabled ports and services
not required for operations and for monitoring Cyber Assets
within the Electronic Security Perimeter, and did not
document, individually or by specified grouping, the
configuration of those ports and services.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

Perimeter.

R2.3.

MEDIUM

N/A

The Responsible Entity did

The Responsible Entity did not

implement but did not maintain a

implement nor maintain a

procedure for securing dial-up

access to the Electronic Security

Perimeter(s) where applicable.

R2.4.

MEDIUM

N/A

R2.5.

LOWER

The required
documentation for R2
did not include one of
the elements described
in R2.5.1 through
R2.5.4

The required documentation for
R2 did not include two of the
elements described in R2.5.1
through R2.5.4

The required documentation for R2 did not include three of
the elements described in R2.5.1 through R2.5.4

The required documentation for R2 did not include any of the
elements described in R2.5.1 through R2.5.4

R2.5.1.

LOWER

N/A

R2.5.2.

LOWER

N/A

R2.5.3.

LOWER

N/A

R2.5.4.

LOWER

N/A

R2.6.

LOWER

The Responsible Entity
did not maintain a
document identifying
the content of the
banner.

Where technically feasible 5%
but less than 10% of electronic
access control devices did not
display an appropriate use
banner on the user screen upon
all interactive access attempts.

Where technically feasible 10% but less than 15% of
electronic access control devices did not display an
appropriate use banner on the user screen upon all
interactive access attempts.

Where technically feasible, 15% or more electronic access
control devices did not display an appropriate use banner on
the user screen upon all interactive access attempts.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

Where technically
feasible less than 5%
electronic access
control devices did not
display an appropriate
use banner on the user
screen upon all
interactive access
attempts.
R3.

MEDIUM

The Responsible Entity
did not document the
electronic or manual
processes for
monitoring and logging
access to access points.

The Responsible Entity did not
implement electronic or manual
processes monitoring and
logging at 5% or more but less
than 10% of the access points.

The Responsible Entity did not implement electronic or
manual processes monitoring and logging at 10% or more
but less than 15 % of the access points.

The Responsible Entity did not implement electronic or
manual processes monitoring and logging at 15% or more of
the access points.

Where technically feasible, the
Responsible Entity did not
implement electronic or manual
processes for monitoring at 5%
or more but less than 10% of
the access points to dial-up
devices.

Where technically feasible, the Responsible Entity did not
implement electronic or manual processes for monitoring
at 10% or more but less than 15% of the access points to
dial-up devices.

Where technically feasible, the Responsible Entity did not
implement electronic or manual processes for monitoring at
15% or more of the access points to dial-up devices.

N/A

Where technically feasible, the Responsible Entity did not
implement security monitoring process(es) to detect and alert
for attempts at or actual unauthorized accesses.

OR
The Responsible Entity
did not implement
electronic or manual
processes monitoring
and logging at less than
5% of the access
points.
R3.1.

MEDIUM

R3.2.

MEDIUM

N/A

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

R4.

VRF

MEDIUM

Lower VSL

Moderate VSL

High VSL

Severe VSL

notification to designated response personnel.

The Responsible Entity
did not perform a
Vulnerability
Assessment at least
annually for less than
5% of access points to
the Electronic Security
Perimeter(s).

The Responsible Entity did not
perform a Vulnerability
Assessment at least annually
for 5% or more but less than
10% of access points to the
Electronic Security
Perimeter(s).

The Responsible Entity did not perform a Vulnerability
Assessment at least annually for 10% or more but less than
15% of access points to the Electronic Security
Perimeter(s).

OR
The vulnerability assessment did not include one (1) or more
of the subrequirements R 4.1, R4.2, R4.3, R4.4, R4.5.

R4.1.

LOWER

N/A

R4.2.

MEDIUM

N/A

R4.3.

MEDIUM

N/A

R4.4.

MEDIUM

N/A

R4.5.

MEDIUM

N/A

R5.

LOWER

The Responsible Entity
did not review, update,
and maintain at least
one but less than or
equal to 5% of the
documentation to
support compliance
with the requirements
of Standard CIP-005-4.

The Responsible Entity did not
review, update, and maintain
greater than 5% but less than or
equal to 10% of the
documentation to support
compliance with the
requirements of Standard CIP005-4.

The Responsible Entity did not review, update, and
maintain greater than 10% but less than or equal to 15% of
the documentation to support compliance with the
requirements of Standard CIP-005-4.

The Responsible Entity did not review, update, and maintain
greater than 15% of the documentation to support compliance
with the requirements of Standard CIP-005-4.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

R5.1.

LOWER

N/A

The Responsible Entity did not
provide evidence of an annual
review of the documents and
procedures referenced in
Standard CIP-005-4.

The Responsible Entity did not document current
configurations and processes referenced in Standard CIP005-4.

The Responsible Entity did not document current
configurations and processes and did not review the documents
and procedures referenced in Standard CIP-005-4 at least
annually.

R5.2.

LOWER

For less than 5% of the
applicable changes, the
Responsible Entity did
not update the
documentation to
reflect the modification
of the network or
controls within ninety
calendar days of the
change.

For 15% or more of the applicable changes, the Responsible
Entity did not update the documentation to reflect the
modification of the network or controls within ninety calendar
days of the change.

R5.3.

LOWER

The Responsible Entity
retained electronic
access logs for 75 or
more calendar days, but
for less than 90
calendar days.

The Responsible Entity retained
electronic access logs for 60 or
more calendar days, but for less
than 75 calendar days.

The Responsible Entity retained electronic access logs for
45 or more calendar days , but for less than 60 calendar
days.

The Responsible Entity retained electronic access logs for less
than 45 calendar days.

E. Regional Variances
None identified.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Version History
Version

Date

Action

Change Tracking

01/16/06

D.2.3.1 — Change “Critical Assets,” to
“Critical Cyber Assets” as intended.

03/24/06

Approved by
NERC Board of
Trustees 5/6/09

Modifications to clarify the requirements
and to bring the compliance elements into
conformance with the latest guidelines for
developing compliance elements of
standards.
Removal of reasonable business judgment.
Replaced the RRO with the RE as a
responsible entity.
Rewording of Effective Date.
Revised the wording of the Electronic
Access Controls requirement stated in R2.3
to clarify that the Responsible Entity shall
“implement and maintain” a procedure for
securing dial-up access to the Electronic
Security Perimeter(s).
Changed compliance monitor to
Compliance Enforcement Authority.

Revised.

12/16/09

Conforming revisions for
FERC Order on CIP V2
Standards (9/30/2009)

02/16/10

Added Appendix 1 — Interpretation of R1.3
approved by BOT on February 16, 2010

Addition

01/24/11

Adopted by the NERC Board of Trustees

Update to conform to
changes to CIP-002-4
(Project 2008-06)
Update version number
from “3” to “4a”

4/19/12

FERC Order issued approving CIP-005-4a
(approval becomes effective June 25, 2012)
Added approved VRF/VSL table to section
D.2.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Standard CIP–007–3 — Cyber Security — Systems Security Management

A. Introduction
1.

Title:

Cyber Security — Systems Security Management

Number:

CIP-007-3

Applicability:
4.1. Within the text of Standard CIP-007-3, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-007-3:

4.2.1

Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets.

B. Requirements
R1.

The Responsible Entity shall create, implement, and maintain cyber security test
procedures in a manner that minimizes adverse effects on the production system or its
operation.

Approved by Board of Trustees: December 16, 2009

Standard CIP–007–3 — Cyber Security — Systems Security Management

R2.

R3.

R4.

R5.

R1.2.

The Responsible Entity shall document that testing is performed in a manner that
reflects the production environment.

R1.3.

The Responsible Entity shall document test results.

The Responsible Entity shall enable only those ports and services required for normal
and emergency operations.

R2.2.

The Responsible Entity shall disable other ports and services, including those used for
testing purposes, prior to production use of all Cyber Assets inside the Electronic
Security Perimeter(s).

R2.3.

In the case where unused ports and services cannot be disabled due to technical
limitations, the Responsible Entity shall document compensating measure(s) applied
to mitigate risk exposure.

The Responsible Entity shall document the assessment of security patches and
security upgrades for applicability within thirty calendar days of availability of the
patches or upgrades.

R3.2.

R4.2.

The Responsible Entity shall document and implement a process for the update of
anti-virus and malware prevention “signatures.” The process must address testing and
installing the signatures.

Approved by Board of Trustees: December 16, 2009

Standard CIP–007–3 — Cyber Security — Systems Security Management

R5.3.

R6.

R7.

R6.2.

The security monitoring controls shall issue automated or manual alerts for detected
Cyber Security Incidents.

R6.3.

The Responsible Entity shall maintain logs of system events related to cyber security,
where technically feasible, to support incident response as required in Standard CIP008-3.

R6.4.

The Responsible Entity shall retain all logs specified in Requirement R6 for ninety
calendar days.

R6.5.

The Responsible Entity shall review logs of system events related to cyber security
and maintain records documenting review of logs.

Approved by Board of Trustees: December 16, 2009

Standard CIP–007–3 — Cyber Security — Systems Security Management

R8.

R9.

R7.1.

Prior to the disposal of such assets, the Responsible Entity shall destroy or erase the
data storage media to prevent unauthorized retrieval of sensitive cyber security or
reliability data.

R7.2.

Prior to redeployment of such assets, the Responsible Entity shall, at a minimum,
erase the data storage media to prevent unauthorized retrieval of sensitive cyber
security or reliability data.

R7.3.

The Responsible Entity shall maintain records that such assets were disposed of or
redeployed in accordance with documented procedures.

R8.3.
R8.4.

Compliance Monitoring Process

Approved by Board of Trustees: December 16, 2009

Standard CIP–007–3 — Cyber Security — Systems Security Management

1.1. Compliance Enforcement Authority
1.1.1

Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.

1.1.2

ERO for Regional Entity.

1.1.3

Third-party monitor without vested interest in the outcome for NERC.

1.4.2

The Responsible Entity shall retain security–related system event logs for ninety
calendar days, unless longer retention is required pursuant to Standard CIP-008-3
Requirement R2.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.

1.5. Additional Compliance Information.
2.

Violation Severity Levels (To be developed later.)

E. Regional Variances
None identified.
Version History
Version
2

Date

Action

Change Tracking

Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing compliance
elements of standards.
Removal of reasonable business judgment and
acceptance of risk.
Revised the Purpose of this standard to clarify that
Standard CIP-007-2 requires Responsible Entities to
define methods, processes, and procedures for
securing Cyber Assets and other (non-Critical)

Approved by Board of Trustees: December 16, 2009

Standard CIP–007–3 — Cyber Security — Systems Security Management

Updated version numbers from -2 to -3
12/16/09

Approved by the NERC Board of Trustees

Approved by Board of Trustees: December 16, 2009

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

A. Introduction
1.

Title:

Cyber Security — Systems Security Management

Number:

CIP-007-4

Applicability:
4.1. Within the text of Standard CIP-007-4, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-007-4:

4.2.1

Facilities regulated by the Canadian Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54

4.2.4

Responsible Entities that, in compliance with Standard CIP-002-4, identify that
they have no Critical Cyber Assets.

B. Requirements
R1.

Test Procedures — The Responsible Entity shall ensure that new Cyber Assets and significant
changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely
affect existing cyber security controls. For purposes of Standard CIP-007-4, a significant
change shall, at a minimum, include implementation of security patches, cumulative service
packs, vendor releases, and version upgrades of operating systems, applications, database
platforms, or other third-party software or firmware.
1

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R2.

R3.

R4.

R5.

R1.1.

The Responsible Entity shall create, implement, and maintain cyber security test
procedures in a manner that minimizes adverse effects on the production system or its
operation.

R1.2.

The Responsible Entity shall document that testing is performed in a manner that
reflects the production environment.

R1.3.

The Responsible Entity shall document test results.

The Responsible Entity shall enable only those ports and services required for normal
and emergency operations.

R2.2.

The Responsible Entity shall disable other ports and services, including those used for
testing purposes, prior to production use of all Cyber Assets inside the Electronic
Security Perimeter(s).

R2.3.

In the case where unused ports and services cannot be disabled due to technical
limitations, the Responsible Entity shall document compensating measure(s) applied
to mitigate risk exposure.

The Responsible Entity shall document the assessment of security patches and
security upgrades for applicability within thirty calendar days of availability of the
patches or upgrades.

R3.2.

R4.2.

The Responsible Entity shall document and implement a process for the update of
anti-virus and malware prevention “signatures.” The process must address testing and
installing the signatures.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R5.3.

R6.

R6.2.

The security monitoring controls shall issue automated or manual alerts for detected
Cyber Security Incidents.

R6.3.

The Responsible Entity shall maintain logs of system events related to cyber security,
where technically feasible, to support incident response as required in Standard CIP008-4.

R6.4.

The Responsible Entity shall retain all logs specified in Requirement R6 for ninety
calendar days.

R6.5.

The Responsible Entity shall review logs of system events related to cyber security
and maintain records documenting review of logs.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R7.

R8.

R9.

Prior to the disposal of such assets, the Responsible Entity shall destroy or erase the
data storage media to prevent unauthorized retrieval of sensitive cyber security or
reliability data.

R7.2.

Prior to redeployment of such assets, the Responsible Entity shall, at a minimum,
erase the data storage media to prevent unauthorized retrieval of sensitive cyber
security or reliability data.

R7.3.

The Responsible Entity shall maintain records that such assets were disposed of or
redeployed in accordance with documented procedures.

R8.3.
R8.4.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1

For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement Authority.

1.2.2

For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the Compliance
Enforcement Authority.

1.2.3

For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other applicable
governmental authorities shall serve as the Compliance Enforcement Authority.

1.2.4

For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance Enforcement
Authority.

1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

The Responsible Entity shall keep all documentation and records from the previous full calendar year unless directed by its Compliance
Enforcement Authority to retain specific evidence for a longer period of time as part of an investigation.

1.4.2

The Responsible Entity shall retain security–related system event logs for ninety calendar days, unless longer retention is required
pursuant to Standard CIP-008-4 Requirement R2.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all requested and
submitted subsequent audit records.

1.5. Additional Compliance Information.
2.

Violation Severity Levels

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

Requirement
R1.

VRF
MEDIUM

Lower VSL
N/A

Moderate VSL
The Responsible Entity did
create, implement and maintain
the test procedures as required in
R1.1, but did not document
that testing is performed as
required in R1.2.

High VSL

Severe VSL

The Responsible Entity did not create, implement and
maintain the test procedures as required in R1.1.

The Responsible Entity did not create, implement and maintain
the test procedures as required in R1.1,
AND
The Responsible Entity did not document that testing was
performed as required in R1.2

AND

The Responsible Entity did not
document the test results as
required in R1.3.

The Responsible Entity did not document the test results as
required in R1.3.

R1.1.

MEDIUM

N/A

R1.2.

LOWER

N/A

R1.3.

LOWER

N/A

R2.

MEDIUM

N/A

The Responsible Entity
established (implemented) but
did not document a process to
ensure that only those ports and
services required for normal and
emergency operations are
enabled.

The Responsible Entity documented but did not establish
(implement) a process to ensure that only those ports and
services required for normal and emergency operations are
enabled.

The Responsible Entity did not establish (implement) nor
document a process to ensure that only those ports and services
required for normal and emergency operations are enabled.

R2.1.

MEDIUM

The Responsible Entity
enabled ports and
services not required for
normal and emergency
operations on at least
one but less than 5% of
the Cyber Assets inside
the Electronic Security
Perimeter(s).

The Responsible Entity enabled
ports and services not required
for normal and emergency
operations on 5% or more but
less than 10% of the Cyber
Assets inside the Electronic
Security Perimeter(s).

The Responsible Entity enabled ports and services not
required for normal and emergency operations on 10% or
more but less than 15% of the Cyber Assets inside the
Electronic Security Perimeter(s).

The Responsible Entity enabled ports and services not required
for normal and emergency operations on 15% or more of the
Cyber Assets inside the Electronic Security Perimeter(s).

R2.2.

MEDIUM

The Responsible Entity
did not disable other
ports and services,
including those used for

The Responsible Entity did not
disable other ports and services,
including those used for testing
purposes, prior to production use

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

testing purposes, prior
to production use for at
least one but less than
5% of the Cyber Assets
inside the Electronic
Security Perimeter(s).

for 5% or more but less than
10% of the Cyber Assets inside
the Electronic Security
Perimeter(s).

R2.3.

MEDIUM

N/A

For cases where unused ports and services cannot be disabled
due to technical limitations, the Responsible Entity did not
document compensating measure(s) applied to mitigate risk
exposure.

R3.

LOWER

tracking, evaluating,
testing, and installing
applicable cyber
security software
patches for all Cyber
Assets within the
Electronic Security
Perimeter(s).
R3.1.

LOWER

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R3.2.

LOWER

N/A

R4.

MEDIUM

The Responsible Entity, as
technically feasible, did not use
anti-virus software and other
malicious software (“malware”)
prevention tools, nor
implemented compensating
measures, on at least 5% but less
than 10% of Cyber Assets within
the Electronic Security
Perimeter(s).

The Responsible Entity, as technically feasible, did not use
anti-virus software and other malicious software
(“malware”) prevention tools, nor implemented
compensating measures, on at least 10% but less than 15%
of Cyber Assets within the Electronic Security Perimeter(s).

R4.1.

MEDIUM

N/A

R4.2.

MEDIUM

R5.

LOWER

N/A

The Responsible Entity
implemented but did not
document technical and
procedural controls that enforce
access authentication of, and
accountability for, all user
activity.

The Responsible Entity documented but did not implement
technical and procedural controls that enforce access
authentication of, and accountability for, all user activity.

The Responsible Entity did not document nor implement
technical and procedural controls that enforce access
authentication of, and accountability for, all user activity.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R5.1.

MEDIUM

N/A

R5.1.1.

LOWER

At least one user
account but less than
1% of user accounts
implemented by the
Responsible Entity,
were not approved by
designated personnel.

One (1) % or more of user
accounts but less than 3% of
user accounts implemented by
the Responsible Entity were not
approved by designated
personnel.

Three (3) % or more of user accounts but less than 5% of
user accounts implemented by the Responsible Entity were
not approved by designated personnel.

Five (5) % or more of user accounts implemented by the
Responsible Entity were not approved by designated personnel.

R5.1.2.

LOWER

N/A

The Responsible Entity generated logs with insufficient
detail to create historical audit trails of individual user
account access activity.

The Responsible Entity did not generate logs of individual user
account access activity.

R5.1.3.

MEDIUM

N/A

The Responsible Entity did not review, at least annually, user
accounts to verify access privileges are in accordance with
Standard CIP-003-4 Requirement R5 and Standard CIP-004-4
Requirement R4.

R5.2.

LOWER

N/A

R5.2.1.

MEDIUM

N/A

For accounts that must remain enabled, the Responsible Entity
did not change passwords prior to putting any system into
service.

R5.2.2.

LOWER

N/A

The Responsible Entity did not identify all individuals with
access to shared accounts.

R5.2.3.

MEDIUM

N/A

Where such accounts must be
shared, the Responsible Entity
has a policy for managing the
use of such accounts, but is
missing 1 of the following 3
items:

Where such accounts must be shared, the Responsible Entity
has a policy for managing the use of such accounts, but is
missing 2 of the following 3 items:

a) limits access to only those
with authorization,
b) has an audit trail of the
account use (automated or

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

manual),
c) has specified steps for
securing the account in the event
of personnel changes (for
example, change in assignment
or termination).
R5.3.

LOWER

The Responsible Entity
requires and uses
passwords as technically
feasible, but only
addresses 2 of the
requirements in R5.3.1,
R5.3.2., R5.3.3.

The Responsible Entity requires
and uses passwords as
technically feasible but only
addresses 1 of the requirements
in R5.3.1, R5.3.2., R5.3.3.

The Responsible Entity requires but does not use passwords
as required in R5.3.1, R5.3.2., R5.3.3 and did not
demonstrate why it is not technically feasible.

The Responsible Entity does not require nor use passwords as
required in R5.3.1, R5.3.2., R5.3.3 and did not demonstrate why
it is not technically feasible.

R5.3.1.

LOWER

N/A

R5.3.2.

LOWER

N/A

R5.3.3.

MEDIUM

N/A

R6.

LOWER

The Responsible Entity, as
technically feasible, did not
implement automated tools or
organizational process controls
to monitor system events that are
related to cyber security for 5%
or more but less than 10% of
Cyber Assets inside the
Electronic Security Perimeter(s).

The Responsible Entity did not implement automated tools or
organizational process controls, as technically feasible, to
monitor system events that are related to cyber security for 15%
or more of Cyber Assets inside the Electronic Security
Perimeter(s).

R6.1.

MEDIUM

N/A

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R6.2.

MEDIUM

N/A

The Responsible entity's security monitoring controls do not
issue automated or manual alerts for detected Cyber Security
Incidents.

R6.3.

MEDIUM

N/A

The Responsible Entity did not maintain logs of system events
related to cyber security, where technically feasible, to support
incident response as required in Standard CIP-008-4.

R6.4.

LOWER

The Responsible Entity
retained the logs
specified in
Requirement R6, for at
least 60 days, but less
than 90 days.

The Responsible Entity retained
the logs specified in
Requirement R6, for at least 30
days, but less than 60 days.

The Responsible Entity retained the logs specified in
Requirement R6, for at least one day, but less than 30 days.

The Responsible Entity did not retain any logs specified in
Requirement R6.

R6.5.

LOWER

N/A

The Responsible Entity did not review logs of system events
related to cyber security nor maintain records documenting
review of logs.

R7.

LOWER

R7.1.

LOWER

N/A

R7.2.

LOWER

N/A

R7.3.

LOWER

N/A

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

LOWER

The Responsible Entity
performed at least
annually a Vulnerability
Assessment that
included 95% or more
but less than 100% of
Cyber Assets within the
Electronic Security
Perimeter.

The Responsible Entity
performed at least annually a
Vulnerability Assessment that
included 90% or more but less
than 95% of Cyber Assets within
the Electronic Security
Perimeter.

The Responsible Entity performed at least annually a
Vulnerability Assessment that included more than 85% but
less than 90% of Cyber Assets within the Electronic Security
Perimeter.

R8.1.

LOWER

N/A

R8.2.

MEDIUM

N/A

R8.3.

MEDIUM

N/A

R8.4.

MEDIUM

N/A

LOWER

N/A

The Responsible Entity did not review and update the
documentation specified in Standard CIP-007-4 at least
annually.

OR
The Responsible Entity did not document changes resulting
from modifications to the systems or controls within thirty
calendar days of the change being completed.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

E. Regional Variances
None identified.
Version History
Version

Date

Action

Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing compliance
elements of standards.
Removal of reasonable business judgment and
acceptance of risk.
Revised the Purpose of this standard to clarify that
Standard CIP-007-2 requires Responsible Entities to
define methods, processes, and procedures for
securing Cyber Assets and other (non-Critical)
Assets within an Electronic Security Perimeter.
Replaced the RRO with the RE as a responsible
entity.
Rewording of Effective Date.
R9 changed ninety (90) days to thirty (30) days
Changed compliance monitor to Compliance
Enforcement Authority.

Updated version numbers from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

Board
approved
01/24/2011

Update version number from “3” to “4”

4/19/12

FERC Order issued approving CIP-007-4 (approval
becomes effective June 25, 2012)

Change Tracking

Update to conform to
changes to CIP-002-4
(Project 2008-06)

Added approved VRF/VSL table to section D.2.

Standard COM-001-1.1 — Telecommunications
A. Introduction
1.

Title:

Telecommunications

Number:

COM-001-1.1

Purpose:
Each Reliability Coordinator, Transmission Operator and Balancing Authority
needs adequate and reliable telecommunications facilities internally and with others for the
exchange of Interconnection and operating information necessary to maintain reliability.

Applicability
4.1. Transmission Operators.
4.2. Balancing Authorities.
4.3. Reliability Coordinators.
4.4. NERCNet User Organizations.

Effective Date:

May 13, 2009

B. Requirements
R1.

Each Reliability Coordinator, Transmission Operator and Balancing Authority shall provide
adequate and reliable telecommunications facilities for the exchange of Interconnection and
operating information:
R1.1.

Internally.

R1.2.

Between the Reliability Coordinator and its Transmission Operators and Balancing
Authorities.

R1.3.

With other Reliability Coordinators, Transmission Operators, and Balancing
Authorities as necessary to maintain reliability.

R1.4.

Where applicable, these facilities shall be redundant and diversely routed.

R2.

Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall manage,
alarm, test and/or actively monitor vital telecommunications facilities. Special attention shall
be given to emergency telecommunications facilities and equipment not used for routine
communications.

R3.

Each Reliability Coordinator, Transmission Operator and Balancing Authority shall provide a
means to coordinate telecommunications among their respective areas. This coordination shall
include the ability to investigate and recommend solutions to telecommunications problems
within the area and with other areas.

R4.

Unless agreed to otherwise, each Reliability Coordinator, Transmission Operator, and
Balancing Authority shall use English as the language for all communications between and
among operating personnel responsible for the real-time generation control and operation of the
interconnected Bulk Electric System. Transmission Operators and Balancing Authorities may
use an alternate language for internal operations.

R5.

Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall have
written operating instructions and procedures to enable continued operation of the system
during the loss of telecommunications facilities.

R6.

Each NERCNet User Organization shall adhere to the requirements in Attachment 1-COM001, “NERCNet Security Policy.”

Page 1 of 6

Standard COM-001-1.1 — Telecommunications
C. Measures
M1. Each Reliability Coordinator, Transmission Operator and Balancing Authority shall have and
provide upon request evidence that could include, but is not limited to communication facility
test-procedure documents, records of testing, and maintenance records for communication
facilities or equivalent that will be used to confirm that it manages, alarms, tests and/or actively
monitors vital telecommunications facilities. (Requirement 2 part 1)
M2. The Reliability Coordinator, Transmission Operator or Balancing Authority shall have and
provide upon request evidence that could include, but is not limited to operator logs, voice
recordings or transcripts of voice recordings, electronic communications, or equivalent, that
will be used to determine compliance to Requirement 4.
M3. Each Reliability Coordinator, Transmission Operator and Balancing Authority shall have and
provide upon request its current operating instructions and procedures, either electronic or hard
copy that will be used to confirm that it meets Requirement 5.
M4. The NERCnet User Organization shall have and provide upon request evidence that could
include, but is not limited to documented procedures, operator logs, voice recordings or
transcripts of voice recordings, electronic communications, etc that will be used to determine if
it adhered to the (User Accountability and Compliance) requirements in Attachment 1-COM001. (Requirement 6)
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
NERC shall be responsible for compliance monitoring of the Regional Reliability Organizations
Regional Reliability Organizations shall be responsible for compliance monitoring of all
other entities
1.2. Compliance Monitoring and Reset Time Frame
One or more of the following methods will be used to assess compliance:
-

Self-certification (Conducted annually with submission according to schedule.)

Spot Check Audits (Conducted anytime with up to 30 days notice given to prepare.)

Periodic Audit (Conducted once every three years according to schedule.)

Triggered Investigations (Notification of an investigation must be made within 60
days of an event or complaint of noncompliance. The entity will have up to 30
calendar days to prepare for the investigation. An entity may request an extension of
the preparation period and the extension will be considered by the Compliance
Monitor on a case-by-case basis.)

The Performance-Reset Period shall be 12 months from the last finding of non-compliance.
1.3. Data Retention
For Measure 1 each Reliability Coordinator, Transmission Operator, Balancing Authority
shall keep evidence of compliance for the previous two calendar years plus the current year.
For Measure 2 each Reliability Coordinator, Transmission Operator, and Balancing
Authority shall keep 90 days of historical data (evidence).

Page 2 of 6

Standard COM-001-1.1 — Telecommunications
For Measure 3, each Reliability Coordinator, Transmission Operator, Balancing
Authority shall have its current operating instructions and procedures to confirm that it
meets Requirement 5.
For Measure 4, each Reliability Coordinator, Transmission Operator, Balancing Authority
and NERCnet User Organization shall keep 90 days of historical data (evidence).
If an entity is found non-compliant the entity shall keep information related to the noncompliance
until found compliant or for two years plus the current year, whichever is longer.
Evidence used as part of a triggered investigation shall be retained by the entity being
investigated for one year from the date that the investigation is closed, as determined by
the Compliance Monitor.
The Compliance Monitor shall keep the last periodic audit report and all requested and
submitted subsequent compliance records.
1.4. Additional Compliance Information
Attachment 1  COM-001 — NERCnet Security Policy
2.

Levels of Non-Compliance for Transmission Operator, Balancing Authority or Reliability
Coordinator
2.1. Level 1: Not applicable.
2.2. Level 2: Not applicable.
2.3. Level 3: There shall be a separate Level 3 non-compliance, for every one of the
following requirements that is in violation:
2.3.1

The Transmission Operator, Balancing Authority or Reliability Coordinator used
a language other then English without agreement as specified in R4.

2.3.2

There are no written operating instructions and procedures to enable continued
operation of the system during the loss of telecommunication facilities as
specified in R5.

2.4. Level 4: Telecommunication systems are not actively monitored, tested, managed or
alarmed as specified in R2.
3.

Levels of Non-Compliance — NERCnet User Organization
3.1. Level 1: Not applicable.
3.2. Level 2: Not applicable.
3.3. Level 3: Not applicable.
3.4. Level 4: Did not adhere to the requirements in Attachment 1-COM-001, NERCnet
Security Policy.

E. Regional Differences
None Identified.
Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from Effective Date

Errata

Page 3 of 6

Standard COM-001-1.1 — Telecommunications

November 1, 2006

Adopted by Board of Trustees

Revised

April 6, 2007

Requirement 1, added the word “for”
between “facilities” and “the exchange.”

Errata

October 29, 2008

BOT adopted errata changes; updated
version number to “1.1”

Errata

1.1

Page 4 of 6

Standard COM-001-1.1 — Telecommunications
Attachment 1  COM-001 — NERCnet Security Policy
Policy Statement
The purpose of this NERCnet Security Policy is to establish responsibilities and minimum requirements
for the protection of information assets, computer systems and facilities of NERC and other users of the
NERC frame relay network known as “NERCnet.” The goal of this policy is to prevent misuse and loss
of assets.
For the purpose of this document, information assets shall be defined as processed or unprocessed data
using the NERCnet Telecommunications Facilities including network documentation. This policy shall
also apply as appropriate to employees and agents of other corporations or organizations that may be
directly or indirectly granted access to information associated with NERCnet.
The objectives of the NERCnet Security Policy are:
•
•
•

To ensure that NERCnet information assets are adequately protected on a cost-effective basis and
to a level that allows NERC to fulfill its mission.
To establish connectivity guidelines for a minimum level of security for the network.
To provide a mandate to all Users of NERCnet to properly handle and protect the information that
they have access to in order for NERC to be able to properly conduct its business and provide
services to its customers.

NERC’s Security Mission Statement
NERC recognizes its dependency on data, information, and the computer systems used to facilitate
effective operation of its business and fulfillment of its mission. NERC also recognizes the value of the
information maintained and provided to its members and others authorized to have access to NERCnet. It
is, therefore, essential that this data, information, and computer systems, and the manual and technical
infrastructure that supports it, are secure from destruction, corruption, unauthorized access, and accidental
or deliberate breach of confidentiality.
Implementation and Responsibilities
This section identifies the various roles and responsibilities related to the protection of NERCnet
resources.
NERCnet User Organizations
Users of NERCnet who have received authorization from NERC to access the NERC network are
considered users of NERCnet resources. To be granted access, users shall complete a User Application
Form and submit this form to the NERC Telecommunications Manager.
Responsibilities
It is the responsibility of NERCnet User Organizations to:
•
•
•
•
•
•
•
•

Use NERCnet facilities for NERC-authorized business purposes only.
Comply with the NERCnet security policies, standards, and guidelines, as well as any procedures
specified by the data owner.
Prevent unauthorized disclosure of the data.
Report security exposures, misuse, or non-compliance situations via Reliability Coordinator
Information System or the NERC Telecommunications Manager.
Protect the confidentiality of all user IDs and passwords.
Maintain the data they own.
Maintain documentation identifying the users who are granted access to NERCnet data or
applications.
Authorize users within their organizations to access NERCnet data and applications.

Page 5 of 6

Standard COM-001-1.1 — Telecommunications
•
•
•

Advise staff on NERCnet Security Policy.
Ensure that all NERCnet users understand their obligation to protect these assets.
Conduct self-assessments for compliance.

User Accountability and Compliance
All users of NERCnet shall be familiar and ensure compliance with the policies in this document.
Violations of the NERCnet Security Policy shall include, but not be limited to any act that:
•

Exposes NERC or any user of NERCnet to actual or potential monetary loss through the
compromise of data security or damage.
• Involves the disclosure of trade secrets, intellectual property, confidential information or the
unauthorized use of data.
Involves the use of data for illicit purposes, which may include violation of any law, regulation or
reporting requirement of any law enforcement or government body.

Page 6 of 6

Standard EOP-004-1 — Disturbance Reporting

A. Introduction
1.

Title:

Disturbance Reporting

Number:

EOP-004-1

Purpose: Disturbances or unusual occurrences that jeopardize the operation of the
Bulk Electric System, or result in system equipment damage or customer interruptions,
need to be studied and understood to minimize the likelihood of similar events in the
future.

Applicability
4.1. Reliability Coordinators.
4.2. Balancing Authorities.
4.3. Transmission Operators.
4.4. Generator Operators.
4.5. Load Serving Entities.
4.6. Regional Reliability Organizations.

Effective Date:

January 1, 2007

B. Requirements
R1.

Each Regional Reliability Organization shall establish and maintain a Regional
reporting procedure to facilitate preparation of preliminary and final disturbance
reports.

R2.

A Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator or Load Serving Entity shall promptly analyze Bulk Electric System
disturbances on its system or facilities.

R3.

A Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator or Load Serving Entity experiencing a reportable incident shall provide a
preliminary written report to its Regional Reliability Organization and NERC.
R3.1.

The affected Reliability Coordinator, Balancing Authority, Transmission
Operator, Generator Operator or Load Serving Entity shall submit within 24
hours of the disturbance or unusual occurrence either a copy of the report
submitted to DOE, or, if no DOE report is required, a copy of the NERC
Interconnection Reliability Operating Limit and Preliminary Disturbance
Report form. Events that are not identified until some time after they occur
shall be reported within 24 hours of being recognized.

R3.2.

Applicable reporting forms are provided in Attachments 1-EOP-004 and 2EOP-004.

R3.3.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 1 of 13

Standard EOP-004-1 — Disturbance Reporting

time. The affected Reliability Coordinator, Balancing Authority, Transmission
Operator, Generator Operator, or Load Serving Entity shall then provide
timely, periodic verbal updates until adequate information is available to issue
a written Preliminary Disturbance Report.
R3.4.

If, in the judgment of the Regional Reliability Organization, after consultation
with the Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator, or Load Serving Entity in which a disturbance occurred, a
final report is required, the affected Reliability Coordinator, Balancing
Authority, Transmission Operator, Generator Operator, or Load Serving Entity
shall prepare this report within 60 days. As a minimum, the final report shall
have a discussion of the events and its cause, the conclusions reached, and
recommendations to prevent recurrence of this type of event. The report shall
be subject to Regional Reliability Organization approval.

R4.

When a Bulk Electric System disturbance occurs, the Regional Reliability Organization
shall make its representatives on the NERC Operating Committee and Disturbance
Analysis Working Group available to the affected Reliability Coordinator, Balancing
Authority, Transmission Operator, Generator Operator, or Load Serving Entity
immediately affected by the disturbance for the purpose of providing any needed
assistance in the investigation and to assist in the preparation of a final report.

R5.

The Regional Reliability Organization shall track and review the status of all final
report recommendations at least twice each year to ensure they are being acted upon in
a timely manner. If any recommendation has not been acted on within two years, or if
Regional Reliability Organization tracking and review indicates at any time that any
recommendation is not being acted on with sufficient diligence, the Regional
Reliability Organization shall notify the NERC Planning Committee and Operating
Committee of the status of the recommendation(s) and the steps the Regional
Reliability Organization has taken to accelerate implementation.

C. Measures
M1. The Regional Reliability Organization shall have and provide upon request as

evidence, its current regional reporting procedure that is used to facilitate preparation
of preliminary and final disturbance reports. (Requirement 1)
M2. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator

Operator, and Load-Serving Entity that has a reportable incident shall have and provide
upon request evidence that could include, but is not limited to, the preliminary report,
computer printouts, operator logs, or other equivalent evidence that will be used to
confirm that it prepared and delivered the NERC Interconnection Reliability Operating
Limit and Preliminary Disturbance Reports to NERC within 24 hours of its recognition
as specified in Requirement 3.1.
M3. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator

Operator, and/or Load Serving Entity that has a reportable incident shall have and
provide upon request evidence that could include, but is not limited to, operator logs,
voice recordings or transcripts of voice recordings, electronic communications, or other
equivalent evidence that will be used to confirm that it provided information verbally
as time permitted, when system conditions precluded the preparation of a report in 24
hours. (Requirement 3.3)
Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 2 of 13

Standard EOP-004-1 — Disturbance Reporting

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility

NERC shall be responsible for compliance monitoring of the Regional Reliability
Organizations.
Regional Reliability Organizations shall be responsible for compliance monitoring
of Reliability Coordinators, Balancing Authorities, Transmission Operators,
Generator Operators, and Load-serving Entities.
1.2. Compliance Monitoring and Reset Time Frame

One or more of the following methods will be used to assess compliance:
- Self-certification (Conducted annually with submission according to
schedule.)
- Spot Check Audits (Conducted anytime with up to 30 days notice given to
prepare.)
- Periodic Audit (Conducted once every three years according to schedule.)
- Triggered Investigations (Notification of an investigation must be made
within 60 days of an event or complaint of noncompliance. The entity will
have up to 30 days to prepare for the investigation. An entity may request an
extension of the preparation period and the extension will be considered by
the Compliance Monitor on a case-by-case basis.)
The Performance-Reset Period shall be 12 months from the last finding of noncompliance.
1.3. Data Retention

Each Regional Reliability Organization shall have its current, in-force, regional
reporting procedure as evidence of compliance. (Measure 1)
Each Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator, and/or Load Serving Entity that is either involved in a Bulk
Electric System disturbance or has a reportable incident shall keep data related to
the incident for a year from the event or for the duration of any regional
investigation, whichever is longer. (Measures 2 through 4)
If an entity is found non-compliant the entity shall keep information related to the
noncompliance until found compliant or for two years plus the current year,
whichever is longer.
Evidence used as part of a triggered investigation shall be retained by the entity
being investigated for one year from the date that the investigation is closed, as
determined by the Compliance Monitor,
The Compliance Monitor shall keep the last periodic audit report and all requested
and submitted subsequent compliance records.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 3 of 13

Standard EOP-004-1 — Disturbance Reporting

1.4. Additional Compliance Information

See Attachments:
- EOP-004 Disturbance Reporting Form
- Table 1 EOP-004
Levels of Non-Compliance for a Regional Reliability Organization

2.1. Level 1: Not applicable.
2.2. Level 2: Not applicable.
2.3. Level 3: Not applicable.
2.4. Level 4: No current procedure to facilitate preparation of preliminary and final

disturbance reports as specified in R1.
Levels of Non-Compliance for a Reliability Coordinator, Balancing Authority,
Transmission Operator, Generator Operator, and Load- Serving Entity:

3.1. Level 1: There shall be a level one non-compliance if any of the following

conditions exist:
3.1.1

Failed to prepare and deliver the NERC Interconnection Reliability
Operating Limit and Preliminary Disturbance Reports to NERC within 24
hours of its recognition as specified in Requirement 3.1

3.1.2

Failed to provide disturbance information verbally as time permitted,
when system conditions precluded the preparation of a report in 24 hours
as specified in R3.3

3.1.3

Failed to prepare a final report within 60 days as specified in R3.4

3.2. Level 2: Not applicable.
3.3. Level 3: Not applicable
3.4. Level 4: Not applicable.
E. Regional Differences

None identified.
Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

May 23, 2005

Fixed reference to attachments 1-EOP004-0 and 2-EOP-004-0, Changed chart
title 1-FAC-004-0 to 1-EOP-004-0,
Fixed title of Table 1 to read 1-EOP004-0, and fixed font.

Errata

July 6, 2005

Fixed email in Attachment 1-EOP-004-0 Errata
from [email protected] to
[email protected].

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 4 of 13

Standard EOP-004-1 — Disturbance Reporting

July 26, 2005

Fixed Header on page 8 to read EOP004-0

Errata

August 8, 2005

Removed “Proposed” from Effective
Date

Errata

November 1,
2006

Adopted by Board of Trustees

Revised

March 22,
2007

Updated Department of Energy link and
references to Form OE-411

Errata

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 5 of 13

Standard EOP-004-1 — Disturbance Reporting

Attachment 1-EOP-004
NERC Disturbance Report Form
Introduction
These disturbance reporting requirements apply to all Reliability Coordinators, Balancing
Authorities, Transmission Operators, Generator Operators, and Load Serving Entities, and
provide a common basis for all NERC disturbance reporting. The entity on whose system a
reportable disturbance occurs shall notify NERC and its Regional Reliability Organization of the
disturbance using the NERC Interconnection Reliability Operating Limit and Preliminary
Disturbance Report forms. Reports can be sent to NERC via email ([email protected]) by
facsimile (609-452-9550) using the NERC Interconnection Reliability Operating Limit and
Preliminary Disturbance Report forms. If a disturbance is to be reported to the U.S. Department
of Energy also, the responding entity may use the DOE reporting form when reporting to NERC.
Note: All Emergency Incident and Disturbance Reports (Schedules 1 and 2) sent to DOE shall be
simultaneously sent to NERC, preferably electronically at [email protected].
The NERC Interconnection Reliability Operating Limit and Preliminary Disturbance Reports are
to be made for any of the following events:
1.

2.
3.

The loss of a bulk power transmission component that significantly affects the integrity of
interconnected system operations. Generally, a disturbance report will be required if the
event results in actions such as:
a.
Modification of operating procedures.
b.
Modification of equipment (e.g. control systems or special protection systems) to
prevent reoccurrence of the event.
c.
Identification of valuable lessons learned.
d.
Identification of non-compliance with NERC standards or policies.
e.
Identification of a disturbance that is beyond recognized criteria, i.e. three-phase fault
with breaker failure, etc.
f.
Frequency or voltage going below the under-frequency or under-voltage load shed
points.
The occurrence of an interconnected system separation or system islanding or both.
Loss of generation by a Generator Operator, Balancing Authority, or Load-Serving Entity
⎯ 2,000 MW or more in the Eastern Interconnection or Western Interconnection and 1,000
MW or more in the ERCOT Interconnection.
Equipment failures/system operational actions which result in the loss of firm system
demands for more than 15 minutes, as described below:
a.
Entities with a previous year recorded peak demand of more than 3,000 MW are
required to report all such losses of firm demands totaling more than 300 MW.
b.
All other entities are required to report all such losses of firm demands totaling more
than 200 MW or 50% of the total customers being supplied immediately prior to the
incident, whichever is less.
Firm load shedding of 100 MW or more to maintain the continuity of the bulk electric
system.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 6 of 13

Standard EOP-004-1 — Disturbance Reporting

7.
8.

Any action taken by a Generator Operator, Transmission Operator, Balancing Authority, or
Load-Serving Entity that results in:
a.
Sustained voltage excursions equal to or greater than ±10%, or
b.
Major damage to power system components, or
c.
Failure, degradation, or misoperation of system protection, special protection schemes,
remedial action schemes, or other operating systems that do not require operator
intervention, which did result in, or could have resulted in, a system disturbance as
defined by steps 1 through 5 above.
An Interconnection Reliability Operating Limit (IROL) violation as required in reliability
standard TOP-007.
Any event that the Operating Committee requests to be submitted to Disturbance Analysis
Working Group (DAWG) for review because of the nature of the disturbance and the
insight and lessons the electricity supply and delivery industry could learn.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 7 of 13

Standard EOP-004-1 — Disturbance Reporting

NERC Interconnection Reliability Operating Limit and Preliminary Disturbance
Report
Check here if this is an Interconnection Reliability Operating Limit (IROL) violation report.
1. Organization filing report.
2. Name of person filing report.
3. Telephone number.
4. Date and time of disturbance.
Date:(mm/dd/yy)
Time/Zone:
5. Did the disturbance originate in your
system?

Yes

6. Describe disturbance including: cause,
equipment damage, critical services
interrupted, system separation, key
scheduled and actual flows prior to
disturbance and in the case of a
disturbance involving a special
protection or remedial action scheme,
what action is being taken to prevent
recurrence.
7. Generation tripped.
MW Total
List generation tripped
8. Frequency.
Just prior to disturbance (Hz):
Immediately after disturbance (Hz
max.):
Immediately after disturbance (Hz
min.):
9. List transmission lines tripped (specify
voltage level of each line).
10.

FIRM

INTERRUPTIBLE

Demand tripped (MW):
Number of affected Customers:

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 8 of 13

Standard EOP-004-1 — Disturbance Reporting

Demand lost (MW-Minutes):
11. Restoration time.

INITIAL

FINAL

Transmission:
Generation:
Demand:

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 9 of 13

Standard EOP-004-1 — Disturbance Reporting

Attachment 2-EOP-004
U.S. Department of Energy Disturbance Reporting Requirements
Introduction
The U.S. Department of Energy (DOE), under its relevant authorities, has established mandatory
reporting requirements for electric emergency incidents and disturbances in the United States.
DOE collects this information from the electric power industry on Form OE-417 to meet its
overall national security and Federal Energy Management Agency’s Federal Response Plan
(FRP) responsibilities. DOE will use the data from this form to obtain current information
regarding emergency situations on U.S. electric energy supply systems. DOE’s Energy
Information Administration (EIA) will use the data for reporting on electric power emergency
incidents and disturbances in monthly EIA reports. In addition, the data may be used to develop
legislative recommendations, reports to the Congress and as a basis for DOE investigations
following severe, prolonged, or repeated electric power reliability problems.
Every Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator
or Load Serving Entity must use this form to submit mandatory reports of electric power system
incidents or disturbances to the DOE Operations Center, which operates on a 24-hour basis,
seven days a week. All other entities operating electric systems have filing responsibilities to
provide information to the Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator or Load Serving Entity when necessary for their reporting obligations and to
file form OE-417 in cases where these entities will not be involved. EIA requests that it be
notified of those that plan to file jointly and of those electric entities that want to file separately.
Special reporting provisions exist for those electric utilities located within the United States, but
for whom Reliability Coordinator oversight responsibilities are handled by electrical systems
located across an international border. A foreign utility handling U.S. Balancing Authority
responsibilities, may wish to file this information voluntarily to the DOE. Any U.S.-based utility
in this international situation needs to inform DOE that these filings will come from a foreignbased electric system or file the required reports themselves.
Form EIA-417 must be submitted to the DOE Operations Center if any one of the following
applies (see Table 1-EOP-004-0 — Summary of NERC and DOE Reporting Requirements for
Major Electric System Emergencies):
1. Uncontrolled loss of 300 MW or more of firm system load for more than 15 minutes from a
2.
3.
4.
5.

single incident.
Load shedding of 100 MW or more implemented under emergency operational policy.
System-wide voltage reductions of 3 percent or more.
Public appeal to reduce the use of electricity for purposes of maintaining the continuity of the
electric power system.
Actual or suspected physical attacks that could impact electric power system adequacy or
reliability; or vandalism, which target components of any security system. Actual or
suspected cyber or communications attacks that could impact electric power system
adequacy or vulnerability.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 10 of 13

Standard EOP-004-1 — Disturbance Reporting

6. Actual or suspected cyber or communications attacks that could impact electric power system

adequacy or vulnerability.
7. Fuel supply emergencies that could impact electric power system adequacy or reliability.
8. Loss of electric service to more than 50,000 customers for one hour or more.
9. Complete operational failure or shut-down of the transmission and/or distribution electrical

system.
The initial DOE Emergency Incident and Disturbance Report (form OE-417 – Schedule 1) shall
be submitted to the DOE Operations Center within 60 minutes of the time of the system
disruption. Complete information may not be available at the time of the disruption. However,
provide as much information as is known or suspected at the time of the initial filing. If the
incident is having a critical impact on operations, a telephone notification to the DOE Operations
Center (202-586-8100) is acceptable, pending submission of the completed form OE-417.
Electronic submission via an on-line web-based form is the preferred method of notification.
However, electronic submission by facsimile or email is acceptable.
An updated form OE-417 (Schedule 1 and 2) is due within 48 hours of the event to provide
complete disruption information. Electronic submission via facsimile or email is the preferred
method of notification. Detailed DOE Incident and Disturbance reporting requirements can be
found at: http://www.oe.netl.doe.gov/oe417.aspx.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 11 of 13

Standard EOP-004-1 — Disturbance Reporting

Table 1-EOP-004-0
Summary of NERC and DOE Reporting Requirements for Major Electric System
Emergencies
Incident
Report
Incident
Threshold
Time
No.
Required
Uncontrolled
1 hour
OE – Sch-1
loss of Firm
≥ 300 MW – 15 minutes or more
48
1
OE – Sch-2
System Load
hour
1 hour
≥ 100 MW under emergency
OE – Sch-1
Load Shedding
48
2
operational policy
OE – Sch-2
hour
1 hour
Voltage
OE – Sch-1
3% or more – applied system-wide
48
3
Reductions
OE – Sch-2
hour
1 hour
Emergency conditions to reduce
OE – Sch-1
Public Appeals
48
4
demand
OE – Sch-2
hour
Physical
1 hour
sabotage,
On physical security systems –
OE – Sch-1
48
5
terrorism or
suspected or real
OE – Sch-2
hour
vandalism
Cyber sabotage,
1 hour
If the attempt is believed to have or
OE – Sch-1
terrorism or
48
6
did happen
OE – Sch-2
vandalism
hour
1 hour
Fuel supply
Fuel inventory or hydro storage
OE – Sch-1
48
7
emergencies
levels ≤ 50% of normal
OE – Sch-2
hour
1 hour
Loss of electric
OE – Sch-1
≥ 50,000 for 1 hour or more
48
8
service
OE – Sch-2
hour
Complete
If isolated or interconnected
1 hour
operation failure
OE – Sch-1
electrical systems suffer total
48
9
of electrical
OE – Sch-2
electrical system collapse
hour
system
All DOE OE-417 Schedule 1 reports are to be filed within 60-minutes after the start of an
incident or disturbance
All DOE OE-417 Schedule 2 reports are to be filed within 48-hours after the start of an incident
or disturbance
All entities required to file a DOE OE-417 report (Schedule 1 & 2) shall send a copy of these
reports to NERC simultaneously, but no later than 24 hours after the start of the incident or
disturbance.
Incident
Report
Incident
Threshold
Time
No.
Required
Loss of major
24
Significantly affects integrity of
NERC Prelim
system
hour
1
interconnected system operations
Final report
component
60 day
Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 12 of 13

Standard EOP-004-1 — Disturbance Reporting

Interconnected
system
separation or
system islanding

Loss of
generation

Loss of firm
load ≥15minutes

Firm load
shedding

≥100 MW to maintain continuity of
bulk system
•
•

System
operation or
operation
actions resulting
in:

Total system shutdown
Partial shutdown, separation, or
islanding
≥ 2,000 – Eastern Interconnection
≥ 2,000 – Western Interconnection
≥ 1,000 – ERCOT Interconnection
Entities with peak demand ≥3,000:
loss ≥300 MW
All others ≥200MW or 50% of total
demand

•

Voltage excursions ≥10%
Major damage to system
components
Failure, degradation, or
misoperation of SPS

NERC Prelim
Final report

24
hour
60 day

NERC Prelim
Final report

24
hour
60 day

NERC Prelim
Final report

24
hour
60 day

NERC Prelim
Final report

24
hour
60 day

NERC Prelim
Final report

24
hour
60 day

72
IROL violation
Reliability standard TOP-007.
hour
7
60 day
Due to nature of disturbance &
24
As requested by
NERC Prelim
usefulness to industry (lessons
hour
8
ORS Chairman
Final report
learned)
60 day
All NERC Operating Security Limit and Preliminary Disturbance reports will be filed within 24
hours after the start of the incident. If an entity must file a DOE OE-417 report on an incident,
which requires a NERC Preliminary report, the Entity may use the DOE OE-417 form for both
DOE and NERC reports.
Any entity reporting a DOE or NERC incident or disturbance has the responsibility to also
notify its Regional Reliability Organization.
NERC Prelim
Final report

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 13 of 13

Standard EOP-005-2 — System Restoration from Blackstart Resources

A. Introduction
1.

Title:

System Restoration from Blackstart Resources

Number:

EOP-005-2

Strategies for system restoration that are coordinated with the Reliability
Coordinator’s high level strategy for restoring the Interconnection.

R1.2.

R1.3.

Procedures for restoring interconnections with other Transmission Operators
under the direction of the Reliability Coordinator.

R1.4.

R1.5.

Identification of Cranking Paths and initial switching requirements between
each Blackstart Resource and the unit(s) to be started.

R1.6.

Identification of acceptable operating voltage and frequency limits during
restoration.

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

R1.7.

Operating Processes to reestablish connections within the Transmission
Operator’s System for areas that have been restored and are prepared for
reconnection.

R1.8.

R1.9.

Operating Processes for transferring authority back to the Balancing Authority
in accordance with the Reliability Coordinator’s criteria.

R2. Each Transmission Operator shall provide the entities identified in its approved
restoration plan with a description of any changes to their roles and specific tasks prior
to the implementation date of the plan. [Violation Risk Factor = Lower] [Time
Horizon = Operations Planning]
R3. Each Transmission Operator shall review its restoration plan and submit it to its
Reliability Coordinator annually on a mutually agreed predetermined schedule.
[Violation Risk Factor = Medium] [Time Horizon = Operations Planning]
R3.1.

Each Transmission Operator shall submit its revised restoration plan to its
Reliability Coordinator for approval within the same 90 calendar day period.

R5. Each Transmission Operator shall have a copy of its latest Reliability Coordinator
approved restoration plan within its primary and backup control rooms so that it is
available to all of its System Operators prior to its implementation date. [Violation
Risk Factor = Lower] [Time Horizon = Operations Planning]
R6. Each Transmission Operator shall verify through analysis of actual events, steady state
and dynamic simulations, or testing that its restoration plan accomplishes its intended
function. This shall be completed every five years at a minimum. Such analysis,
simulations or testing shall verify: [Violation Risk Factor = Medium] [Time Horizon =
Long-term Planning]
R6.1.

The capability of Blackstart Resources to meet the Real and Reactive Power
requirements of the Cranking Paths and the dynamic capability to supply initial
Loads.

R6.2.

The location and magnitude of Loads required to control voltages and
frequency within acceptable operating limits.

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

R6.3.

The capability of generating resources required to control voltages and
frequency within acceptable operating limits.

R7. Following a Disturbance in which one or more areas of the BES shuts down and the
use of Blackstart Resources is required to restore the shut down area to service, each
affected Transmission Operator shall implement its restoration plan. If the restoration
plan cannot be executed as expected the Transmission Operator shall utilize its
restoration strategies to facilitate restoration. [Violation Risk Factor = High] [Time
Horizon = Real-time Operations]
R8. Following a Disturbance in which one or more areas of the BES shuts down and the
use of Blackstart Resources is required to restore the shut down area to service, the
Transmission Operator shall resynchronize area(s) with neighboring Transmission
Operator area(s) only with the authorization of the Reliability Coordinator or in
accordance with the established procedures of the Reliability Coordinator. [Violation
Risk Factor = High] [Time Horizon = Real-time Operations]
R9. Each Transmission Operator shall have Blackstart Resource testing requirements to
verify that each Blackstart Resource is capable of meeting the requirements of its
restoration plan. These Blackstart Resource testing requirements shall include:
[Violation Risk Factor = Medium] [Time Horizon = Operations Planning]
R9.1.

The frequency of testing such that each Blackstart Resource is tested at least
once every three calendar years.

R9.2.

R9.3.

The minimum duration of each of the required tests.

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

R11. Each Transmission Operator, each applicable Transmission Owner, and each
applicable Distribution Provider shall provide a minimum of two hours of System
restoration training every two calendar years to their field switching personnel
identified as performing unique tasks associated with the Transmission Operator’s
restoration plan that are outside of their normal tasks. [Violation Risk Factor =
Medium] [Time Horizon = Operations Planning]
R12. Each Transmission Operator shall participate in its Reliability Coordinator’s restoration
drills, exercises, or simulations as requested by its Reliability Coordinator. [Violation
Risk Factor = Medium] [Time Horizon = Operations Planning]
R13. Each Transmission Operator and each Generator Operator with a Blackstart Resource
shall have written Blackstart Resource Agreements or mutually agreed upon
procedures or protocols, specifying the terms and conditions of their arrangement.
Such Agreements shall include references to the Blackstart Resource testing
requirements. [Violation Risk Factor = Medium] [Time Horizon = Operations
Planning]
R14. Each Generator Operator with a Blackstart Resource shall have documented procedures
for starting each Blackstart Resource and energizing a bus. [Violation Risk Factor =
Medium] [Time Horizon = Operations Planning]
R15. Each Generator Operator with a Blackstart Resource shall notify its Transmission
Operator of any known changes to the capabilities of that Blackstart Resource affecting
the ability to meet the Transmission Operator’s restoration plan within 24 hours
following such change. [Violation Risk Factor = Medium] [Time Horizon =
Operations Planning]
R16. Each Generator Operator with a Blackstart Resource shall perform Blackstart Resource
tests, and maintain records of such testing, in accordance with the testing requirements
set by the Transmission Operator to verify that the Blackstart Resource can perform as
specified in the restoration plan. [Violation Risk Factor = Medium] [Time Horizon =
Operations Planning]
R16.1. Testing records shall include at a minimum: name of the Blackstart Resource,
unit tested, date of the test, duration of the test, time required to start the unit,
an indication of any testing requirements not met under Requirement R9.
R16.2. Each Generator Operator shall provide the blackstart test results within 30
calendar days following a request from its Reliability Coordinator or
Transmission Operator.
R17. Each Generator Operator with a Blackstart Resource shall provide a minimum of two
hours of training every two calendar years to each of its operating personnel
responsible for the startup of its Blackstart Resource generation units and energizing a
bus. The training program shall include training on the following: [Violation Risk
Factor = Medium] [Time Horizon = Operations Planning]
R17.1. System restoration plan including coordination with the Transmission
Operator.
R17.2. The procedures documented in Requirement R14.

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

R18. Each Generator Operator shall participate in the Reliability Coordinator’s restoration
drills, exercises, or simulations as requested by the Reliability Coordinator. [Violation
Risk Factor = Medium] [Time Horizon = Operations Planning]
C. Measures
M1. Each Transmission Operator shall have a dated, documented System restoration plan
developed in accordance with Requirement R1 that has been approved by its
Reliability Coordinator as shown with the documented approval from its Reliability
Coordinator.
M2. Each Transmission Operator shall have evidence such as e-mails with receipts or
registered mail receipts that it provided the entities identified in its approved
restoration plan with a description of any changes to their roles and specific tasks prior
to the implementation date of the plan in accordance with Requirement R2.
M3. Each Transmission Operator shall have documentation such as a dated review signature
sheet, revision histories, e-mails with receipts, or registered mail receipts, that it has
annually reviewed and submitted the Transmission Operator’s restoration plan to its
Reliability Coordinator in accordance with Requirement R3.
M4. Each Transmission Operator shall have documentation such as dated review signature
sheets, revision histories, e-mails with receipts, or registered mail receipts, that it has
updated its restoration plan and submitted it to its Reliability Coordinator in
accordance with Requirement R4.
M5. Each Transmission Operator shall have documentation that it has made the latest
Reliability Coordinator approved copy of its restoration plan available in its primary
and backup control rooms and its System Operators prior to its implementation date in
accordance with Requirement R5.
M6. Each Transmission Operator shall have documentation such as power flow outputs,
that it has verified that its latest restoration plan will accomplish its intended function
in accordance with Requirement R6.
M7. If there has been a Disturbance in which Blackstart Resources have been utilized in
restoring the shut down area of the BES to service, each Transmission Operator
involved shall have evidence such as voice recordings, e-mail, dated computer
printouts, or operator logs, that it implemented its restoration plan or restoration plan
strategies in accordance with Requirement R7.
M8. If there has been a Disturbance in which Blackstart Resources have been utilized in
restoring the shut down area of the BES to service, each Transmission Operator
involved in such an event shall have evidence, such as voice recordings, e-mail, dated
computer printouts, or operator logs, that it resynchronized shut down areas in
accordance with Requirement R8.
M9. Each Transmission Operator shall have documented Blackstart Resource testing
requirements in accordance with Requirement R9.
M10. Each Transmission Operator shall have an electronic or hard copy of the training
program material provided for its System Operators for System restoration training in
accordance with Requirement R10.
Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

M11. Each Transmission Operator, each applicable Transmission Owner, and each
applicable Distribution Provider shall have an electronic or hard copy of the training
program material provided to their field switching personnel for System restoration
training and the corresponding training records including training dates and duration in
accordance with Requirement R11.
M12. Each Transmission Operator shall have evidence, such as training records, that it
participated in the Reliability Coordinator’s restoration drills, exercises, or simulations
as requested in accordance with Requirement R12.
M13. Each Transmission Operator and Generator Operator with a Blackstart Resource shall
have the dated Blackstart Resource Agreements or mutually agreed upon procedures or
protocols in accordance with Requirement R13.
M14. Each Generator Operator with a Blackstart Resource shall have dated documented
procedures on file for starting each unit and energizing a bus in accordance with
Requirement R14.
M15. Each Generator Operator with a Blackstart Resource shall provide evidence, such as emails with receipts or registered mail receipts, showing that it notified its Transmission
Operator of any known changes to its Blackstart Resource capabilities within twentyfour hours of such changes in accordance with Requirement R15.
M16. Each Generator Operator with a Blackstart Resource shall maintain dated
documentation of its Blackstart Resource test results and shall have evidence such as emails with receipts or registered mail receipts, that it provided these records to its
Reliability Coordinator and Transmission Operator when requested in accordance with
Requirement R16.
M17. Each Generator Operator with a Blackstart Resource shall have an electronic or hard
copy of the training program material provided to its operating personnel responsible
for the startup and synchronization of its Blackstart Resource generation units and a
copy of its dated training records including training dates and durations showing that it
has provided training in accordance with Requirement R17.
M18. Each Generator Operator shall have evidence, such as dated training records, that it
participated in the Reliability Coordinator’s restoration drills, exercises, or simulations
if requested to do so in accordance with Requirement R18.
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority

Regional Entity.
1.2. Compliance Monitoring Period and Reset Time Frame

Not applicable.
1.3. Compliance Monitoring and Enforcement Processes:

Compliance Audits
Self-Certifications
Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention

Standard EOP-005-2 — System Restoration from Blackstart Resources

as well as one previous compliance audit period for Requirement R12,
Measure M12.
If a Transmission Operator is found non-compliant for any requirement, it shall
keep information related to the non-compliance until found compliant.
The Transmission Operator, applicable Transmission Owner, and applicable
Distribution provider shall keep data or evidence to show compliance as identified
below unless directed by its Compliance Enforcement Authority to retain specific
evidence for a longer period of time as part of an investigation:
o Actual training program materials or descriptions and actual training
records for three calendar years for Requirement R11, Measure M11.
If a Transmission Operator, applicable Transmission owner, or applicable
Distribution Provider is found non-compliant for any requirement, it shall keep
information related to the non-compliance until found compliant.
The Transmission Operator and Generator Operator with a Blackstart Resource
shall keep data or evidence to show compliance as identified below unless
directed by its Compliance Enforcement Authority to retain specific evidence for
a longer period of time as part of an investigation:
o Current Blackstart Resource Agreements and any Blackstart Resource
Agreements or mutually agreed upon procedures or protocols in force
since its last compliance audit for Requirement R13, Measure M13.
The Generator Operator with a Blackstart Resource shall keep data or evidence to
show compliance as identified below unless directed by its Compliance
Enforcement Authority to retain specific evidence for a longer period of time as
part of an investigation:
o Current documentation and any documentation in force since its last
compliance audit on procedures to start each Blackstart Resources and for
energizing a bus for Requirement R14, Measure M14.
o Notification to its Transmission Operator of any known changes to its
Blackstart Resource capabilities over the last three calendar years for
Requirement R15, Measure M15.
o The verification test results for the current set of requirements and one
previous set for its Blackstart Resources for Requirement R16, Measure
M16.
o Actual training program materials and actual training records for three
calendar years for Requirement R17, Measure M17.
If a Generation Operator with a Blackstart Resource is found non-compliant for
any requirement, it shall keep information related to the non-compliance until
found compliant.
The Generator Operator shall keep data or evidence to show compliance as
identified below unless directed by its Compliance Enforcement Authority to
retain specific evidence for a longer period of time as part of an investigation:

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

o Records of participation in all requested Reliability Coordinator
restoration drills, exercises, or simulations since its last compliance audit
for Requirement R18, Measure M18.
If a Generation Operator is found non-compliant for any requirement, it shall keep
information related to the non-compliance until found compliant.
The Compliance Enforcement Authority shall keep the last audit records and all
requested and submitted subsequent audit records.
1.5. Additional Compliance Information

None.

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources
2.

Violation Severity Levels
Lower VSL

Moderate VSL

High VSL

Severe VSL

R1.

The Transmission Operator has an
approved plan but failed to comply
with one of the sub-requirements
within the requirement.

The Transmission Operator has an
approved plan but failed to comply
with two of the sub-requirements
within the requirement.

The Transmission Operator has an
approved plan but failed to comply
with three of the sub-requirements
within the requirement.

The Transmission Operator does not
have an approved restoration plan.

R2.

The Transmission Operator failed to
provide one of the entities identified
in its approved restoration plan with
a description of any changes to their
roles and specific tasks prior to the
implementation date of the plan.
OR
The Transmission Operator provided
the information to all entities but
was up to 30 calendar days late in
doing so.

The Transmission Operator failed to
provide two of the entities identified
in its approved restoration plan with
a description of any changes to their
roles and specific tasks prior to the
implementation date of the plan.
OR
The Transmission Operator provided
the information to all entities but
was more than 30 and less than or
equal to 60 calendar days late in
doing so.

The Transmission Operator failed to
provide three of the entities
identified in its approved restoration
plan with a description of any
changes to their roles and specific
tasks prior to the implementation
date of the plan.
OR
The Transmission Operator provided
the information to all entities but
was more than 60 and less than or
equal to 90 calendar days late in
doing so.

The Transmission Operator failed to
provide four or more of the entities
identified in its approved restoration
plan with a description of any changes
to their roles and specific tasks prior to
the implementation date of the plan.
OR
The Transmission Operator provided
the information to all entities but was
more than 90 calendar days late in
doing so.

R3.

The Transmission Operator
submitted the reviewed restoration
plan or confirmation of no change
within 30 calendar days after the
pre-determined schedule.

The Transmission Operator
submitted the reviewed restoration
plan or confirmation of no change
more than 30 and less than or equal
to 60 calendar days after the predetermined schedule.

The Transmission Operator
submitted the reviewed restoration
plan or confirmation of no change
more than 60 and less than or equal
to 90 calendar days after the predetermined schedule.

The Transmission Operator submitted
the reviewed restoration plan or
confirmation of no change more than
90 calendar days after the predetermined schedule.

R4.

The Transmission Operator failed to
update and submit its restoration
plan to the Reliability Coordinator
within 90 calendar days of an
unplanned change.

The Transmission Operator failed to
update and submit its restoration
plan to the Reliability Coordinator
within more than 90 calendar days
but less than120 calendar days of an
unplanned change.

The Transmission Operator
has failed to update and submit its
restoration plan to the Reliability
Coordinator within more than 120
calendar days but less than 150
calendar days of unplanned change.

The Transmission Operator has failed
to update and submit its restoration
plan to the Reliability Coordinator
within more than 150 calendar days of
an unplanned change.
OR
The Transmission Operator failed to
update and submit its restoration plan

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

Lower VSL

Moderate VSL

High VSL

Severe VSL
to the Reliability Coordinator prior to a
planned BES modification.

R5.

N/A

The Transmission Operator did not
make the latest Reliability Coordinator
approved restoration plan available in
its primary and backup control rooms
prior to its implementation date.

R6.

The Transmission Operator
performed the verification within the
required timeframe but did not
comply with one of the subrequirements.

The Transmission Operator
performed the verification within the
required timeframe but did not
comply with two of the subrequirements.

The Transmission Operator
performed the verification but did
not complete it within the five
calendar year period.

The Transmission Operator did not
perform the verification or it took more
than six calendar years to complete the
verification.
OR
The Transmission Operator performed
the verification within the required
timeframe but did not comply with any
of the sub-requirements.

R7.

N/A

The Transmission Operator did not
implement its restoration plan
following a Disturbance in which
Blackstart Resources have been utilized
in restoring the shut down area of the
BES. Or, if the restoration plan cannot
be executed as expected, the
Transmission Operator did not utilize
its restoration plan strategies to
facilitate restoration.

R8.

N/A

The Transmission Operator
resynchronized without approval of the
Reliability Coordinator or not in
accordance with the established
procedures of the Reliability
Coordinator following a Disturbance in

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

Lower VSL

Moderate VSL

High VSL

Severe VSL
which Blackstart Resources have been
utilized in restoring the shut down area
of the BES to service.

R9.

N/A

The Transmission Operator’s
Blackstart Resource testing
requirements do not address one or
more of the sub-requirements of
Requirement R9.

R10.

The Transmission Operator’s
training does not address one of the
sub-requirements of Requirement
R10.

The Transmission Operator’s
training does not address two of the
sub-requirements of Requirement
R10.

The Transmission Operator’s
training does not address three or
more of the sub-requirements of
Requirement R10.

The Transmission Operator has not
included System restoration training in
its operations training program.

R11.

The Transmission Operator,
applicable Transmission Owner, or
applicable Distribution Provider did
not train less than or equal to 10% of
the personnel required by
Requirement R11 within a two
calendar year period.

The Transmission Operator,
applicable Transmission Owner, or
applicable Distribution Provider did
not train more than 10% and less
than or equal to 25% of the
personnel required by Requirement
R11 within a two calendar year
period.

The Transmission Operator,
applicable Transmission Owner, or
applicable Distribution Provider did
not train more than 25% and less
than or equal to 50% of the
personnel required by Requirement
R11 within a two calendar year
period.

The Transmission Operator, applicable
Transmission Owner, or applicable
Distribution Provider did not train
more than 50 % of the personnel
required by Requirement R11 within a
two calendar year period.

R12.

N/A.

N/A

The Transmission Operator has failed
to comply with a request for their
participation from the Reliability
Coordinator.

R13.

N/A

The Transmission Operator and
Generator Operator with a Blackstart
Resource do not reference Blackstart
Resource Testing requirements in
their written Blackstart Resource
Agreements or mutually agreed
upon procedures or protocols.

N/A

The Transmission Operator and
Generator Operator with a Blackstart
resource do not have a written
Blackstart Resource Agreement or
mutually agreed upon procedure or
protocol.

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

Lower VSL

Moderate VSL

High VSL

Severe VSL

R14.

N/A

The Generator Operator does not have
documented starting and bus energizing
procedures for each Blackstart
Resource.

R15.

The Generator Operator with a
Blackstart Resource did not notify
the Transmission Operator of a
change in Blackstart Resource
capability affecting the ability to
meet the Transmission Operator’s
restoration plan within 24 hours but
did make the notification within 48
hours.

The Generator Operator with a
Blackstart Resource did not notify the
Transmission Operator of a change in
Blackstart Resource capability
affecting the ability to meet the
Transmission Operator’s restoration
plan for more than 96 hours.

R16.

The Generator Operator with a
Blackstart Resource did not maintain
testing records for one of the
requirements for a Blackstart
Resource. Or did not supply the
Blackstart Resource testing records
as requested within 59 calendar
days of the request.

The Generator Operator with a
Blackstart Resource did not maintain
testing records for two of the
requirements for a Blackstart
Resource. Or did not supply the
Blackstart Resource testing records
as requested for 60 days to 89
calendar days after the request.

The Generator Operator with a
Blackstart Resource did not maintain
testing records for three of the
requirements for a Blackstart
Resource. Or did not supply the
Blackstart Resource testing records
as requested for 90 to 119 calendar
days after the request.

The Generator Operator with a
Blackstart Resource did not maintain
testing records for a Blackstart
Resource. Or did not supply the
Blackstart Resource testing records as
requested for 120 days or more after
the request.

R17.

The Generator Operator with a
Blackstart Resource did not train
less than or equal to 10% of the
personnel required by Requirement
R17 within a two calendar year
period.

The Generator Operator with a
Blackstart Resource did not train
more than 10% and less than or
equal to 25% of the personnel
required by Requirement R17 within
a two calendar year period.

The Generator Operator with a
Blackstart Resource did not train
more than 25% and less than or
equal to 50% of the personnel
required by Requirement R17 within
a two calendar year period.

The Generator Operator with a
Blackstart Resource did not train more
than 50% of the personnel required by
Requirement R17 within a two calendar
year period.

R18.

N/A.

N/A

The Generator Operator has failed to
comply with a request for their
participation from the Reliability
Coordinator.

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-005-2 — System Restoration from Blackstart Resources

E. Regional Variances
None.
Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from
Effective Date

Errata

May 2, 2007

Approved by Board of
Trustees

Revised

TBD

Revisions pursuant to
Project 2006-03

Updated testing requirements
Incorporated Attachment 1 into the
requirements
Updated Measures and Compliance to
match new Requirements

August 5, 2009

Adopted by Board of
Trustees

Revised

Adopted by NERC Board of Trustees: August 5, 2009

Standard EOP-009-0— Documentation of Blackstart Generating Unit Test Results
A. Introduction
1.

Title:

Documentation of Blackstart Generating Unit Test Results

Number:

EOP-009-0

Purpose:
A system Blackstart Capability Plan (BCP) is necessary to ensure that the
quantity and location of system blackstart generators are sufficient and that they can perform
their expected functions as specified in overall coordinated Regional System Restoration Plans.

Applicability:
4.1. Generator Operator
4.2. Generator Owner

Effective Date:

April 1, 2005

B. Requirements
R1.

The Generator Operator of each blackstart generating unit shall test the startup and operation of
each system blackstart generating unit identified in the BCP as required in the Regional BCP
(Reliability Standard EOP-007-0_R1). Testing records shall include the dates of the tests, the
duration of the tests, and an indication of whether the tests met Regional BCP requirements.

R2.

The Generator Owner or Generator Operator shall provide documentation of the test results of
the startup and operation of each blackstart generating unit to the Regional Reliability
Organizations and upon request to NERC.

C. Measures
M1. The Generator Operator shall have evidence it provided the test results specified in Reliability
Standard EOP-009-0R1 as specified in Reliability Standard EOP-009-0_R2.
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Compliance Monitor: Regional Reliability Organization.
1.2. Compliance Monitoring Period and Reset Timeframe
Current test results: to the Regional Reliability Organization and upon request to NERC
(30 calendar days).
1.3. Data Retention
None specified.
1.4. Additional Compliance Information
None

Levels of Non-Compliance
2.1. Level 1:
Startup and operation testing of each blackstart generating unit was
performed, but the documentation was incomplete.
2.2. Level 2:

Not applicable.

Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

1 of 2

Standard EOP-009-0— Documentation of Blackstart Generating Unit Test Results
2.3. Level 3:
Startup and operation testing of a blackstart generating unit was only
partially performed.
2.4. Level 4:
Startup and operation testing of each blackstart generating unit was not
performed.
E. Regional Differences
1.

None identified.

Version History
Version
0

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

2 of 2

Standard FAC-002-1 — Coordination of Plans for New Facilities
A.

Introduction
1.

Title:
Facilities

Coordination of Plans For New Generation, Transmission, and End-User

Number:

FAC-002-1

Purpose: To avoid adverse impacts on reliability, Generator Owners and Transmission
Owners and electricity end-users must meet facility connection and performance requirements.

Applicability:

4.1.

Generator Owner

4.2.

Transmission Owner

4.3.

Distribution Provider

4.4.

Load-Serving Entity

4.5.

Transmission Planner

4.6.

Planning Authority

Evaluation of the reliability impact of the new facilities and their connections on the
interconnected transmission systems.

1.2.

Ensurance of compliance with NERC Reliability Standards and applicable Regional,
subregional, Power Pool, and individual system planning criteria and facility
connection requirements.

1.3.

1.4.

1.5.

Documentation that the assessment included study assumptions, system performance,
alternatives considered, and jointly coordinated recommendations.

Adopted by Board of Trustees: August 5, 2010

1 of 2

Compliance
1.

Compliance Monitoring Process
1.1.

Compliance Enforcement Authority
Regional Entity.

1.2.

Compliance Monitoring Period and Reset Timeframe
Not applicable.

1.3.

Compliance Monitoring and Enforcement Processes:
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints

2.
E.

1.4.

Data Retention
Evidence of the assessment of the reliability impacts of new facilities and their
connections on the interconnected transmission systems: Three years.

1.5.

Additional Compliance Information
None

Violation Severity Levels (no changes)

Regional Differences
1.

None identified.

Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

January 13, 2006

Removed duplication of “Regional Reliability
Organizations(s).

Errata

TBD

Modified to address Order No. 693 Directives
contained in paragraph 693.

Revised.

Adopted by Board of Trustees: August 5, 2010

2 of 2

Standard FAC-008-1 — Facility Ratings Methodology

A. Introduction
1.

Title:

Facility Ratings Methodology

Number:

FAC-008-1

Purpose:
To ensure that Facility Ratings used in the reliable planning and operation of the
Bulk Electric System (BES) are determined based on an established methodology or
methodologies.

Applicability
4.1. Transmission Owner
4.2. Generator Owner

Effective Date:

August 7, 2006

B. Requirements
R1.

The Transmission Owner and Generator Owner shall each document its current methodology
used for developing Facility Ratings (Facility Ratings Methodology) of its solely and jointly
owned Facilities. The methodology shall include all of the following:
R1.1.

A statement that a Facility Rating shall equal the most limiting applicable Equipment
Rating of the individual equipment that comprises that Facility.

R1.2.

The method by which the Rating (of major BES equipment that comprises a Facility)
is determined.
R1.2.1. The scope of equipment addressed shall include, but not be limited to,
generators, transmission conductors, transformers, relay protective devices,
terminal equipment, and series and shunt compensation devices.
R1.2.2. The scope of Ratings addressed shall include, as a minimum, both Normal
and Emergency Ratings.

R1.3.

Consideration of the following:
R1.3.1. Ratings provided by equipment manufacturers.
R1.3.2. Design criteria (e.g., including applicable references to industry Rating
practices such as manufacturer’s warranty, IEEE, ANSI or other standards).
R1.3.3. Ambient conditions.
R1.3.4. Operating limitations.
R1.3.5. Other assumptions.

R2.

The Transmission Owner and Generator Owner shall each make its Facility Ratings
Methodology available for inspection and technical review by those Reliability Coordinators,
Transmission Operators, Transmission Planners, and Planning Authorities that have
responsibility for the area in which the associated Facilities are located, within 15 business
days of receipt of a request.

R3.

Adopted by Board of Trustees: February 7, 2006
Effective Date: August 7, 2006

1 of 4

Standard FAC-008-1 — Facility Ratings Methodology

Facility Ratings Methodology and, if no change will be made to that Facility Ratings
Methodology, the reason why.
C. Measures
M1. The Transmission Owner and Generator Owner shall each have a documented Facility Ratings
Methodology that includes all of the items identified in FAC-008 Requirement 1.1 through
FAC-008 Requirement 1.3.5.
M2. The Transmission Owner and Generator Owner shall each have evidence it made its Facility
Ratings Methodology available for inspection within 15 business days of a request as follows:
M2.1

The Reliability Coordinator shall have access to the Facility Ratings Methodologies
used for Rating Facilities in its Reliability Coordinator Area.

M2.2

The Transmission Operator shall have access to the Facility Ratings Methodologies
used for Rating Facilities in its portion of the Reliability Coordinator Area.

M2.3

The Transmission Planner shall have access to the Facility Ratings Methodologies
used for Rating Facilities in its Transmission Planning Area.

M2.4

The Planning Authority shall have access to the Facility Ratings Methodologies used
for Rating Facilities in its Planning Authority Area.

M3. If the Reliability Coordinator, Transmission Operator, Transmission Planner, or Planning
Authority provides documented comments on its technical review of a Transmission Owner’s
or Generator Owner’s Facility Ratings Methodology, the Transmission Owner or Generator
Owner shall have evidence that it provided a written response to that commenting entity within
45 calendar days of receipt of those comments. The response shall indicate whether a change
will be made to the Facility Ratings Methodology and, if no change will be made to that
Facility Ratings Methodology, the reason why.
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Regional Reliability Organization
1.2. Compliance Monitoring Period and Reset Time Frame
Each Transmission Owner and Generator Owner shall self-certify its compliance to the
Compliance Monitor at least once every three years. New Transmission Owners and
Generator Owners shall each demonstrate compliance through an on-site audit conducted
by the Compliance Monitor within the first year that it commences operation. The
Compliance Monitor shall also conduct an on-site audit once every nine years and an
investigation upon complaint to assess performance.
The Performance-Reset Period shall be 12 months from the last finding of noncompliance.
1.3. Data Retention
The Transmission Owner and Generator Owner shall each keep all superseded portions of
its Facility Ratings Methodology for 12 months beyond the date of the change in that
methodology and shall keep all documented comments on the Facility Ratings
Methodology and associated responses for three years. In addition, entities found noncompliant shall keep information related to the non-compliance until found compliant.

Adopted by Board of Trustees: February 7, 2006
Effective Date: August 7, 2006

2 of 4

Standard FAC-008-1 — Facility Ratings Methodology

The Compliance Monitor shall keep the last audit and all subsequent compliance records.
1.4. Additional Compliance Information
The Transmission Owner and Generator Owner shall each make the following available
for inspection during an on-site audit by the Compliance Monitor or within 15 business
days of a request as part of an investigation upon complaint:

1.4.1

Facility Ratings Methodology

1.4.2

Superseded portions of its Facility Ratings Methodology that had been replaced,
changed or revised within the past 12 months

1.4.3

Documented comments provided by a Reliability Coordinator, Transmission
Operator, Transmission Planner or Planning Authority on its technical review of
a Transmission Owner’s or Generator Owner’s Facility Ratings methodology,
and the associated responses

Levels of Non-Compliance
2.1. Level 1:
exists:

There shall be a level one non-compliance if any of the following conditions

2.1.1

The Facility Ratings Methodology does not contain a statement that a Facility
Rating shall equal the most limiting applicable Equipment Rating of the
individual equipment that comprises that Facility.

2.1.2

The Facility Ratings Methodology does not address one of the required
equipment types identified in FAC-008 R1.2.1.

2.1.3

No evidence of responses to a Reliability Coordinator’s, Transmission Operator,
Transmission Planner, or Planning Authority’s comments on the Facility Ratings
Methodology.

2.2. Level 2:
The Facility Ratings Methodology is missing the assumptions used to
determine Facility Ratings or does not address two of the required equipment types
identified in FAC-008 R1.2.1.
2.3. Level 3:
The Facility Ratings Methodology does not address three of the required
equipment types identified in FAC-008-1 R1.2.1.
2.4. Level 4:
The Facility Ratings Methodology does not address both Normal and
Emergency Ratings or the Facility Ratings Methodology was not made available for
inspection within 15 business days of receipt of a request.
E. Regional Differences
None Identified.
Version History
Version
1

Date

Action

Change Tracking

01/01/05

01/20/05

Lower cased the word “draft” and
“drafting team” where appropriate.
Changed incorrect use of certain
hyphens (-) to “en dash” (–) and “em
dash (—).”
Changed “Timeframe” to “Time

Adopted by Board of Trustees: February 7, 2006
Effective Date: August 7, 2006

3 of 4

Standard FAC-008-1 — Facility Ratings Methodology

Frame” and “twelve” to “12” in item
D, 1.2.

Adopted by Board of Trustees: February 7, 2006
Effective Date: August 7, 2006

4 of 4

Standard FAC-008-3 — Facility Ratings

A. Introduction

Title:

Facility Ratings

Number:

FAC-008-3

Applicability
4.1. Transmission Owner.
4.2. Generator Owner.

B. Requirements
R1.

•

Operational information such as commissioning test results, performance
testing or historical performance records, any of which may be supplemented
by engineering analyses.

The methodology used to establish the Ratings of the equipment that comprises the
Facility(ies) shall be consistent with at least one of the following:
•

Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications such as nameplate rating.

Page 1 of 10

Standard FAC-008-3 — Facility Ratings

2.2.

R3.

•

One or more industry standards developed through an open process such as
Institute of Electrical and Electronic Engineers (IEEE) or International
Council on Large Electric Systems (CIGRE).

•

A practice that has been verified by testing, performance history or
engineering analysis.

Equipment Rating standard(s) used in development of this methodology.

2.2.2.

Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications.

2.2.3.

Ambient conditions (for particular or average conditions or as they vary in
real-time).

2.2.4.

Operating limitations. 1

2.3.

A statement that a Facility Rating shall respect the most limiting applicable
Equipment Rating of the individual equipment that comprises that Facility.

2.4.

The process by which the Rating of equipment that comprises a Facility is determined.
2.4.1.

The scope of equipment addressed shall include, but not be limited to,
conductors, transformers, relay protective devices, terminal equipment, and
series and shunt compensation devices.

2.4.2.

The scope of Ratings addressed shall include, as a minimum, both Normal
and Emergency Ratings.

3.2.

The methodology used to establish the Ratings of the equipment that comprises the
Facility shall be consistent with at least one of the following:
•

Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications such as nameplate rating.

•

One or more industry standards developed through an open process such as
Institute of Electrical and Electronics Engineers (IEEE) or International
Council on Large Electric Systems (CIGRE).

•

A practice that has been verified by testing, performance history or
engineering analysis.

Equipment Rating standard(s) used in development of this methodology.

Such as temporary de-ratings of impaired equipment in accordance with good utility practice.
Page 2 of 10

Standard FAC-008-3 — Facility Ratings

3.2.2.

Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications.

3.2.3.

Ambient conditions (for particular or average conditions or as they vary in
real-time).

3.2.4.

Operating limitations. 2

3.3.

A statement that a Facility Rating shall respect the most limiting applicable
Equipment Rating of the individual equipment that comprises that Facility.

3.4.

The process by which the Rating of equipment that comprises a Facility is determined.
3.4.1.

The scope of equipment addressed shall include, but not be limited to,
transmission conductors, transformers, relay protective devices, terminal
equipment, and series and shunt compensation devices.

3.4.2.

The scope of Ratings addressed shall include, as a minimum, both Normal
and Emergency Ratings.

R4.

R5.

R6.

R7.

R8.

Such as temporary de-ratings of impaired equipment in accordance with good utility practice.
Page 3 of 10

Standard FAC-008-3 — Facility Ratings

8.1.

8.2.

As scheduled by the requesting entities:
8.1.1.

Facility Ratings

8.1.2.

Identity of the most limiting equipment of the Facilities

Identity of the existing next most limiting equipment of the Facility

8.2.2.

The Thermal Rating for the next most limiting equipment identified in
Requirement R8, Part 8.2.1.

C. Measures
M1. Each Generator Owner shall have documentation that shows how its Facility Ratings were
determined as identified in Requirement 1.
M2. Each Generator Owner shall have a documented Facility Ratings methodology that includes all
of the items identified in Requirement 2, Parts 2.1 through 2.4.
M3. Each Transmission Owner shall have a documented Facility Ratings methodology that includes
all of the items identified in Requirement 3, Parts 3.1 through 3.4.
M4. Each Transmission Owner shall have evidence, such as a copy of a dated electronic note, or
other comparable evidence to show that it made its Facility Ratings methodology available for
inspection within 21 calendar days of a request in accordance with Requirement 4. The
Generator Owner shall have evidence, such as a copy of a dated electronic note, or other
comparable evidence to show that it made its documentation for determining its Facility
Ratings or its Facility Ratings methodology available for inspection within 21 calendar days of
a request in accordance with Requirement R4.
M5. If the Reliability Coordinator, Transmission Operator, Transmission Planner or Planning
Coordinator provides documented comments on its technical review of a Transmission
Owner’s or Generator Owner’s Facility Ratings methodology or a Generator Owner’s
documentation for determining its Facility Ratings, the Transmission Owner or Generator
Owner shall have evidence, (such as a copy of a dated electronic or hard copy note, or other
comparable evidence from the Transmission Owner or Generator Owner addressed to the
commenter that includes the response to the comment,) that it provided a response to that
commenting entity in accordance with Requirement R5.
M6. Each Transmission Owner and Generator Owner shall have evidence to show that its Facility
Ratings are consistent with the documentation for determining its Facility Ratings as specified
in Requirement R1 or consistent with its Facility Ratings methodology as specified in
Requirements R2 and R3 (Requirement R6).
M7. Each Generator Owner shall have evidence, such as a copy of a dated electronic note, or other
comparable evidence to show that it provided its Facility Ratings to its associated Reliability
Coordinator(s), Planning Coordinator(s), Transmission Planner(s), Transmission Owner(s) and
Transmission Operator(s) in accordance with Requirement R7.
M8. Each Transmission Owner (and Generator Owner subject to Requirement R2) shall have
evidence, such as a copy of a dated electronic note, or other comparable evidence to show that
it provided its Facility Ratings and identity of limiting equipment to its associated Reliability
Page 4 of 10

Standard FAC-008-3 — Facility Ratings

Coordinator(s), Planning Coordinator(s), Transmission Planner(s), Transmission Owner(s) and
Transmission Operator(s) in accordance with Requirement R8.
D. Compliance

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
Regional Entity
1.2. Compliance Monitoring and Enforcement Processes:

•

Self-Certifications

•

Spot Checking

•

Compliance Audits

•

Self-Reporting

•

Compliance Violation Investigations

•

Complaints

1.3. Data Retention
The Generator Owner shall keep its current documentation (for R1) and any
modifications to the documentation that were in force since last compliance audit
period for Measure M1 and Measure M6.
The Generator Owner shall keep its current, in force Facility Ratings methodology
(for R2) and any modifications to the methodology that were in force since last
compliance audit period for Measure M2 and Measure M6.
The Transmission Owner shall keep its current, in force Facility Ratings
methodology (for R3) and any modifications to the methodology that were in force
since the last compliance audit for Measure M3 and Measure M6.
The Transmission Owner and Generator Owner shall keep its current, in force
Facility Ratings and any changes to those ratings for three calendar years for Measure
M6.
The Generator Owner and Transmission Owner shall each keep evidence for Measure
M4, and Measure M5, for three calendar years.
The Generator Owner shall keep evidence for Measure M7 for three calendar years.
The Transmission Owner (and Generator Owner that is subject to Requirement R2)
shall keep evidence for Measure M8 for three calendar years.
If a Generator Owner or Transmission Owner is found non-compliant, it shall keep
information related to the non-compliance until found compliant.
The Compliance Enforcement Authority shall keep the last audit and all subsequent
compliance records.
1.4. Additional Compliance Information
None

Page 5 of 10

Standard FAC-008-3 — Facility Ratings

Violation Severity Levels
R#

Lower VSL

Moderate VSL

N/A

•

The Generator Owner failed to
include in its Facility Rating
methodology one of the following
Parts of Requirement R2:
•

High VSL

Severe VSL

The Generator Owner’s Facility
Rating documentation did not
address Requirement R1, Part 1.2.

The Generator Owner failed to
provide documentation for
determining its Facility Ratings.

The Generator Owner failed to
include in its Facility Rating
methodology two of the following
Parts of Requirement R2:

The Generator Owner’s Facility
Rating methodology did not
address all the components of
Requirement R2, Part 2.4.

2.1.

•

2.1

The Generator Owner’s Facility
Rating methodology failed to
recognize a facility's rating based
on the most limiting component
rating as required in Requirement
R2, Part 2.3

•

2.2.1

•

2.2.1

•

2.2.2

•

2.2.2

•

2.2.3

•

2.2.3

The Generator Owner failed to
include in its Facility Rating
Methodology, three of the
following Parts of Requirement R2:

•

2.2.4

•

2.2.4

•

2.1.

The Generator Owner failed to
include in its Facility Rating
Methodology four or more of the
following Parts of Requirement R2:

•

2.2.1

•

2.1

•

2.2.2

•

2.2.1

•

2.2.3

•

2.2.2

•

2.2.4

•

2.2.3

•

2.2.4

The Generator Owner’s
Facility Rating documentation
did not address Requirement
R1, Part 1.1.

The Transmission Owner failed to
include in its Facility Rating
methodology one of the following
Parts of Requirement R3:

The Transmission Owner failed to
include in its Facility Rating
methodology two of the following
Parts of Requirement R3:

The Transmission Owner’s Facility
Rating methodology did not
address either of the following
Parts of Requirement R3:

•

3.1

•

3.1

•

3.4.1

The Transmission Owner’s Facility
Rating methodology failed to
recognize a Facility's rating based
on the most limiting component
rating as required in Requirement
R3, Part 3.3

•

3.2.1

•

3.2.1

•

3.4.2

Page 6 of 10

Standard FAC-008-3 — Facility Ratings

Lower VSL

Moderate VSL

High VSL

•

3.2.2

•

3.2.2

•

3.2.3

•

3.2.3

•

3.2.4

•

3.2.4

The Transmission Owner failed to
include in its Facility Rating
methodology three of the following
Parts of Requirement R3:

Severe VSL
The Transmission Owner failed to
include in its Facility Rating
methodology four or more of the
following Parts of Requirement R3:
•

3.1

•

3.1

•

3.2.1

•

3.2.1

•

3.2.2

•

3.2.2

•

3.2.3

•

3.2.3

•

3.2.4

•

3.2.4

The responsible entity made its
Facility Ratings methodology or
Facility Ratings documentation
available within more than 21
calendar days but less than or equal
to 31 calendar days after a request.

The responsible entity made its
Facility Ratings methodology or
Facility Ratings documentation
available within more than 31
calendar days but less than or equal
to 41 calendar days after a request.

The responsible entity made its
Facility Rating methodology or
Facility Ratings documentation
available within more than 41
calendar days but less than or equal
to 51 calendar days after a request.

The responsible entity failed to
make its Facility Ratings
methodology or Facility Ratings
documentation available in more
than 51 calendar days after a
request. (R3)

The responsible entity provided a
response in more than 45 calendar
days but less than or equal to 60
calendar days after a request. (R5)

The responsible entity provided a
response in more than 60 calendar
days but less than or equal to 70
calendar days after a request.

The responsible entity provided a
response in more than 70 calendar
days but less than or equal to 80
calendar days after a request.

The responsible entity failed to
provide a response as required in
more than 80 calendar days after
the comments were received. (R5)

Page 7 of 10

Standard FAC-008-3 — Facility Ratings

Lower VSL

Moderate VSL

High VSL

Severe VSL

The responsible entity failed to
establish Facility Ratings consistent
with the associated Facility Ratings
methodology or documentation for
determining the Facility Ratings for
5% or less of its solely owned and
jointly owned Facilities. (R6)

The responsible entity failed to
establish Facility Ratings consistent
with the associated Facility Ratings
methodology or documentation for
determining the Facility Ratings for
more than 5% or more, but less
than up to (and including) 10% of
its solely owned and jointly owned
Facilities. (R6)

The responsible entity failed to
establish Facility Ratings consistent
with the associated Facility Ratings
methodology or documentation for
determining the Facility Ratings for
more than 10% up to (and
including) 15% of its solely owned
and jointly owned Facilities. (R6)

The responsible entity failed to
establish Facility Ratings consistent
with the associated Facility Ratings
methodology or documentation for
determining the Facility Ratings for
more than15% of its solely owned
and jointly owned Facilities. (R6)

The Generator Owner provided its
Facility Ratings to all of the
requesting entities but missed
meeting the schedules by up to and
including 15 calendar days.

The Generator Owner provided its
Facility Ratings to all of the
requesting entities but missed
meeting the schedules by more than
15 calendar days but less than or
equal to 25 calendar days.

The Generator Owner provided its
Facility Ratings to all of the
requesting entities but missed
meeting the schedules by more than
25 calendar days but less than or
equal to 35 calendar days.

The responsible entity provided less
than 95%, but not less than or equal
to 90% of the required Rating
information to all of the requesting
entities. (R8, Part 8.1)

The responsible entity provided less
than 90%, but not less than or equal
to 85% of the required Rating
information to all of the requesting
entities. (R8, Part 8.1)

Standard FAC-008-3 — Facility Ratings

Lower VSL

Moderate VSL

High VSL

required Rating information to the
requesting entity, but the
information was provided up to and
including 15 calendar days late.
(R8, Part 8.2)

The responsible entity provided the
required Rating information to the
requesting entity, but did so more
15 calendar days but less than or
equal to 25 calendar days late. (R8,
Part 8.2)

The responsible entity provided the
required Rating information to the
requesting entity, but did so more
than 25 calendar days but less than
or equal to 35 calendar days late.
(R8, Part 8.2)

The responsible entity provided less
than 95%, but not less than or equal
to 90% of the required Rating
information to the requesting entity.
(R8, Part 8.2)

The responsible entity provided less
than 90%, but no less than or equal
to 85% of the required Rating
information to the requesting entity.
(R8, Part 8.2)

OR
The responsible entity provided less
than 100%, but not less than or
equal to 95% of the required Rating
information to the requesting entity.
(R8, Part 8.2)

Page 9 of 10

Standard FAC-008-3 — Facility Ratings

E. Regional Variances
None.
F. Associated Documents
Version History
Version

Date

Action

Change Tracking

Feb 7, 2006

Approved by Board of
Trustees

New

Mar 16, 2007

Approved by FERC

New

May 12, 2010

Approved by Board of
Trustees

Complete Revision, merging
FAC_008-1 and FAC-009-1
under Project 2009-06 and
address directives from Order
693

May 24, 2011

Addition of Requirement R8

Project 2009-06 Expansion to
address third directive from
Order 693

May 24, 2011

Adopted by NERC Board of
Trustees

November 17,
2011

FERC Order issued approving
FAC-008-3

May 17, 2012

FERC Order issued directing
the VRF for Requirement R2
be changed from “Lower” to
“Medium”

Page 10 of 10

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term
Tra n s m is s io n Pla n n in g Ho rizo n

A. Introduction
1.

Title:
Assessment of Transfer Capability for the Near-Term Transmission
Planning Horizon

Number:

Applicability:

FAC-013-2

4.1. Planning Coordinators
5.

Page 1 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term
Tra n s m is s io n Pla n n in g Ho rizo n

1.4.5. Parallel path (loop flow) adjustments.
1.4.6. Contingencies
1.4.7. Monitored Facilities.
1.5. A description of how simulations of transfers are performed through the
adjustment of generation, Load or both.
R2. Each Planning Coordinator shall issue its Transfer Capability methodology, and any
revisions to the Transfer Capability methodology, to the following entities subject to
the following: [Violation Risk Factor: Lower] [Time Horizon: Long-term Planning]
2.1. Distribute to the following prior to the effectiveness of such revisions:
2.1.1. Each Planning Coordinator adjacent to the Planning Coordinator’s
Planning Coordinator area or overlapping the Planning Coordinator’s area.
2.1.2. Each Transmission Planner within the Planning Coordinator’s Planning
Coordinator area.
2.2. Distribute to each functional entity that has a reliability-related need for the
Transfer Capability methodology and submits a request for that methodology
within 30 calendar days of receiving that written request.
R3. If a recipient of the Transfer Capability methodology provides documented concerns
with the methodology, the Planning Coordinator shall provide a documented response
to that recipient within 45 calendar days of receipt of those comments. The response
shall indicate whether a change will be made to the Transfer Capability methodology
and, if no change will be made to that Transfer Capability methodology, the reason
why. [Violation Risk Factor: Lower][Time Horizon: Long-term Planning]
R4. During each calendar year, each Planning Coordinator shall conduct simulations and
document an assessment based on those simulations in accordance with its Transfer
Capability methodology for at least one year in the Near-Term Transmission Planning
Horizon. [Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
R5. Each Planning Coordinator shall make the documented Transfer Capability assessment
results available within 45 calendar days of the completion of the assessment to the
recipients of its Transfer Capability methodology pursuant to Requirement R2, Parts
2.1 and Part 2.2. However, if a functional entity that has a reliability related need for
the results of the annual assessment of the Transfer Capabilities makes a written
request for such an assessment after the completion of the assessment, the Planning
Coordinator shall make the documented Transfer Capability assessment results
available to that entity within 45 calendar days of receipt of the request [Violation Risk
Factor: Lower] [Time Horizon: Long-term Planning]
R6. If a recipient of a documented Transfer Capability assessment requests data to support
the assessment results, the Planning Coordinator shall provide such data to that entity
within 45 calendar days of receipt of the request. The provision of such data shall be
subject to the legal and regulatory obligations of the Planning Coordinator’s area
regarding the disclosure of confidential and/or sensitive information. [Violation Risk
Factor: Lower] [Time Horizon: Long-term Planning]

Page 2 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term
Tra n s m is s io n Pla n n in g Ho rizo n

C. Measures
M1. Each Planning Coordinator shall have a Transfer Capability methodology that includes
the information specified in Requirement R1.
M2. Each Planning Coordinator shall have evidence such as dated e-mail or dated
transmittal letters that it provided the new or revised Transfer Capability methodology
in accordance with Requirement R2
M3. Each Planning Coordinator shall have evidence, such as dated e-mail or dated
transmittal letters, that the Planning Coordinator provided a written response to that
commenter in accordance with Requirement R3.
M4. Each Planning Coordinator shall have evidence such as dated assessment results, that it
conducted and documented a Transfer Capability assessment in accordance with
Requirement R4.
M5. Each Planning Coordinator shall have evidence, such as dated copies of e-mails or
transmittal letters, that it made its documented Transfer Capability assessment
available to the entities in accordance with Requirement R5.
M6. Each Planning Coordinator shall have evidence, such as dated copies of e-mails or
transmittal letters, that it made its documented Transfer Capability assessment data
available in accordance with Requirement R6.
D. Compliance
1.

•

The Planning Coordinator shall retain evidence since its last compliance audit
to show compliance with Requirement R2.

•

The Planning Coordinator shall retain evidence to show compliance with
Requirements R3, R4, R5 and R6 for the most recent assessment.

•

If a Planning Coordinator is found non-compliant, it shall keep information
related to the non-compliance until found compliant or for the time periods
specified above, whichever is longer.

The Compliance Enforcement Authority shall keep the last audit records and all
requested and submitted subsequent audit records.
Page 3 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term
Tra n s m is s io n Pla n n in g Ho rizo n

Page 4 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term Tra n s m is s io n Pla n n in g Ho rizo n

2.
R#
R1

Violation Severity Levels
Lower VSL
The Planning Coordinator has a
Transfer Capability methodology
but failed to address one or two
of the items listed in
Requirement R1, Part 1.4.

Moderate VSL
The Planning Coordinator has a
Transfer Capability
methodology, but failed to
incorporate one of the following
Parts of Requirement R1 into
that methodology:
•
•
•
•

Part
Part
Part
Part

High VSL
The Planning Coordinator has a
Transfer Capability
methodology, but failed to
incorporate two of the following
Parts of Requirement R1 into
that methodology:

1.1
1.2
1.3
1.5

•
•
•
•

Part
Part
Part
Part

1.1
1.2
1.3
1.5

The Planning Coordinator has a
Transfer Capability methodology
but failed to address three of the
items listed in Requirement R1,
Part 1.4.

The Planning Coordinator has a
Transfer Capability methodology
but failed to address four of the
items listed in Requirement R1,
Part 1.4.

Part
Part
Part
Part

1.1
1.2
1.3
1.5

OR
The Planning Coordinator has a
Transfer Capability methodology
but failed to address more than
four of the items listed in
Requirement R1, Part 1.4.

Page 5 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term Tra n s m is s io n Pla n n in g Ho rizo n
R2

The Planning Coordinator
notified one or more of the
parties specified in Requirement
R2 of a new or revised Transfer
Capability methodology after its
implementation, but not more
than 30 calendar days after its
implementation.
OR
The Planning Coordinator
provided the transfer Capability
methodology more than 30
calendar days but not more than
60 calendar days after the
receipt of a request.

The Planning Coordinator
provided a documented
response to a documented
concern with its Transfer
Capability methodology as
required in Requirement R3
more than 45 calendar days, but
not more than 60 calendar days
after receipt of the concern.

The Planning Coordinator
notified one or more of the
parties specified in Requirement
R2 of a new or revised Transfer
Capability methodology more
than 30 calendar days after its
implementation, but not more
than 60 calendar days after its
implementation.
OR
The Planning Coordinator
provided the Transfer Capability
methodology more than 60
calendar days but not more than
90 calendar days after receipt of
a request
The Planning Coordinator
provided a documented
response to a documented
concern with its Transfer
Capability methodology as
required in Requirement R3
more than 60 calendar days, but
not more than 75 calendar days
after receipt of the concern.

The Planning Coordinator
notified one or more of the
parties specified in Requirement
R2 of a new or revised Transfer
Capability methodology more
than 60 calendar days, but not
more than 90 calendar days
after its implementation.
OR
The Planning Coordinator
provided the Transfer Capability
methodology more than 90
calendar days but not more than
120 calendar days after receipt
of a request.

The Planning Coordinator
provided a documented
response to a documented
concern with its Transfer
Capability methodology as
required in Requirement R3
more than 75 calendar days, but
not more than 90 calendar days
after receipt of the concern.

The Planning Coordinator failed
to notify one or more of the
parties specified in Requirement
R2 of a new or revised Transfer
Capability methodology more
than 90 calendar days after its
implementation.
OR
The Planning Coordinator
provided the Transfer Capability
methodology more than 120
calendar days after receipt of a
request.

The Planning Coordinator failed
to provide a documented
response to a documented
concern with its Transfer
Capability methodology as
required in Requirement R3 by
more than 90 calendar days
after receipt of the concern.
OR
The Planning Coordinator failed
to respond to a documented
concern with its Transfer
Capability methodology.

Page 6 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term Tra n s m is s io n Pla n n in g Ho rizo n

R4.

The Planning Coordinator
conducted a Transfer Capability
assessment outside the
calendar year, but not by more
than 30 calendar days.

The Planning Coordinator
conducted a Transfer Capability
assessment outside the
calendar year, by more than 30
calendar days, but not by more
than 60 calendar days.

The Planning Coordinator
conducted a Transfer Capability
assessment outside the
calendar year, by more than 60
calendar days, but not by more
than 90 calendar days.

Page 7 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term Tra n s m is s io n Pla n n in g Ho rizo n

The Planning Coordinator made
its documented Transfer
Capability assessment available
to one or more of the recipients
of its Transfer Capability
methodology more than 45
calendar days after the
requirements of R5,, but not
more than 60 calendar days
after completion of the
assessment.

The Planning Coordinator made
its Transfer Capability
assessment available to one or
more of the recipients of its
Transfer Capability methodology
more than 60 calendar days
after the requirements of R5, but
not more than 75 calendar days
after completion of the
assessment.

The Planning Coordinator made
its Transfer Capability
assessment available to one or
more of the recipients of its
Transfer Capability methodology
more than 75 calendar days
after the requirements of R5, but
not more than 90 days after
completion of the assessment.

The Planning Coordinator
provided the requested data as
required in Requirement R6
more than 90 after the receipt of
the request for data.
OR
The Planning Coordinator failed
to provide the requested data as
required in Requirement R6.

Page 8 of 9

S ta n d a rd FAC-013-2 — As s e s s m e n t o f Tra n s fer Ca p a b ility fo r th e Ne a r-term
Tra n s m is s io n Pla n n in g Ho rizo n

E. Regional Variances
None.
F. Associated Documents
Version History
Version

Date

Action

Change Tracking

08/01/05

01/20/05

01/24/11

Approved by BOT

11/17/11

FERC Order issued approving FAC-013-2

5/17/12

FERC Order issued directing the VRF’s for
Requirements R1. and R4. be changed from
“Lower” to “Medium.”
FERC Order issued correcting the High and
Severe VSL language for R1.

Page 9 of 9

Standard INT-007-1 — Interchange Confirmation

A. Introduction
1.

Title:

Interchange Confirmation

Number:

INT-007-1

Purpose:
To ensure that each Arranged Interchange is checked for reliability before it is
implemented.

Applicability
4.1. Interchange Authority.

Effective Date:

January 1, 2007

B. Requirements
R1.

The Interchange Authority shall verify that Arranged Interchange is balanced and valid prior to
transitioning Arranged Interchange to Confirmed Interchange by verifying the following:
R1.1.

Source Balancing Authority megawatts equal sink Balancing Authority megawatts
(adjusted for losses, if appropriate).

R1.2.

All reliability entities involved in the Arranged Interchange are currently in the NERC
registry.

R1.3.

The following are defined:
R1.3.1. Generation source and load sink.
R1.3.2. Megawatt profile.
R1.3.3. Ramp start and stop times.
R1.3.4. Interchange duration.

R1.4.

Each Balancing Authority and Transmission Service Provider that received the
Arranged Interchange information from the Interchange Authority for reliability
assessment has provided approval.

Adopted by Board of Trustees: May 2, 2006
Effective Date: January 1, 2007

Page 1 of 3

Standard INT-007-1 — Interchange Confirmation

Verified by audit at least once every three years.

1.4.2

Verified by spot checks in years between audits.

1.4.3

Verified by annual audits of noncompliant Interchange Authorities, until
compliance is demonstrated.

1.4.4

Verified at any time as the result of a complaint. Complaints must be lodged
within 60 days of the incident. Complaints will be evaluated by the Compliance
Monitor.

Each Interchange Authority shall make the following available for inspection by the
Compliance Monitor upon request:

1.4.5

1.4.6

Levels of Non-Compliance
2.1. Level 1:
in R1.

One occurrence1 where Interchange-related data was not verified as defined

2.2. Level 2:
in R1.

Two occurrences where Interchange-related data was not verified as defined

This does not include instances of not verifying due to extenuating circumstances approved by the Compliance
Monitor.
Adopted by Board of Trustees: May 2, 2006
Effective Date: January 1, 2007

Page 2 of 3

Standard INT-007-1 — Interchange Confirmation

Version History
Version

Date

Action

Adopted by Board of Trustees: May 2, 2006
Effective Date: January 1, 2007

Change Tracking

Page 3 of 3

Standard IRO-016-1 — Coordination of Real-time Activities Between Reliability Coordinators

A. Introduction
1.

Title:

Coordination of Real-time Activities Between Reliability Coordinators

Number:

IRO-016-1

Applicability
4.1. Reliability Coordinator

Effective Date:

November 1, 2006

B. Requirements
R1.

R1.2.

R1.3.
R2.

If the involved Reliability Coordinators cannot agree on the solution, the more
conservative solution shall be implemented.

The Reliability Coordinator shall document (via operator logs or other data sources) its actions
taken for either the event or for the disagreement on the problem(s) or for both.

Adopted by Board of Trustees: February 7, 2006
Effective Date: November 1, 2006

1 of 3

Standard IRO-016-1 — Coordination of Real-time Activities Between Reliability Coordinators

Evidence (operator log or other data source) to show coordination with other
Reliability Coordinators.

Not applicable.

2.3. Level 3:

Not applicable.

Date

Action

Change Tracking

Version 1

August 10, 2005

01/20/06

Changed incorrect use of certain hyphens (-)
to “en dash (–).”
Hyphenated “30-day” and “Reliability
Coordinator-to-Reliability Coordinator”
when used as adjective.

Adopted by Board of Trustees: February 7, 2006
Effective Date: November 1, 2006

2 of 3

Standard IRO-016-1 — Coordination of Real-time Activities Between Reliability Coordinators

Adopted by Board of Trustees: February 7, 2006
Effective Date: November 1, 2006

3 of 3

Standard MOD-004-1 — Capacity Benefit Margin

A. Introduction
1.

Title:

Capacity Benefit Margin

Number:

MOD-004-1

Purpose: To promote the consistent and reliable calculation, verification,
preservation, and use of Capacity Benefit Margin (CBM) to support analysis and
system operations.

Applicability:
4.1. Load-Serving Entities.
4.2. Resource Planners.
4.3. Transmission Service Providers.
4.4. Balancing Authorities.
4.5. Transmission Planners, when their associated Transmission Service Provider has
elected to maintain CBM.

Effective Date:
First day of the first calendar quarter that is twelve months beyond
the date that this standard is approved by applicable regulatory authorities, or in those
jurisdictions where regulatory approval is not required, the standard becomes effective
on the first day of the first calendar quarter that is twelve months beyond the date this
standard is approved by the NERC Board of Trustees.

B. Requirements
R1. The Transmission Service Provider that maintains CBM shall prepare and keep current

a “Capacity Benefit Margin Implementation Document” (CBMID) that includes, at a
minimum, the following information: [Violation Risk Factor: Lower] [Time Horizon:
Operations Planning, Long-term Planning]
R1.1.

The process through which a Load-Serving Entity within a Balancing Authority
Area associated with the Transmission Service Provider, or the Resource
Planner associated with that Balancing Authority Area, may ensure that its need
for Transmission capacity to be set aside as CBM will be reviewed and
accommodated by the Transmission Service Provider to the extent Transmission
capacity is available.

R1.2.

The procedure and assumptions for establishing CBM for each Available
Transfer Capability (ATC) Path or Flowgate.

R1.3.

The procedure for a Load-Serving Entity or Balancing Authority to use
Transmission capacity set aside as CBM, including the manner in which the
Transmission Service Provider will manage situations where the requested use
of CBM exceeds the amount of CBM available.

R2. The Transmission Service Provider that maintains CBM shall make available its current

CBMID to the Transmission Operators, Transmission Service Providers, Reliability
Coordinators, Transmission Planners, Resource Planners, and Planning Coordinators
that are within or adjacent to the Transmission Service Provider’s area, and to the Load
Serving Entities and Balancing Authorities within the Transmission Service Provider’s
Adopted by NERC Board of Trustees: November 13, 2008

Page 1 of 13

Standard MOD-004-1 — Capacity Benefit Margin

area, and notify those entities of any changes to the CBMID prior to the effective date
of the change. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]
R3. Each Load-Serving Entity determining the need for Transmission capacity to be set

aside as CBM for imports into a Balancing Authority Area shall determine that need
by: [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]
R3.1.

R3.2.

Using one or more of the following to determine the GCIR:


Loss of Load Expectation (LOLE) studies



Loss of Load Probability (LOLP) studies



Deterministic risk-analysis studies



Reserve margin or resource adequacy requirements established by other
entities, such as municipalities, state commissions, regional transmission
organizations, independent system operators, Regional Reliability
Organizations, or regional entities

Identifying expected import path(s) or source region(s).

R4. Each Resource Planner determining the need for Transmission capacity to be set aside

as CBM for imports into a Balancing Authority Area shall determine that need by:
[Violation Risk Factor: Lower] [Time Horizon: Operations Planning]
R4.1.

R4.2.

Using one or more of the following to determine the GCIR:


Loss of Load Expectation (LOLE) studies



Loss of Load Probability (LOLP) studies



Deterministic risk-analysis studies



Identifying expected import path(s) or source region(s).

R5. At least every 13 months, the Transmission Service Provider that maintains CBM shall

establish a CBM value for each ATC Path or Flowgate to be used for ATC or Available
Flowgate Capability (AFC) calculations during the 13 full calendar months (months 214) following the current month (the month in which the Transmission Service Provider
is establishing the CBM values). This value shall: [Violation Risk Factor: Lower]
[Time Horizon: Operations Planning]
R5.1.

Reflect consideration of each of the following if available:


Any studies (as described in R3.1) performed by Load-Serving Entities for
loads within the Transmission Service Provider’s area



Any studies (as described in R4.1) performed by Resource Planners for
loads within the Transmission Service Provider’s area

Adopted by NERC Board of Trustees: November 13, 2008

Page 2 of 13

Standard MOD-004-1 — Capacity Benefit Margin


R5.2.

Any reserve margin or resource adequacy requirements for loads within the
Transmission Service Provider’s area established by other entities, such as
municipalities, state commissions, regional transmission organizations,
independent system operators, Regional Reliability Organizations, or
regional entities

Be allocated as follows:


For ATC Paths, based on the expected import paths or source regions
provided by Load-Serving Entities or Resource Planners



For Flowgates, based on the expected import paths or source regions
provided by Load-Serving Entities or Resource Planners and the
distribution factors associated with those paths or regions, as determined
by the Transmission Service Provider

R6. At least every 13 months, the Transmission Planner shall establish a CBM value for

each ATC Path or Flowgate to be used in planning during each of the full calendar
years two through ten following the current year (the year in which the Transmission
Planner is establishing the CBM values). This value shall: [Violation Risk Factor:
Lower] [Time Horizon: Long-term Planning]
R6.1.

R6.2.

Reflect consideration of each of the following if available:


Any studies (as described in R3.1) performed by Load-Serving Entities for
loads within the Transmission Planner’s area



Any studies (as described in R4.1) performed by Resource Planners for
loads within the Transmission Planner’s area



Any reserve margin or resource adequacy requirements for loads within the
Transmission Planner’s area established by other entities, such as
municipalities, state commissions, regional transmission organizations,
independent system operators, Regional Reliability Organizations, or
regional entities

Be allocated as follows:


For ATC Paths, based on the expected import paths or source regions
provided by Load-Serving Entities or Resource Planners



For Flowgates, based on the expected import paths or source regions
provided by Load-Serving Entities or Resource Planners and the distribution
factors associated with those paths or regions, as determined by the
Transmission Planner.

R7. Less than 31 calendar days after the establishment of CBM, the Transmission Service

Provider that maintains CBM shall notify all the Load-Serving Entities and Resource
Planners that determined they had a need for CBM on the Transmission Service
Provider’s system of the amount of CBM set aside. [Violation Risk Factor: Lower]
[Time Horizon: Operations Planning]
R8. Less than 31 calendar days after the establishment of CBM, the Transmission Planner

shall notify all the Load-Serving Entities and Resource Planners that determined they

Adopted by NERC Board of Trustees: November 13, 2008

Page 3 of 13

Standard MOD-004-1 — Capacity Benefit Margin

had a need for CBM on the system being planned by the Transmission Planner of the
amount of CBM set aside. [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
R9. The Transmission Service Provider that maintains CBM and the Transmission Planner

shall each provide (subject to confidentiality and security requirements) copies of the
applicable supporting data, including any models, used for determining CBM or
allocating CBM over each ATC Path or Flowgate to the following: [Violation Risk
Factor: Lower] [Time Horizon: Operations Planning, Long-term Planning]
R9.1.

Each of its associated Transmission Operators within 30 calendar days of their
making a request for the data.

R9.2.

To any Transmission Service Provider, Reliability Coordinator, Transmission
Planner, Resource Planner, or Planning Coordinator within 30 calendar days of
their making a request for the data.

R10. The Load-Serving Entity or Balancing Authority shall request to import energy over

firm Transfer Capability set aside as CBM only when experiencing a declared NERC
Energy Emergency Alert (EEA) 2 or higher. [Violation Risk Factor: Lower] [Time
Horizon: Same-day Operations]
R11. When reviewing an Arranged Interchange using CBM, all Balancing Authorities and

Transmission Service Providers shall waive, within the bounds of reliable operation,
any Real-time timing and ramping requirements. [Violation Risk Factor: Medium]
[Time Horizon: Same-day Operations]
R12. The Transmission Service Provider that maintains CBM shall approve, within the

bounds of reliable operation, any Arranged Interchange using CBM that is submitted by
an “energy deficient entity 1 ” under an EEA 2 if: [Violation Risk Factor: Medium]
[Time Horizon: Same-day Operations]
R12.1. The CBM is available
R12.2. The EEA 2 is declared within the Balancing Authority Area of the “energy

deficient entity,” and
R12.3. The Load of the “energy deficient entity” is located within the Transmission

Service Provider’s area.
C. Measures

M1.

Each Transmission Service Provider that maintains CBM shall produce its CBMID
evidencing inclusion of all information specified in R1. (R1)

M2.

Each Transmission Service Provider that maintains CBM shall have evidence (such
as dated logs and data, copies of dated electronic messages, or other equivalent
evidence) to show that it made the current CBMID available to the Transmission
Operators, Transmission Service Providers, Reliability Coordinators, Transmission
Planners, and Planning Coordinators specified in R2, and that prior to any change to
the CBMID, it notified those entities of the change. (R2)

See Attachment 1-EOP-002-0 for explanation.

Adopted by NERC Board of Trustees: November 13, 2008

Page 4 of 13

Standard MOD-004-1 — Capacity Benefit Margin
M3.

Each Load-Serving Entity that determined a need for Transmission capacity to be set
aside as CBM shall provide evidence (including studies and/or requirements) that it
met the criteria in R3. (R3)

M4.

Each Resource Planner that determined a need for Transmission capacity to be set
aside as CBM shall provide evidence (including studies and/or requirements) that it
met the criteria in R4. (R4)

M5.

Each Transmission Service Provider that maintains CBM shall provide evidence
(such as studies, requirements, and dated CBM values) that it established 13 months
of CBM values consistent with the requirements in R5.1 and allocated the values
consistent with the requirements in R5.2. (Note that CBM values may legitimately be
zero.) (R5)

M6.

Each Transmission Planner with an associated Transmission Service Provider that
maintains CBM shall provide evidence (such as studies, requirements, and dated
CBM values) that it established CBM values for years two through ten consistent
with the requirements in R6.1 and allocated the values consistent with the
requirements in R6.2. Inclusion of GCIR based on R6.1 and R6.2 within the
transmission base case meets this requirement. (Note that CBM values may
legitimately be zero.) (R6)

M7.

Each Transmission Service Provider that maintains CBM shall provide evidence
(such as dated e-mail, data, or other records) that it notified the entities described in
R7 of the amount of CBM set aside. (R7)

M8.

Each Transmission Planner with an associated Transmission Service Provider that
maintains CBM shall provide evidence (such as e-mail, data, or other records) that it
notified the entities described in R8 of the amount of CBM set aside. (R8)

M9.

Each Transmission Service Provider that maintains CBM and each Transmission
Planner shall provide evidence including copies of dated requests for data supporting
the calculation of CBM along with other evidences such as copies of electronic
messages or other evidence to show that it provided the required entities with copies
of the supporting data, including any models, used for allocating CBM as specified in
R9. (R9)

M10.

Each Load-Serving Entity and Balancing Authority shall provide evidence (such as
logs, copies of tag data, or other data from its Reliability Coordinator) that at the time
it requested to import energy using firm Transfer Capability set aside as CBM, it was
in an EEA 2 or higher. (R10)

M11.

Each Balancing Authority and Transmission Service Provider shall provide evidence
(such as operating logs and tag data) that it waived Real-time timing and ramping
requirements when approving an Arranged Interchange using CBM (R11)

M12.

Each Transmission Service Provider that maintains CBM shall provide evidence
including copies of CBM values along with other evidence (such as tags, reports, and
supporting data) to show that it approved any Arranged Interchange meeting the
criteria in R12. (R12)

D. Compliance

Adopted by NERC Board of Trustees: November 13, 2008

Page 5 of 13

Standard MOD-004-1 — Capacity Benefit Margin

1. Compliance Monitoring Process
1.1. Compliance Enforcement Authority (CEA)

Regional Entity.
1.2. Compliance Monitoring Period and Reset Time Frame

Not applicable.
1.3. Data Retention
-

The Transmission Service Provider that maintains CBM shall maintain its
current, in force CBMID and any prior versions of the CBMID that were in
force during the past three calendar years plus the current year to show
compliance with R1.

The Transmission Service Provider that maintains CBM shall maintain
evidence to show compliance with R2, R5, R7, R9, and R12 for the most
recent three calendar years plus the current year.

The Load-Serving Entity shall each maintain evidence to show compliance
with R3 and R10 for the most recent three calendar years plus the current
year.

The Resource Planner shall each maintain evidence to show compliance
with R4 for the most recent three calendar years plus the current year.

The Transmission Planner shall maintain evidence to show compliance with
R6, R8, and R9 for the most recent three calendar years plus the current
year.

The Balancing Authority shall maintain evidence to show compliance with
R10 and R11 for the most recent three calendar years plus the current year.

The Transmission Service Provider shall maintain evidence to show
compliance with R11 for the most recent three calendar years plus the
current year.

If an entity is found non-compliant, it shall keep information related to the
non-compliance until found compliant.

The Compliance Enforcement Authority shall keep the last audit records and
all requested and subsequently submitted audit records.

1.4. Compliance Monitoring and Enforcement Processes:

The following processes may be used:
-

Compliance Audits

Self-Certifications

Spot Checking

Compliance Violation Investigations

Self-Reporting

Adopted by NERC Board of Trustees: November 13, 2008

Page 6 of 13

Standard MOD-004-1 — Capacity Benefit Margin

Complaints

1.5. Additional Compliance Information

None.

Adopted by NERC Board of Trustees: November 13, 2008

Page 7 of 13

Standard MOD-004-1 — Capacity Benefit Margin

Violation Severity Levels
R#

Lower VSL

Moderate VSL

High VSL

Severe VSL

R1.

The Transmission Service
Provider that maintains CBM
has a CBMID that does not
incorporate changes that have
been made within the last three
months.

The Transmission Service
Provider that maintains CBM
has a CBMID that does not
incorporate changes that have
been made more than three, but
not more than six, months ago.
OR
The CBM maintaining
Transmission Service Provider’s
CBMID does not address one of
the sub requirements.

The Transmission Service
Provider that maintains CBM
has a CBMID that does not
incorporate changes that have
been made more than six, but
not more than twelve, months
ago.
OR
The CBM maintaining
Transmission Service Provider’s
CBMID does not address two of
the sub requirements.

The Transmission Service
Provider that maintains CBM
has a CBMID that does not
incorporate changes that have
been made more than twelve
months ago.
OR
The Transmission Service
Provider that maintains CBM
does not have a CBMID;
OR
The CBM maintaining
Transmission Service Provider’s
CBMID does not address three
of the sub requirements.

R2.

The Transmission Service
Provider that maintains CBM
notifies one or more of the
entities specified in R2 of a
change in the CBM ID after the
effective date of the change, but
not more than 30 calendar days
after the effective date of the
change.

The Transmission Service
Provider that maintains CBM
notifies one or more of the
entities specified in R2 of a
change in the CBM ID 30 or
more calendar days but not
more than 60 calendar days after
the effective date of the change.

The Transmission Service
Provider that maintains CBM
notifies one or more of the
entities specified in R2 of a
change in the CBM ID 60 or
more calendar days but not
more than 90 calendar days after
the effective date of the change.
OR
The Transmission Service
Provider that maintains CBM
made available the CBMID to at
least one, but not all, of the
entities specified in R2.

The Transmission Service
Provider that maintains CBM
notifies one or more of the
entities specified in R2 of a
change in the CBM ID more
than 90 calendar days after the
effective date of the change.
OR
The Transmission Service
Provider that maintains CBM
made available the CBMID to
none of the entities specified in
R2.

Adopted by NERC Board of Trustees: November 13, 2008

Page 8 of 13

Standard MOD-004-1 — Capacity Benefit Margin

Lower VSL

Moderate VSL

High VSL

Severe VSL

R3.

The Load-Serving Entity did not
use one of the methods
described in R3.1
OR
The Load-Serving Entity did not
identify paths or regions as
described in R3.2

The Load-Serving Entity did
not use one of the methods
described in R3.1
AND
The Load-Serving Entity did not
identify paths or regions as
described in R3.2

The Resource Planner did not
use one of the methods
described in R4.1
OR
The Resource Planner did not
identify paths or regions as
described in R4.2

The Resource Planner did not
use one of the methods
described in R4.1
AND
The Resource Planner did not
identify paths or regions as
described in R4.2

R5.

The Transmission Service
Provider that maintains CBM
established CBM more than 16
months, but not more than 19
months, after the last time the
values were established.
OR
The Transmission Service
Provider that maintains CBM
did not consider one or more of
the items described in R5.1 that
was available.
OR
The Transmission Service
Provider that maintains CBM
did not base the allocation on
one or more paths or regions as

The Transmission Service
Provider that maintains CBM
established CBM more than 13
months, but not more than 16
months, after the last time the
values were established.

Adopted by NERC Board of Trustees: November 13, 2008

The Transmission Service
Provider that maintains CBM
established CBM more than 19
months, but not more than 22
months, after the last time the
values were established.

The Transmission Service
Provider that maintains CBM
established CBM more than 22
months after the last time the
values were established.
OR
The Transmission Service
Provider that maintains CBM
failed to establish an initial
value for CBM.
OR
The Transmission Service
Provider that maintains CBM
did not consider one or more of
the items described in R5.1 that
was available, and did not base
the allocation on one or more

Page 9 of 13

Standard MOD-004-1 — Capacity Benefit Margin

Lower VSL

Moderate VSL

High VSL

described in R5.2.

R6.

The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM established CBM for each
of the years 2 through 10 more
than 13 months, but not more
than 16 months, after the last
time the values were
established.

The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM established CBM for each
of the years 2 through 10 more
than 16 months, but not more
than 19 months, after the last
time the values were
established.
OR
The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM did not consider one or
more of the items described in
R6.1 that was available.
OR
The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM did not base the allocation

Adopted by NERC Board of Trustees: November 13, 2008

Severe VSL

paths or regions as described in
R5.2

The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM established CBM for each
of the years 2 through 10 more
than 19 months, but not more
than 22 months, after the last
time the values were
established.

The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM established CBM for each
of the years 2 through 10 more
than 22 months after the last
time the values were
established.
OR
The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM failed to establish an
initial value for CBM for each
of the years 2 through 10.
OR
The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM did not consider one or
more of the items described in

Page 10 of 13

Standard MOD-004-1 — Capacity Benefit Margin

Lower VSL

Moderate VSL

High VSL

on one or more paths or regions
as described in R6.2

Severe VSL

R6.1 that was available, and did
not base the allocation on one or
more paths or regions as
described in R6.2

R7.

The Transmission Service
Provider that maintains CBM
notified all the entities as
required, but did so in 31 or
more days, but less than 45
days.

The Transmission Service
Provider that maintains CBM
notified all the entities as
required, but did so in 45 or
more days, but less than 60
days.

The Transmission Service
Provider that maintains CBM
notified all the entities as
required, but did so in 60 or
more days, but less than 75
days.
OR
The Transmission Service
Provider that maintains CBM
notified at least one, but not all,
of the entities as required.

The Transmission Service
Provider that maintains CBM
notified all the entities as
required, but did so in 75 or
more days,
OR
The Transmission Service
Provider that maintains CBM
notified none of the entities as
required.

R8.

The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM notified all the entities as
required, but did so in 31 or
more days, but less than 45
days.

The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM notified all the entities as
required, but did so in 45 or
more days, but less than 60
days.

The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM notified all the entities as
required, but did so in 60 or
more days, but less than 75
days.
OR
The Transmission Planner with

The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM notified all the entities as
required, but did so in 75 or
more days,
OR
The Transmission Planner with
an associated Transmission

Adopted by NERC Board of Trustees: November 13, 2008

Page 11 of 13

Standard MOD-004-1 — Capacity Benefit Margin

R9.

Lower VSL

The Transmission Service
Provider or Transmission
Planner provided a requester
specified in R9 with the
supporting data, including
models, used to allocate CBM
more than 30, but not more than
45, days after the submission of
the request.

Moderate VSL

The Transmission Service
Provider or Transmission
Planner provided a requester
specified in R9 with the
supporting data, including
models, used to allocate CBM
more than 45, but not more than
60, days after the submission of
the request.

High VSL

an associated Transmission
Service Provider that maintains
CBM notified at least one, but
not all, of the entities as
required.

Service Provider that maintains
CBM notified none of the
entities as required.

The Transmission Service
Provider or Transmission
Planner provided a requester
specified in R9 with the
supporting data, including
models, used to allocate CBM
more than 60, but not more than
75, days after the submission of
the request.
OR
The Transmission Service
Provider or Transmission
Planner provided at least one,
but not all, of the requesters
specified in R9 with the
supporting data, including
models, used to allocate CBM.

The Transmission Service
Provider or Transmission
Planner provided a requester
specified in R9 with the
supporting data, including
models, used to allocate CBM
more than 75 days after the
submission of the request.
OR
The Transmission Service
Provider or Transmission
Planner provided none of the
requesters specified in R9 with
the supporting data, including
models, used to allocate CBM.

R10.
N/A

N/A

A Load-Serving Entity or
Balancing Authority requested
to schedule energy over CBM
while not in an EEA 2 or higher.

N/A

A Balancing Authority or
Transmission Service Provider
denied an Arranged Interchange
using CBM based on timing or
ramping requirements without a
reliability reason to do so.

R11.
N/A

N/A

Adopted by NERC Board of Trustees: November 13, 2008

Severe VSL

Page 12 of 13

Standard MOD-004-1 — Capacity Benefit Margin

Lower VSL

Moderate VSL

High VSL

R12.
N/A

N/A

Adopted by NERC Board of Trustees: November 13, 2008

N/A

Severe VSL

The Transmission Service
Provider failed to approve an
Arranged Interchange for CBM
that met the criteria described in
R12 without a reliability reason
to do so.

Page 13 of 13

Standard NUC-001-2 — Nuclear Plant Interface Coordination
A. Introduction
1.

Title:

Nuclear Plant Interface Coordination

Number:

NUC-001-2

Purpose:
This standard requires coordination between Nuclear Plant Generator Operators
and Transmission Entities for the purpose of ensuring nuclear plant safe operation and
shutdown.

Transmission Operators.

4.2.2

Transmission Owners.

4.2.3

Transmission Planners.

4.2.4

Transmission Service Providers.

4.2.5

Balancing Authorities.

4.2.6

Reliability Coordinators.

4.2.7

Planning Coordinators.

4.2.8

Distribution Providers.

4.2.9

Load-serving Entities.

4.2.10 Generator Owners.
4.2.11 Generator Operators.
5.

Effective Date:

April 1, 2010

B. Requirements
R1.

The Nuclear Plant Generator Operator shall provide the proposed NPIRs in writing to the
applicable Transmission Entities and shall verify receipt [Risk Factor: Lower]

R2.

The Nuclear Plant Generator Operator and the applicable Transmission Entities shall have in
effect one or more Agreements1 that include mutually agreed to NPIRs and document how the
Nuclear Plant Generator Operator and the applicable Transmission Entities shall address and
implement these NPIRs. [Risk Factor: Medium]

R3.

R4.

Per the Agreements developed in accordance with this standard, the applicable Transmission
Entities shall: [Risk Factor: High]

1. Agreements may include mutually agreed upon procedures or protocols in effect between entities or between
departments of a vertically integrated system.
Adopted by NERC Board of Trustees: August 5, 2009
Effective Date: April 1, 2010

Standard NUC-001-2 — Nuclear Plant Interface Coordination
R4.1.

Incorporate the NPIRs into their operating analyses of the electric system.

R4.2.

Operate the electric system to meet the NPIRs.

R4.3.

Inform the Nuclear Plant Generator Operator when the ability to assess the operation
of the electric system affecting NPIRs is lost.

R5.

The Nuclear Plant Generator Operator shall operate per the Agreements developed in
accordance with this standard. [Risk Factor: High]

R6.

R7.

R8.

R9.

The Nuclear Plant Generator Operator and the applicable Transmission Entities shall include,
as a minimum, the following elements within the agreement(s) identified in R2: [Risk Factor:
Medium]
R9.1.

R9.2.

R9.3.

Operations and maintenance coordination:
R9.3.1. Designation of ownership of electrical facilities at the interface between the
electric system and the nuclear plant and responsibilities for operational
control coordination and maintenance of these facilities.
R9.3.2. Identification of any maintenance requirements for equipment not owned or
controlled by the Nuclear Plant Generator Operator that are necessary to
meet the NPIRs.

Adopted by NERC Board of Trustees: August 5, 2009
Effective Date: April 1, 2010

Standard NUC-001-2 — Nuclear Plant Interface Coordination
R9.3.3. Coordination of testing, calibration and maintenance of on-site and off-site
power supply systems and related components.
R9.3.4. Provisions to address mitigating actions needed to avoid violating NPIRs
and to address periods when responsible Transmission Entity loses the
ability to assess the capability of the electric system to meet the NPIRs.
These provisions shall include responsibility to notify the Nuclear Plant
Generator Operator within a specified time frame.
R9.3.5. Provision for considering, within the restoration process, the requirements
and urgency of a nuclear plant that has lost all off-site and on-site AC
power. .
R9.3.6. Coordination of physical and cyber security protection of the Bulk Electric
System at the nuclear plant interface to ensure each asset is covered under at
least one entity’s plan.
R9.3.7. Coordination of the NPIRs with transmission system Special Protection
Systems and underfrequency and undervoltage load shedding programs.
R9.4.

C. Measures
M1. The Nuclear Plant Generator Operator shall, upon request of the Compliance Enforcement
Authority, provide a copy of the transmittal and receipt of transmittal of the proposed NPIRs to
the responsible Transmission Entities. (Requirement 1)
M2. The Nuclear Plant Generator Operator and each Transmission Entity shall each have a copy of
the Agreement(s) addressing the elements in Requirement 9 available for inspection upon
request of the Compliance Enforcement Authority. (Requirement 2 and 9)
M3. Each Transmission Entity responsible for planning analyses in accordance with the Agreement
shall, upon request of the Compliance Enforcement Authority, provide a copy of the planning
analyses results transmitted to the Nuclear Plant Generator Operator, showing incorporation of
the NPIRs. The Compliance Enforcement Authority shall refer to the Agreements developed
in accordance with this standard for specific requirements. (Requirement 3)
M4. Each Transmission Entity responsible for operating the electric system in accordance with the
Agreement shall demonstrate or provide evidence of the following, upon request of the
Compliance Enforcement Authority:
Adopted by NERC Board of Trustees: August 5, 2009
Effective Date: April 1, 2010

Standard NUC-001-2 — Nuclear Plant Interface Coordination
M4.1

The NPIRs have been incorporated into the current operating analysis of the electric
system. (Requirement 4.1)

M4.2

The electric system was operated to meet the NPIRs. (Requirement 4.2)

M4.3

The Transmission Entity informed the Nuclear Plant Generator Operator when it
became aware it lost the capability to assess the operation of the electric system
affecting the NPIRs. (Requirement 4.3)

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
Regional Entity.
1.2. Compliance Monitoring Period and Reset Time Frame
Not applicable.
1.3. Compliance Monitoring and Enforcement Processes:
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
The Responsible Entity shall keep data or evidence to show compliance as identified below
unless directed by its Compliance Enforcement Authority to retain specific evidence for a
longer period of time as part of an investigation:


For Measure 1, the Nuclear Plant Generator Operator shall keep its latest
transmittals and receipts.

Adopted by NERC Board of Trustees: August 5, 2009
Effective Date: April 1, 2010

Standard NUC-001-2 — Nuclear Plant Interface Coordination


For Measure 2, the Nuclear Plant Generator Operator and each Transmission
Entity shall have its current, in-force agreement.



For Measure 3, the Transmission Entity shall have the latest planning analysis
results.



For Measures 4.3, 6 and 8, the Transmission Entity shall keep evidence for two
years plus current.



For Measures 5, 6 and 7, the Nuclear Plant Generator Operator shall keep
evidence for two years plus current.

Date

Action

Change Tracking

May 2, 2007

Approved by Board of Trustees

New

To be determined

Modifications for Order 716 to Requirement R9.3.5

Revision

Adopted by NERC Board of Trustees: August 5, 2009
Effective Date: April 1, 2010

Standard NUC-001-2 — Nuclear Plant Interface Coordination
and footnote 1; modifications to bring compliance
elements into conformance with the latest version of
the ERO Rules of Procedure.
2

August 5, 2009

Adopted by Board of Trustees

Revised

January 22, 2010

Approved by FERC on January 21, 2010
Added Effective Date

Update

Adopted by NERC Board of Trustees: August 5, 2009
Effective Date: April 1, 2010

Standard PRC-008-0 — Underfrequency Load Shedding Equipment Maintenance Programs

A. Introduction
1.

Title:
Implementation and Documentation of Underfrequency Load Shedding
Equipment Maintenance Program

Number:

Purpose:
Provide last resort system preservation measures by implementing an Under
Frequency Load Shedding (UFLS) program.

Applicability:

PRC-008-0

4.1. Transmission Owner required by its Regional Reliability Organization to have a UFLS
program
4.2. Distribution Provider required by its Regional Reliability Organization to have a UFLS
program
5.

Effective Date: April 1, 2005

B. Requirements
R1.

R2.

The Transmission Owner and Distribution Provider with a UFLS program (as required by its
Regional Reliability Organization) shall implement its UFLS equipment maintenance and
testing program and shall provide UFLS maintenance and testing program results to its
Regional Reliability Organization and NERC on request (within 30 calendar days).

C. Measures
M1. Each Transmission Owner’s and Distribution Provider’s UFLS equipment maintenance and
testing program contains the elements specified in Reliability Standard PRC-008-0_R1.
M2. Each Transmission Owner and Distribution Provider shall have evidence that it provided the
results of its UFLS equipment maintenance and testing program’s implementation to its
Regional Reliability Organization and NERC on request (within 30 calendar days).
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Compliance Monitor: Regional Reliability Organization.
1.2. Compliance Monitoring Period and Reset Timeframe
On request (within 30 calendar days).
1.3. Data Retention
None specified.
1.4. Additional Compliance Information
None.

Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

1 of 2

Standard PRC-008-0 — Underfrequency Load Shedding Equipment Maintenance Programs

Levels of Non-Compliance
2.1. Level 1: Documentation of the maintenance and testing program was incomplete, but
records indicate implementation was on schedule.
2.2. Level 2: Complete documentation of the maintenance and testing program was provided,
but records indicate that implementation was not on schedule.
2.3. Level 3: Documentation of the maintenance and testing program was incomplete, and
records indicate implementation was not on schedule.
2.4. Level 4: Documentation of the maintenance and testing program, or its implementation
was not provided.

E. Regional Differences
1.

None identified.

Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

September 26, 2005

Fixed reference in M1 from PRC-0070_R1 to PRC-008-0_R1.

Errata

Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

2 of 2

Standard PRC-009-0 — UFLS Performance Following an Underfrequency Event
A. Introduction
1.

Title:
Analysis and Documentation of Underfrequency Load Shedding
Performance Following an Underfrequency Event

Number:

Purpose:
Provide last resort System preservation measures by implementing an Under
Frequency Load Shedding (UFLS) program.

Applicability:

PRC-009-0

4.1. Transmission Owner required by its Regional Reliability Organization to own a UFLS
program
4.2. Transmission Operator required by its Regional Reliability Organization to operate a
UFLS program
4.3. Load-Serving Entity required by the Regional Reliability Organization to operate a UFLS
program
4.4. Distribution Provider required by the Regional Reliability Organization to own or operate
a UFLS program
5.

Effective Date:

April 1, 2005

B. Requirements
R1.

R2.

The Transmission Owner, Transmission Operator, Load-Serving Entity and Distribution
Provider that owns or operates a UFLS program (as required by its Regional Reliability
Organization) shall analyze and document its UFLS program performance in accordance with
its Regional Reliability Organization’s UFLS program. The analysis shall address the
performance of UFLS equipment and program effectiveness following system events resulting
in system frequency excursions below the initializing set points of the UFLS program. The
analysis shall include, but not be limited to:
R1.1.

A description of the event including initiating conditions.

R1.2.

A review of the UFLS set points and tripping times.

R1.3.

A simulation of the event.

R1.4.

A summary of the findings.

The Transmission Owner, Transmission Operator, Load-Serving Entity, and Distribution
Provider that owns or operates a UFLS program (as required by its Regional Reliability
Organization) shall provide documentation of the analysis of the UFLS program to its Regional
Reliability Organization and NERC on request 90 calendar days after the system event.

C. Measures
M1. Each Transmission Owner’s, Transmission Operator’s, Load-Serving Entity’s and Distribution
Provider’s documentation of the UFLS program performance following an underfrequency
event includes all elements identified in Reliability Standard PRC-009-0_R1.
M2. Each Transmission Owner, Transmission Operator, Load-Serving Entity and Distribution
Provider that owns or operate a UFLS program, shall have evidence it provided documentation
of the analysis of the UFLS program performance following an underfrequency event as
specified in Reliability Standard PRC-009-0_R1.
Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

1 of 2

Standard PRC-009-0 — UFLS Performance Following an Underfrequency Event
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Compliance Monitor: Regional Reliability Organization.
1.2. Compliance Monitoring Period and Reset Timeframe
On request 90 calendar days after the system event.
1.3. Data Retention
None specified.
1.4. Additional Compliance Information
None.

Levels of Non-Compliance
2.1. Level 1:
Analysis of UFLS program performance following an actual underfrequency
event below the UFLS set point(s) was incomplete in one or more elements in Reliability
Standard PRC-009-0_R1.
2.2. Level 2:

Not applicable.

2.3. Level 3:

Not applicable.

2.4. Level 4:
Analysis of UFLS program performance following an actual underfrequency
event below the UFLS set point(s) was not provided.
E. Regional Differences
1.

None identified.

Version History
Version
0

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

2 of 2

Standard PRC-010-0 — Assessment of the Design and Effectiveness of UVLS Program
A. Introduction
1.

Title:
Technical Assessment of the Design and Effectiveness of Undervoltage Load
Shedding Program.

Number:

Purpose:
Provide System preservation measures in an attempt to prevent system voltage
collapse or voltage instability by implementing an Undervoltage Load Shedding (UVLS)
program.

Applicability:

PRC-010-0

Effective Date:

April 1, 2005

B. Requirements
R1.

The Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall periodically (at least every five years or
as required by changes in system conditions) conduct and document an assessment of the
effectiveness of the UVLS program. This assessment shall be conducted with the associated
Transmission Planner(s) and Planning Authority(ies).
R1.1.

R2.

The Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall provide documentation of its current
UVLS program assessment to its Regional Reliability Organization and NERC on request (30
calendar days).

Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

1 of 2

Standard PRC-010-0 — Assessment of the Design and Effectiveness of UVLS Program

D. Compliance
1.

Levels of Non-Compliance
2.1. Level 1:

Not applicable.

2.2. Level 2:

Not applicable.

2.3. Level 3:

Not applicable.

None identified.

Version History
Version
0

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

Adopted by NERC Board of Trustees: February 8, 2005
Effective Date: April 1, 2005

2 of 2

Standard PRC-022-1 — Under-Voltage Load Shedding Program Performance

A. Introduction
1.

Title:

Under-Voltage Load Shedding Program Performance

Number:

PRC-022-1

Purpose:
Ensure that Under Voltage Load Shedding (UVLS) programs perform as
intended to mitigate the risk of voltage collapse or voltage instability in the Bulk Electric
System (BES).

Applicability
4.1. Transmission Operator that operates a UVLS program.
4.2. Distribution Provider that operates a UVLS program.
4.3. Load-Serving Entity that operates a UVLS program.

Effective Date:

May 1, 2006

B. Requirements
R1.

R2.

A description of the event including initiating conditions.

R1.2.

A review of the UVLS set points and tripping times.

R1.3.

A simulation of the event, if deemed appropriate by the Regional Reliability
Organization. For most events, analysis of sequence of events may be sufficient and
dynamic simulations may not be needed.

R1.4.

A summary of the findings.

R1.5.

For any Misoperation, a Corrective Action Plan to avoid future Misoperations of a
similar nature.

Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates a
UVLS program shall provide documentation of its analysis of UVLS program performance to
its Regional Reliability Organization within 90 calendar days of a request.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Regional Reliability Organization.
1.2. Compliance Monitoring Period and Reset Time Frame

Adopted by Board of Trustees: February 7, 2006
Effective Date: May 1, 2006

1 of 2

Standard PRC-022-1 — Under-Voltage Load Shedding Program Performance

One calendar year.
1.3. Data Retention
Each Transmission Operator, Load-Serving Entity, and Distribution Provider that
operates a UVLS program shall retain documentation of its analyses of UVLS operations
and Misoperations for two years. The Compliance Monitor shall retain any audit data for
three years.
1.4. Additional Compliance Information
Transmission Operator, Load-Serving Entity, and Distribution Provider shall demonstrate
compliance through self-certification or audit (periodic, as part of targeted monitoring or
initiated by complaint or event), as determined by the Compliance Monitor.
2.

E. Regional Differences
None identified.
Version History
Version

Date

Action

12/01/05

1. Removed comma after 2004 in
01/20/06
“Development Steps Completed,” #1.
2. Changed incorrect use of certain
hyphens (-) to “en dash” (–) and “em
dash (—).”
3. Lower cased the word “region,”
“board,” and “regional” throughout
document where appropriate.
4. Added or removed “periods” where
appropriate.
5. Changed “Timeframe” to “Time Frame”
in item D, 1.2.

Adopted by Board of Trustees: February 7, 2006
Effective Date: May 1, 2006

Change Tracking

2 of 2

Standard TOP-001-1a — Reliability Responsibilities and Authorities

A. Introduction
1.

Title:

Reliability Responsibilities and Authorities

Number:

TOP-001-1a

Purpose: To ensure reliability entities have clear decision-making authority and
capabilities to take appropriate actions or direct the actions of others to return the
transmission system to normal conditions during an emergency.
3.

Applicability
3.1. Balancing Authorities
3.2. Transmission Operators
3.3. Generator Operators
3.4. Distribution Providers
3.5. Load Serving Entities

Effective Date:
authorities.

Immediately after approval of applicable regulatory

B. Requirements
R1.

Each Transmission Operator shall have the responsibility and clear decision-making
authority to take whatever actions are needed to ensure the reliability of its area and
shall exercise specific authority to alleviate operating emergencies.

R2.

Each Transmission Operator shall take immediate actions to alleviate operating
emergencies including curtailing transmission service or energy schedules, operating
equipment (e.g., generators, phase shifters, breakers), shedding firm load, etc.

R3.

Each Transmission Operator, Balancing Authority, and Generator Operator shall
comply with reliability directives issued by the Reliability Coordinator, and each
Balancing Authority and Generator Operator shall comply with reliability directives
issued by the Transmission Operator, unless such actions would violate safety,
equipment, regulatory or statutory requirements. Under these circumstances the
Transmission Operator, Balancing Authority or Generator Operator shall immediately
inform the Reliability Coordinator or Transmission Operator of the inability to perform
the directive so that the Reliability Coordinator or Transmission Operator can
implement alternate remedial actions.

R4.

Each Distribution Provider and Load Serving Entity shall comply with all reliability
directives issued by the Transmission Operator, including shedding firm load, unless
such actions would violate safety, equipment, regulatory or statutory requirements.
Under these circumstances, the Distribution Provider or Load Serving Entity shall
immediately inform the Transmission Operator of the inability to perform the directive
so that the Transmission Operator can implement alternate remedial actions.

R5.

Each Transmission Operator shall inform its Reliability Coordinator and any other
potentially affected Transmission Operators of real time or anticipated emergency
conditions, and take actions to avoid, when possible, or mitigate the emergency.

Page 1 of 7

Standard TOP-001-1a — Reliability Responsibilities and Authorities

R6.

Each Transmission Operator, Balancing Authority, and Generator Operator shall render
all available emergency assistance to others as requested, provided that the requesting
entity has implemented its comparable emergency procedures, unless such actions
would violate safety, equipment, or regulatory or statutory requirements.

R7.

Each Transmission Operator and Generator Operator shall not remove Bulk Electric
System facilities from service if removing those facilities would burden neighboring
systems unless:

R8.

R7.1.

For a generator outage, the Generator Operator shall notify and coordinate with
the Transmission Operator. The Transmission Operator shall notify the
Reliability Coordinator and other affected Transmission Operators, and
coordinate the impact of removing the Bulk Electric System facility.

R7.2.

For a transmission facility, the Transmission Operator shall notify and
coordinate with its Reliability Coordinator. The Transmission Operator shall
notify other affected Transmission Operators, and coordinate the impact of
removing the Bulk Electric System facility.

R7.3.

When time does not permit such notifications and coordination, or when
immediate action is required to prevent a hazard to the public, lengthy
customer service interruption, or damage to facilities, the Generator Operator
shall notify the Transmission Operator, and the Transmission Operator shall
notify its Reliability Coordinator and adjacent Transmission Operators, at the
earliest possible time.

During a system emergency, the Balancing Authority and Transmission Operator shall
immediately take action to restore the Real and Reactive Power Balance. If the
Balancing Authority or Transmission Operator is unable to restore Real and Reactive
Power Balance it shall request emergency assistance from the Reliability Coordinator.
If corrective action or emergency assistance is not adequate to mitigate the Real and
Reactive Power Balance, then the Reliability Coordinator, Balancing Authority, and
Transmission Operator shall implement firm load shedding.

C. Measures
M1. Each Transmission Operator shall have and provide upon request evidence that could

include, but is not limited to, signed agreements, an authority letter signed by an officer
of the company, or other equivalent evidence that will be used to confirm that it has the
authority, and has exercised the authority, to alleviate operating emergencies as
described in Requirement 1.
M2. If an operating emergency occurs the Transmission Operator that experienced the

emergency shall have and provide upon request evidence that could include, but is not
limited to, operator logs, voice recordings or transcripts of voice recordings, electronic
communications, or other equivalent evidence that will be used to determine if it took
immediate actions to alleviate the operating emergency including curtailing
transmission service or energy schedules, operating equipment (e.g., generators, phase
shifters, breakers), shedding firm load, etc. (Requirement 2)
M3. Each Transmission Operator, Balancing Authority, and Generator Operator shall have

and provide upon request evidence such as operator logs, voice recordings or
Page 2 of 7

Standard TOP-001-1a — Reliability Responsibilities and Authorities

transcripts of voice recordings, electronic communications, or other equivalent
evidence that will be used to determine if it complied with its Reliability Coordinator’s
reliability directives. If the Transmission Operator, Balancing Authority or Generator
Operator did not comply with the directive because it would violate safety, equipment,
regulatory or statutory requirements, it shall provide evidence such as operator logs,
voice recordings or transcripts of voice recordings, electronic communications, or other
equivalent evidence that it immediately informed the Reliability Coordinator of its
inability to perform the directive. (Requirement 3)
M4. Each Balancing Authority, Generator Operator, Distribution Provider and Load

Serving Entity shall have and provide upon request evidence such as operator logs,
voice recordings or transcripts of voice recordings, electronic communications, or other
equivalent evidence that will be used to determine if it complied with its Transmission
Operator’s reliability directives. If the Balancing Authority, Generator Operator,
Distribution Provider and Load Serving Entity did not comply with the directive
because it would violate safety, equipment, regulatory or statutory requirements, it
shall provide evidence such as operator logs, voice recordings or transcripts of voice
recordings, electronic communications, or other equivalent evidence that it
immediately informed the Transmission Operator of its inability to perform the
directive. (Requirements 3 and 4)
M5. The Transmission Operator shall have and provide upon request evidence that could

include, but is not limited to, operator logs, voice recordings or transcripts of voice
recordings, electronic communications, or other equivalent evidence that will be used
to determine if it informed its Reliability Coordinator and any other potentially affected
Transmission Operators of real time or anticipated emergency conditions, and took
actions to avoid, when possible, or to mitigate an emergency. (Requirement 5)
M6. The Transmission Operator, Balancing Authority, and Generator Operator shall each

have and provide upon request evidence that could include, but is not limited to,
operator logs, voice recordings or transcripts of voice recordings, electronic
communications, or other equivalent evidence that will be used to determine if it
rendered assistance to others as requested, provided that the requesting entity had
implemented its comparable emergency procedures, unless such actions would violate
safety, equipment, or regulatory or statutory requirements. (Requirement 6)
M7. The Transmission Operator and Generator Operator shall each have and provide upon

request evidence that could include, but is not limited to, operator logs, voice
recordings or transcripts of voice recordings, electronic communications, or other
equivalent evidence that will be used to determine if it notified either their
Transmission Operator in the case of the Generator Operator, or other Transmission
Operators, and the Reliability Coordinator when it removed Bulk Electric System
facilities from service if removing those facilities would burden neighboring systems.
(Requirement 7)
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility

Page 3 of 7

Standard TOP-001-1a — Reliability Responsibilities and Authorities

Regional Reliability Organizations shall be responsible for compliance
monitoring.
1.2. Compliance Monitoring and Reset Time Frame

Each Transmission Operator shall have the current in-force document to show
that it has the responsibility and clear decision-making authority to take whatever
actions are needed to ensure the reliability of its area. (Measure 1)
Each Transmission Operator shall keep 90 days of historical data (evidence) for
Measures 1 through 7, including evidence of directives issued for Measures 3 and
4.
Each Balancing Authority shall keep 90 days of historical data (evidence) for
Measures 3, 4 and 6 including evidence of directives issued for Measures 3 and 4.
Each Generator Operator shall keep 90 days of historical data (evidence) for
Measures 3, 4, 6 and 7 including evidence of directives issued for Measures 3 and
4.
Each Distribution Provider and Load-serving Entity shall keep 90 days of
historical data (evidence) for Measure 4.
If an entity is found non-compliant the entity shall keep information related to the
noncompliance until found compliant or for two years plus the current year,
whichever is longer.
Evidence used as part of a triggered investigation shall be retained by the entity
being investigated for one year from the date that the investigation is closed, as
determined by the Compliance Monitor,
The Compliance Monitor shall keep the last periodic audit report and all
supporting compliance data
1.4. Additional Compliance Information
Page 4 of 7

Standard TOP-001-1a — Reliability Responsibilities and Authorities

None.
2.

Levels of Non-Compliance for a Balancing Authority:
2.1. Level 1: Not applicable.
2.2. Level 2: Not applicable.
2.3. Level 3: Not applicable.
2.4. Level 4: There shall be a separate Level 4 non-compliance, for every one of the

following requirements that is in violation:

2.4.1

Did not comply with a Reliability Coordinator’s or Transmission
Operator’s reliability directive or did not immediately inform the
Reliability Coordinator or Transmission Operator of its inability to
perform that directive (R3)

2.4.2

Did not render emergency assistance to others as requested, in accordance
with R6.

Levels of Non-Compliance for a Transmission Operator
3.1. Level 1: Not applicable.
3.2. Level 2: Not applicable.
3.3. Level 3: Not applicable.
3.4. Level 4: There shall be a separate Level 4 non-compliance, for every one of the

following requirements that is in violation:

3.4.1

Does not have the documented authority to act as specified in R1.

3.4.2

Does not have evidence it acted with the authority specified in R1.

3.4.3

Did not take immediate actions to alleviate operating emergencies as
specified in R2.

3.4.4

Did not comply with its Reliability Coordinator’s reliability directive or
did not immediately inform the Reliability Coordinator of its inability to
perform that directive, as specified in R3.

3.4.5

Did not inform its Reliability Coordinator and other potentially affected
Transmission Operators of real time or anticipated emergency conditions
as specified in R5.

3.4.6

Did not take actions to avoid, when possible, or to mitigate an emergency
as specified in R5.

3.4.7

Did not render emergency assistance to others as requested, as specified in
R6.

3.4.8

Removed Bulk Electric System facilities from service under conditions
other than those specified in R7.1, 7.2, and 7.3, and removing those
facilities burdened a neighbor system.

Levels of Non-Compliance for a Generator Operator:
Page 5 of 7

Standard TOP-001-1a — Reliability Responsibilities and Authorities

4.1. Level 1: Not applicable.
4.2. Level 2: Not applicable.
4.3. Level 3: Not applicable.
4.4. Level 4: There shall be a separate Level 4 non-compliance, for every one of the

following requirements that is in violation:

4.4.1

Did not comply with a Reliability Coordinator or Transmission Operator’s
reliability directive or did not immediately inform the Reliability
Coordinator or Transmission Operator of its inability to perform that
directive, as specified in R3.

4.4.2

Did not render all available emergency assistance to others as requested,
unless such actions would violate safety, equipment, or regulatory or
statutory requirements as specified in R6.

4.4.3

Removed Bulk Electric System facilities from service under conditions
other than those specified in R7.1, 7.2, and 7.3, and burdened a neighbor
system.

Levels of Non-Compliance for a Distribution Provider or Load Serving Entity
5.1. Level 1: Not applicable.
5.2. Level 2: Not applicable.
5.3. Level 3: Not applicable
5.4. Level 4: Did not comply with a Transmission Operator’s reliability directive or

immediately inform the Transmission Operator of its inability to perform that
directive, as specified in R4.
E. Regional Differences

None identified.
Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from Effective
Date

Errata

November 1, 2006

Adopted by Board of Trustees

Revised

May 12, 2010

Added Appendix 1 – Interpretation of
R8 approved by BOT on May 12, 2010

Interpretation

September 15,
2011

FERC Order issued approved the
Interpretation of R8 (FERC Order
became effective November 21, 2011)

Interpretation

Page 6 of 7

Standard TOP-001-1a — Reliability Responsibilities and Authorities

Appendix 1

Requirement Number and Text of Requirement
R8. During a system emergency, the Balancing Authority and Transmission Operator shall
immediately take action to restore the Real and Reactive Power Balance. If the Balancing
Authority or Transmission Operator is unable to restore Real and Reactive Power Balance it shall
request emergency assistance from the Reliability Coordinator. If corrective action or
emergency assistance is not adequate to mitigate the Real and Reactive Power Balance, then the
Reliability Coordinator, Balancing Authority, and Transmission Operator shall implement firm
load shedding.
Question
For Requirement R8 is the Balancing Authority responsibility to immediately take corrective
action to restore Real Power Balance and is the TOP responsibility to immediately take
corrective action to restore Reactive Power Balance?
Response
The answer to both questions is yes. According to the NERC Glossary of Terms Used in
Reliability Standards, the Transmission Operator is responsible for the reliability of its “local”
transmission system, and operates or directs the operations of the transmission facilities.
Similarly, the Balancing Authority is responsible for maintaining load-interchange-generation
balance, i.e., real power balance. In the context of this requirement, the Transmission Operator
is the functional entity that balances reactive power. Reactive power balancing can be
accomplished by issuing instructions to the Balancing Authority or Generator Operators to alter
reactive power injection. Based on NERC Reliability Standard BAL-005-1b Requirement R6,
the Transmission Operator has no requirement to compute an Area Control Error (ACE) signal or
to balance real power. Based on NERC Reliability Standard VAR-001-1 Requirement R8, the
Balancing Authority is not required to resolve reactive power balance issues. According to TOP001-1 Requirement R3, the Balancing Authority is only required to comply with Transmission
Operator or Reliability Coordinator instructions to change injections of reactive power.

Page 7 of 7

Standard TOP-005-2a — Operational Reliability Information
A. Introduction
1.

Title:

Operational Reliability Information

Number:

TOP-005-2a

Purpose:
To ensure reliability entities have the operating data needed to monitor system
conditions within their areas.

Applicability
4.1. Transmission Operators.
4.2. Balancing Authorities.
4.3. Purchasing Selling Entities.

Proposed Effective Date: In those jurisdictions where no regulatory approval is required,
the standard shall become effective on the latter of either April 1, 2009 or the first day of the
first calendar quarter, three months after BOT adoption.
In those jurisdictions where regulatory approval is required, the standard shall become
effective on the latter of either April 1, 2009 or the first day of the first calendar quarter, three
months after applicable regulatory approval.

B. Requirements
R1.

As a condition of receiving data from the Interregional Security Network (ISN), each ISN data
recipient shall sign the NERC Confidentiality Agreement for “Electric System Reliability
Data.”

R2.

Upon request, each Balancing Authority and Transmission Operator shall provide to other
Balancing Authorities and Transmission Operators with immediate responsibility for
operational reliability, the operating data that are necessary to allow these Balancing
Authorities and Transmission Operators to perform operational reliability assessments and to
coordinate reliable operations. Balancing Authorities and Transmission Operators shall
provide the types of data as listed in Attachment 1-TOP-005 “Electric System Reliability
Data,” unless otherwise agreed to by the Balancing Authorities and Transmission Operators
with immediate responsibility for operational reliability.

R3.

Each Purchasing-Selling Entity shall provide information as requested by its Host Balancing
Authorities and Transmission Operators to enable them to conduct operational reliability
assessments and coordinate reliable operations.

C. Measures
M1. Evidence that the Balancing Authority, Transmission Operator, and Purchasing-Selling Entity
is providing the information required, within the time intervals specified, and in a format
agreed upon by the requesting entities.
D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Self-Certification: Entities shall annually self-certify compliance to the measures as
required by its Regional Reliability Organization.
Exception Reporting: Each Region shall report compliance and violations to NERC via
the NERC compliance reporting process.

Page 1 of 8

Standard TOP-005-2a — Operational Reliability Information
1.2. Compliance Monitoring Period and Reset Time Frame
Periodic Review: Entities will be selected for operational reviews at least every three
years. One calendar year without a violation from the time of the violation.
1.3. Data Retention
Not specified.
1.4. Additional Compliance Information
Not specified.

Page 2 of 8

Standard TOP-005-2a — Operational Reliability Information
2.

Violation Severity Levels:
R#

Lower

Moderate

High

Severe

N/A

The ISN data recipient failed to
sign the NERC Confidentiality
Agreement for “Electric System
Reliability Data”.

The responsible entity failed to
provide any of the data
requested by other Balancing
Authorities or Transmission
Operators.

N/A

The responsible entity failed to
provide all of the data
requested by its host Balancing
Authority or Transmission
Operator.

The responsible entity failed to
provide any of the data
requested by other Balancing
Authorities or Transmission
Operators.

N/A

The responsible entity failed to
provide all of the data
requested by its host Balancing
Authority or Transmission
Operator.

Page 3 of 8

Standard TOP-005-2a — Operational Reliability Information
E. Regional Variances
None identified.
Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from Effective Date

Errata

Removed the Reliability Coordinator from the
list of responsible functional entities
Deleted R1 and R1.1
Modified M1 to omit the reference to the
Reliability Coordinator
Deleted VSLs for R1 and R1.1

Revised

New

October 17,
2008

Adopted by NERC Board of Trustees

March 23, 2011

Order issued by FERC approving TOP-005-2
(approval effective 5/23/11)

April 21, 2011

Added FERC approved Interpretation

Page 4 of 8

Standard TOP-005-2a — Operational Reliability Information
Attachment 1-TOP-005
Electric System Reliability Data
This Attachment lists the types of data that Balancing Authorities, and Transmission Operators are
expected to share with other Balancing Authorities and Transmission Operators.
1.

The following information shall be updated at least every ten minutes:
1.1. Transmission data. Transmission data for all Interconnections plus all other facilities
considered key, from a reliability standpoint:
1.1.1

Status.

1.1.2

MW or ampere loadings.

1.1.3

MVA capability.

1.1.4

Transformer tap and phase angle settings.

1.1.5

Key voltages.

1.2. Generator data.
1.2.1

Status.

1.2.2

MW and MVAR capability.

1.2.3

MW and MVAR net output.

1.2.4

Status of automatic voltage control facilities.

1.3. Operating reserve.
1.3.1

MW reserve available within ten minutes.

1.4. Balancing Authority demand.
1.4.1

Instantaneous.

1.5. Interchange.
1.5.1

Instantaneous actual interchange with each Balancing Authority.

1.5.2

Current Interchange Schedules with each Balancing Authority by individual
Interchange Transaction, including Interchange identifiers, and reserve
responsibilities.

1.5.3

Interchange Schedules for the next 24 hours.

1.6. Area Control Error and frequency.

1.6.1

Instantaneous area control error.

1.6.2

Clock hour area control error.

1.6.3

System frequency at one or more locations in the Balancing Authority.

Other operating information updated as soon as available.
2.1. Interconnection Reliability Operating Limits and System Operating Limits in effect.
2.2. Forecast of operating reserve at peak, and time of peak for current day and next day.
2.3. Forecast peak demand for current day and next day.
2.4. Forecast changes in equipment status.

Page 5 of 8

Standard TOP-005-2a — Operational Reliability Information
2.5. New facilities in place.
2.6. New or degraded special protection systems.
2.7. Emergency operating procedures in effect.
2.8. Severe weather, fire, or earthquake.
2.9. Multi-site sabotage.

Page 6 of 8

Standard TOP-005-2a — Operational Reliability Information
Appendix 2

Requirement Number and Text of Requirement
TOP-005-1 Requirement R3 1
Upon request, each Balancing Authority and Transmission Operator shall provide to other Balancing
Authorities and Transmission Operators with immediate responsibility for operational reliability, the
operating data that are necessary to allow these Balancing Authorities and Transmission Operators to
perform operational reliability assessments and to coordinate reliable operations. Balancing Authorities
and Transmission Operators shall provide the types of data as listed in Attachment 1-TOP-005-0 “Electric
System Reliability Data,” unless otherwise agreed to by the Balancing Authorities and Transmission
Operators with immediate responsibility for operational reliability.
The above-referenced Attachment 1 — TOP-005-0 specifies the following data as item 2.6: New or
degraded special protection systems. [Underline added for emphasis.]
IRO-005-1 Requirement R12
R12. Whenever a Special Protection System that may have an inter-Balancing Authority, or interTransmission Operator impact (e.g., could potentially affect transmission flows resulting in a SOL or
IROL violation) is armed, the Reliability Coordinators shall be aware of the impact of the operation of
that Special Protection System on inter-area flows. The Transmission Operator shall immediately inform
the Reliability Coordinator of the status of the Special Protection System including any degradation or
potential failure to operate as expected. [Underline added for emphasis.]
PRC-012-0 Requirements R1 and R1.3
R1. Each Regional Reliability Organization with a Transmission Owner, Generator Owner, or
Distribution Providers that uses or is planning to use an SPS shall have a documented Regional
Reliability Organization SPS review procedure to ensure that SPSs comply with Regional criteria and
NERC Reliability Standards. The Regional SPS review procedure shall include:
R1.3. Requirements to demonstrate that the SPS shall be designed so that a single SPS
component failure, when the SPS was intended to operate, does not prevent the interconnected
transmission system from meeting the performance requirements defined in Reliability Standards
TPL-001-0, TPL-002-0, and TPL-003-0.
Background Information for Interpretation
The TOP-005-1 standard focuses on two key obligations. The first key obligation (Requirement R1) is a
“responsibility mandate.” Requirement R1 establishes who is responsible for the obligation to provide
operating data “required” by a Reliability Coordinator within the framework of the Reliability
Coordinator requirements defined in the IRO standards. The second key obligation (Requirement R3) is a
“performance mandate.” Requirement R3 defines the obligation to provide data “requested” by other
reliability entities that is needed “to perform assessments and to coordinate operations.”
The Attachment to TOP-005-1 is provided as a guideline of what “can be shared.” The Attachment is not
an obligation of “what must be shared.” Enforceable NERC Requirements must be explicitly contained
within a given Standard’s approved requirements. In this case, the standard only requires data “upon
request.” If a Reliability Coordinator or other reliability entity were to request data such as listed in the
1

In the current version of the Standard (TOP-005-2a), this requirement is R2.

Page 7 of 8

Standard TOP-005-2a — Operational Reliability Information
Attachment, then the entity being asked would be mandated by Requirements R1 and R3 to provide that
data (including item 2.6, whether it is or is not in some undefined “degraded” state).
IRO-002-1 requires the Reliability Coordinator to have processes in place to support its reliability
obligations (Requirement R2). Requirement R4 mandates that the Reliability Coordinator have
communications processes in place to meet its reliability obligations, and Requirement R5 et al mandate
the Reliability Coordinator to have the tools to carry out these reliability obligations.
IRO-003-2 (Requirements R1 and R2) requires the Reliability Coordinator to monitor the state of its
system.
IRO-004-1 requires that the Reliability Coordinator carry out studies to identify Interconnection
Reliability Operating Limits (Requirement R1) and to be aware of system conditions via monitoring tools
and information exchange.
IRO-005-1 mandates that each Reliability Coordinator monitor predefined base conditions (Requirement
R1), collect additional data when operating limits are or may be exceeded (Requirement R3), and identify
actual or potential threats (Requirement R5). The basis for that request is left to each Reliability
Coordinator. The Purpose statement of IRO-005-1 focuses on the Reliability Coordinator’s obligation to
be aware of conditions that may have a “significant” impact upon its area and to communicate that
information to others (Requirements R7 and R9). Please note: it is from this communication that
Transmission Operators and Balancing Authorities would either obtain or would know to ask for SPS
information from another Transmission Operator.
The IRO-005-1 (Requirement R12) standard implies that degraded is a condition that will result in a
failure to operate as designed. If the loss of a communication channel will result in the failure of an SPS
to operate as designed then the Transmission Operator would be mandated to report that information. On
the other hand, if the loss of a communication channel will not result in the failure of the SPS to operate
as designed, then such a condition can be, but is not mandated to be, reported.
Conclusion
The TOP-005-1 standard does not provide, nor does it require, a definition for the term “degraded.”
The IRO-005-1 (R12) standard implies that degraded is a condition that will result in a failure of an SPS
to operate as designed. If the loss of a communication channel will result in the failure of an SPS to
operate as designed, then the Transmission Operator would be mandated to report that information. On
the other hand, if the loss of a communication channel will not result in the failure of the SPS to operate
as designed, then such a condition can be, but is not mandated to be, reported.
To request a formal definition of the term degraded, the Reliability Standards Development Procedure
requires the submittal of a Standards Authorization Request.

Page 8 of 8

WECC Standard VAR-002-WECC-1 — Automatic Voltage Regulators
A. Introduction
1. Title:

Automatic Voltage Regulators (AVR)

2. Number:

VAR-002-WECC-1

3. Purpose:

To ensure that Automatic Voltage Regulators on synchronous generators and
condensers shall be kept in service and controlling voltage.

4. Applicability
4.1. Generator Operators
4.2. Transmission Operators that operate synchronous condensers
4.3. This VAR-002-WECC-1 Standard only applies to synchronous generators and
synchronous condensers that are connected to the Bulk Electric System.
5. Effective Date: On the first day of the first quarter, after applicable regulatory approval.
B. Requirements
R1.

Generator Operators and Transmission Operators shall have AVR in service and in
automatic voltage control mode 98% of all operating hours for synchronous generators or
synchronous condensers. Generator Operators and Transmission Operators may
exclude hours for R1.1 through R1.10 to achieve the 98% requirement. [Violation
Risk Factor: Medium] [Time Horizon: Operations Assessment]
R1.1.

The synchronous generator or synchronous condenser operates for less than five
percent of all hours during any calendar quarter.

R1.2.

Performing maintenance and testing up to a maximum of seven calendar days
per calendar quarter.

R1.3.

AVR exhibits instability due to abnormal system configuration.

R1.4.

Due to component failure, the AVR may be out of service up to 60 consecutive
days for repair per incident.

R1.5.

Due to a component failure, the AVR may be out of service up to one year
provided the Generator Operator or Transmission Operator submits
documentation identifying the need for time to obtain replacement parts and if
required to schedule an outage.

R1.6.

Due to a component failure, the AVR may be out of service up to 24 months
provided the Generator Operator or Transmission Operator submits
documentation identifying the need for time for excitation system replacement
(replace the AVR, limiters, and controls but not necessarily the power source
and power bridge) and to schedule an outage.

R1.7.

The synchronous generator or synchronous condenser has not achieved
Commercial Operation.

R1.8.

The Transmission Operator directs the Generator Operator to operate the
synchronous generator, and the AVR is unavailable for service.

R1.9.

The Reliability Coordinator directs Transmission Operator to operate the
synchronous condenser, and the AVR is unavailable for service.

R1.10. If AVR exhibits instability due to operation of a Load Tap Changer (LTC)
transformer in the area, the Transmission Operator may authorize the Generator
Operator to operate the excitation system in modes other than automatic voltage
control until the system configuration changes.
R2.

Generator Operators and Transmission Operators shall have documentation identifying

Adopted by Board of Trustees: October 29, 2008

WECC Standard VAR-002-WECC-1 — Automatic Voltage Regulators
the number of hours excluded for each requirement in R1.1 through R1.10. [Violation
Risk Factor: Low] [Time Horizon: Operations Assessment]

C. Measures
M1. Generator Operators and Transmission Operators shall provide quarterly reports to the
compliance monitor and have evidence for each synchronous generator and synchronous
condenser of the following:
M1.1

The actual number of hours the synchronous generator or synchronous
condenser was on line.

M1.2

The actual number of hours the AVR was out of service.

M1.3

The AVR in service percentage.

M1.4

If excluding AVR out of service hours as allowed in R1.1 through R1.10,
provide:
M1.4.1 The number of hours excluded, and
M1.4.2 The adjusted AVR in-service percentage.

M2. If excluding hours for R1.1 through R1.10, provide the date of the outage, the number of
hours out of service, and supporting documentation for each requirement that applies.
D. Compliance
1. Compliance Monitoring Process
1.1
1.2

Compliance Monitoring Responsibility
Compliance Enforcement Authority
Compliance Monitoring Period
Compliance Enforcement Authority may use one or more of the following methods
to assess compliance:
- Reports submitted quarterly
- Spot check audits conducted anytime with 30 days notice
- Periodic audit as scheduled by the Compliance Enforcement Authority
- Investigations
- Other methods as provided for in the Compliance Monitoring Enforcement
Program
The Reset Time Frame shall be a calendar quarter.

1.3

Data Retention
The Generator Operators and Transmission Operators shall keep evidence for
Measures M1 and M2 for three years plus current year, or since the last audit,
whichever is longer.

1.4

Additional Compliance Information
1.4.1

The sanctions shall be assessed on a calendar quarter basis.

1.4.2

If any of R1.2 through R1.9 continues from one quarter to another, the
number of days accumulated will be the contiguous calendar days from the
beginning of the incident to the end of the incident. For example, in R1.4
if the 60 day repair period goes beyond the end of a quarter, the repair
period does not reset at the beginning of the next quarter.

Adopted by Board of Trustees: October 29, 2008

WECC Standard VAR-002-WECC-1 — Automatic Voltage Regulators
1.4.3

When calculating the in-service percentages, do not include the time the
AVR is out of service due to R1.1 through R1.10.

1.4.4

The standard shall be applied on a machine-by-machine basis (a
Generator Operator or Transmission Operator can be subject to a separate
sanction for each non-compliant synchronous generator and synchronous
condenser).

2. Violation Severity Levels for R1
2.1. Lower: There shall be a Lower Level of non-compliance if the following condition exists:
2.1.1.

AVR is in service less than 98% but at least 90% or more of all hours during
which the synchronous generating unit or synchronous condenser is on line for
each calendar quarter.

2.2. Moderate: There shall be a Moderate Level of non-compliance if the following condition
exists:
2.2.1.

AVR is in service less than 90% but at least 80% or more of all hours during
which the synchronous generating unit or synchronous condenser is on line for
each calendar quarter.

2.3. High: There shall be a High Level of non-compliance if the following condition exists:
2.3.1.

AVR is in service less than 80% but at least 70% or more of all hours during
which the synchronous generating unit or synchronous condenser is on line for
each calendar quarter.

2.4. Severe: There shall be a Severe Level of non-compliance if the following condition
exists:
2.4.1.

AVR is in service less than 70% of all hours during which the synchronous
generating unit or synchronous condenser is on line for each calendar quarter.

3. Violation Severity Levels for R2
3.1. Lower: There shall be a Lower Level of non-compliance if documentation is incomplete
with any requirement R1.1 through R1.10.
3.2. Moderate: There shall be a Moderate Level of non-compliance if the Generator Operator
does not have documentation to demonstrate compliance with any requirement R1.1
through R1.10.
3.3. High: Not Applicable
3.4. Severe: Not Applicable
E. Regional Differences
Version History — Shows Approval History and Summary of Changes in the Action Field
Version

Date

Action

April 16, 2008

Permanent Replacement Standard for
VAR-STD-002a-1

April 21, 2011

FERC Order issued approving VAR002-WECC-1 (approval effective June
27, 2011)

Adopted by Board of Trustees: October 29, 2008

Change Tracking

WECC Standard VAR-501-WECC-1 — Power System Stabilizer
A. Introduction
1. Title:

Power System Stabilizer (PSS)

2. Number:

VAR-501-WECC-1

3. Purpose:

To ensure that Power System Stabilizers (PSS) on synchronous generators
shall be kept in service.

4. Applicability
4.1. Generator Operators
5. Effective Date: On the first day of the first quarter, after applicable regulatory approval.
B. Requirements
R1.

Generator Operators shall have PSS in service 98% of all operating hours for
synchronous generators equipped with PSS. Generator Operators may exclude hours
for R1.1 through R1.12 to achieve the 98% requirement. [Violation Risk Factor:
Medium] [Time Horizon: Operations Assessment]
R1.1.

The synchronous generator operates for less than five percent of all hours during
any calendar quarter.

R1.2.

Performing maintenance and testing up to a maximum of seven calendar days
per calendar quarter.

R1.3.

PSS exhibits instability due to abnormal system configuration.

R1.4.

Unit is operating in the synchronous condenser mode (very near zero real power
level).

R1.5.

Unit is generating less power than its design limit for effective PSS operation.

R1.6.

Unit is passing through a range of output that is a known “rough zone” (range in
which a hydro unit is experiencing excessive vibration).

R1.7.

The generator AVR is not in service.

R1.8.

Due to component failure, the PSS may be out of service up to 60 consecutive
days for repair per incident.

R1.9.

Due to a component failure, the PSS may be out of service up to one year
provided the Generator Operator submits documentation identifying the need
for time to obtain replacement parts and if required to schedule an outage.

R1.10. Due to a component failure, the PSS may be out of service up to 24 months
provided the Generator Operator submits documentation identifying the need
for time for PSS replacement and to schedule an outage.
R1.11. The synchronous generator has not achieved Commercial Operation.
R1.12. The Transmission Operator directs the Generator Operator to operate the
synchronous generator, and the PSS is unavailable for service.
R2.

Generator Operators shall have documentation identifying the number of hours
excluded for each requirement in R1.1 through R1.12. [Violation Risk Factor:
Low] [Time Horizon: Operations Assessment]

C. Measures
M1. Generators Operators shall provide quarterly reports to the compliance monitor and have
evidence for each synchronous generator of the following:
Adopted by Board of Trustees: October 29, 2008

WECC Standard VAR-501-WECC-1 — Power System Stabilizer
M1.1

The number of hours the synchronous generator was on line.

M1.2

The number of hours the PSS was out of service with generator on line.

M1.3

The PSS in service percentage

M1.4

If excluding PSS out of service hours as allowed in R1.1 through R1.12,
provide:
M1.4.1 The number of hours excluded, and
M1.4.2 The adjusted PSS in-service percentage.

M2. If excluding hours for R1.1 through R1.12, provide:
M2.1

The date of the outage

M2.2

Supporting documentation for each requirement that applies

D. Compliance
1. Compliance Monitoring Process
1.1

Compliance Monitoring Responsibility

1.2

Compliance Enforcement Authority
Compliance Monitoring Period
Compliance Enforcement Authority may use one or more of the following methods
to assess compliance:
- Reports submitted quarterly
- Spot check audits conducted anytime with 30 days notice
- Periodic audit as scheduled by the Compliance Enforcement Authority
- Investigations
- Other methods as provided for in the Compliance Monitoring Enforcement
Program
The Reset Time Frame shall be a calendar quarter.

1.3

Data Retention
The Generator Operators shall keep evidence for Measures M1 and M2 for three
years plus current year, or since the last audit, whichever is longer.

1.4

Additional Compliance Information
1.4.1

The sanctions shall be assessed on a calendar quarter basis.

1.4.2

If any of R1.2 through R1.12 continues from one quarter to another, the
number of days accumulated will be the contiguous calendar days from the
beginning of the incident to the end of the incident. For example, in R1.8
if the 60 day repair period goes beyond the end of a quarter, the repair
period does not reset at the beginning of the next quarter.

1.4.3

When calculating the adjusted in-service percentage, the PSS out of service
hours do not include the time associated with R1.1 through R1.12.

1.4.4

The standard shall be applied on a generating unit by generating unit basis
(a Generator Operator can be subject to a separate sanction for each noncompliant synchronous generating unit or to a single sanction for multiple
machines that operate as one unit).

Adopted by Board of Trustees: October 29, 2008

WECC Standard VAR-501-WECC-1 — Power System Stabilizer

2. Violation Severity Levels
2.1. Lower: There shall be a Lower Level of non-compliance if the following condition exists:
2.1.1.

PSS is in service less than 98% but at least 90% or more of all hours during
which the synchronous generating unit is on line for each calendar quarter.

2.2. Moderate: There shall be a Moderate Level of non-compliance if the following condition
exists:
2.2.1.

PSS is in service less than 90% but at least 80% or more of all hours during which
the synchronous generating unit is on line for each calendar quarter.

2.3. High: There shall be a High Level of non-compliance if the following condition exists:
2.3.1.

PSS is in service less than 80% but at least 70% or more of all hours during which
the synchronous generating unit is on line for each calendar quarter.

2.4. Severe: There shall be a Severe Level of non-compliance if the following condition
exists:
2.4.1.

PSS is in service less than 70% of all hours during which the synchronous
generating unit is on line for each calendar quarter.

3. Violation Severity Levels for R2
3.1. Lower: There shall be a Lower Level of non-compliance if documentation is incomplete
with any requirement R1.1 through R1.12.
3.2. Moderate: There shall be a Moderate Level of non-compliance if the Generator Operator
does not have documentation to demonstrate compliance with any requirement R1.1
through R1.12.
3.3. High: Not Applicable
3.4. Severe: Not Applicable
E. Regional Differences
Version History — Shows Approval History and Summary of Changes in the Action Field
Version

Date

Action

April 16, 2008

Permanent Replacement Standard for
VAR-STD-002b-1

April 21, 2011

FERC Order issued approving VAR501-WECC-1 (approval effective June
27, 2011)

Adopted by Board of Trustees: October 29, 2008

Change Tracking

Proposed Requirements for Retirement in Phase 1 of Project 2013‐02: Paragraph 81

Standard

Requirement
Name

BAL‐005‐0.1b

R2.

CIP‐001‐2a

R4.

CIP‐003‐3

R1.2.

CIP‐003‐3

R3.

CIP‐003‐3

R3.1.

CIP‐003‐3

R3.2.

CIP‐003‐3

R3.3.

CIP‐003‐3

R4.2.

CIP‐003‐4

R1.2.

CIP‐003‐4

R3.

CIP‐003‐4

R3.1.

CIP‐003‐4

R3.2.

CIP‐003‐4

R3.3.

CIP‐003‐4

R4.2.

Requirement Text
Each Balancing Authority shall maintain Regulating Reserve that can be controlled by AGC to meet the Control
Performance Standard.
Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator, and Load
Serving Entity shall establish communications contacts, as applicable, with local Federal Bureau of
Investigation (FBI) or Royal Canadian Mounted Police (RCMP) officials and develop reporting procedures as
appropriate to their circumstances.
The cyber security policy is readily available to all personnel who have access to, or are responsible for,
Critical Cyber Assets.
Exceptions — Instances where the Responsible Entity cannot conform to its cyber security policy must be
documented as exceptions and authorized by the senior manager or delegate(s).
Exceptions to the Responsible Entity’s cyber security policy must be documented within thirty days of being
approved by the senior manager or delegate(s).
Documented exceptions to the cyber security policy must include an explanation as to why the exception is
necessary and any compensating measures.
Authorized exceptions to the cyber security policy must be reviewed and approved annually by the senior
manager or delegate(s) to ensure the exceptions are still required and valid. Such review and approval shall
be documented.
The Responsible Entity shall classify information to be protected under this program based on the sensitivity
of the Critical Cyber Asset information.
The cyber security policy is readily available to all personnel who have access to, or are responsible for,
Critical Cyber Assets.
Exceptions — Instances where the Responsible Entity cannot conform to its cyber security policy must be
documented as exceptions and authorized by the senior manager or delegate(s).
Exceptions to the Responsible Entity’s cyber security policy must be documented within thirty days of being
approved by the senior manager or delegate(s).
Documented exceptions to the cyber security policy must include an explanation as to why the exception is
necessary and any compensating measures.
Authorized exceptions to the cyber security policy must be reviewed and approved annually by the senior
manager or delegate(s) to ensure the exceptions are still required and valid. Such review and approval shall
be documented.
The Responsible Entity shall classify information to be protected under this program based on the sensitivity
of the Critical Cyber Asset information.

Page 1 of 8

Proposed Requirements for Retirement in Phase 1 of Project 2013‐02: Paragraph 81

Standard

Requirement
Name

CIP‐005‐3a

R2.6.

CIP‐005‐4a

R2.6.

CIP‐007‐3

R7.3.

CIP‐007‐4

R7.3.

COM‐001‐1.1

R6.

EOP‐004‐1

R1.

EOP‐005‐2

R3.1.

EOP‐009‐0

R2.

FAC‐002‐1
FAC‐008‐1

R2.
R1.3.5.

FAC‐008‐1

R2.

Requirement Text
Appropriate Use Banner —Where technically feasible, electronic access control devices shall display an
appropriate use banner on the user screen upon all interactive access attempts. The Responsible Entity shall
maintain a document identifying the content of the banner.
Appropriate Use Banner —Where technically feasible, electronic access control devices shall display an
appropriate use banner on the user screen upon all interactive access attempts. The Responsible Entity shall
maintain a document identifying the content of the banner.
The Responsible Entity shall maintain records that such assets were disposed of or redeployed in accordance
with documented procedures.
The Responsible Entity shall maintain records that such assets were disposed of or redeployed in accordance
with documented procedures.
Each NERCNet User Organization shall adhere to the requirements in Attachment 1‐COM‐001, “NERCNet
Security Policy.”
Each Regional Reliability Organization shall establish and maintain a Regional reporting procedure to facilitate
preparation of preliminary and final disturbance reports.
If there are no changes to the previously submitted restoration plan, the Transmission Operator shall confirm
annually on a predetermined schedule to its Reliability Coordinator that it has reviewed its restoration plan
and no changes were necessary.
The Generator Owner or Generator Operator shall provide documentation of the test results of the startup
and operation of each blackstart generating unit to the Regional Reliability Organizations and upon request to
NERC.
The Planning Authority, Transmission Planner, Generator Owner, Transmission Owner, Load‐Serving Entity,
and Distribution Provider shall each retain its documentation (of its evaluation of the reliability impact of the
new facilities and their connections on the interconnected transmission systems) for three years and shall
provide the documentation to the Regional Reliability Organization(s) and NERC on request (within 30
calendar days).
Other assumptions.
The Transmission Owner and Generator Owner shall each make its Facility Ratings Methodology available for
inspection and technical review by those Reliability Coordinators, Transmission Operators, Transmission
Planners, and Planning Authorities that have responsibility for the area in which the associated Facilities are
located, within 15 business days of receipt of a request.

Page 2 of 8

Proposed Requirements for Retirement in Phase 1 of Project 2013‐02: Paragraph 81

Standard

FAC‐008‐1

FAC‐008‐3

Requirement
Name

Requirement Text

R3.

R4.

Each Transmission Owner shall make its Facility Ratings methodology and each Generator Owner shall each
make its documentation for determining its Facility Ratings and its Facility Ratings methodology available for
inspection and technical review by those Reliability Coordinators, Transmission Operators, Transmission
Planners and Planning Coordinators that have responsibility for the area in which the associated Facilities are
located, within 21 calendar days of receipt of a request.

FAC‐008‐3

R5.

FAC‐013‐2
INT‐007‐1

R3.
R1.2.

IRO‐016‐1

R2.

If a Reliability Coordinator, Transmission Operator, Transmission Planner or Planning Coordinator provides
documented comments on its technical review of a Transmission Owner’s Facility Ratings methodology or
Generator Owner’s documentation for determining its Facility Ratings and its Facility Rating methodology, the
Transmission Owner or Generator Owner shall provide a response to that commenting entity within 45
calendar days of receipt of those comments. The response shall indicate whether a change will be made to
the Facility Ratings methodology and, if no change will be made to that Facility Ratings methodology, the
reason why.
If a recipient of the Transfer Capability methodology provides documented concerns with the methodology,
the Planning Coordinator shall provide a documented response to that recipient within 45 calendar days of
receipt of those comments. The response shall indicate whether a change will be made to the Transfer
Capability methodology and, if no change will be made to that Transfer Capability methodology, the reason
why.
All reliability entities involved in the Arranged Interchange are currently in the NERC registry.
The Reliability Coordinator shall document (via operator logs or other data sources) its actions taken for
either the event or for the disagreement on the problem(s) or for both.

R1.

The Transmission Service Provider that maintains CBM shall prepare and keep current a “Capacity Benefit
Margin Implementation Document” (CBMID) that includes, at a minimum, the following information:

MOD‐004‐1

Page 3 of 8

Proposed Requirements for Retirement in Phase 1 of Project 2013‐02: Paragraph 81

Standard

Requirement
Name

MOD‐004‐1

R1.1.

MOD‐004‐1

R1.2.

MOD‐004‐1

R1.3.

Requirement Text
The process through which a Load‐Serving Entity within a Balancing Authority Area associated with the
Transmission Service Provider, or the Resource Planner associated with that Balancing Authority Area, may
ensure that its need for Transmission capacity to be set aside as CBM will be reviewed and accommodated by
the Transmission Service Provider to the extent Transmission capacity is available.
The procedure and assumptions for establishing CBM for each Available Transfer Capability (ATC) Path or
Flowgate.
The procedure for a Load‐Serving Entity or Balancing Authority to use Transmission capacity set aside as CBM,
including the manner in which the Transmission Service Provider will manage situations where the requested
use of CBM exceeds the amount of CBM available.

MOD‐004‐1

R10.

MOD‐004‐1

R11.

The Load‐Serving Entity or Balancing Authority shall request to import energy over firm Transfer Capability
set aside as CBM only when experiencing a declared NERC Energy Emergency Alert (EEA) 2 or higher.
When reviewing an Arranged Interchange using CBM, all Balancing Authorities and Transmission Service
Providers shall waive, within the bounds of reliable operation, any Real‐time timing and ramping
requirements.

MOD‐004‐1
MOD‐004‐1
MOD‐004‐1

R12.
R12.1.
R12.2.

The Transmission Service Provider that maintains CBM shall approve, within the bounds of reliable operation,
any Arranged Interchange using CBM that is submitted by an “energy deficient entity” under an EEA 2 if:
The CBM is available
The EEA 2 is declared within the Balancing Authority Area of the “energy deficient entity,” and

MOD‐004‐1

R12.3.

MOD‐004‐1

R2.

MOD‐004‐1

R3.

The Load of the “energy deficient entity” is located within the Transmission Service Provider’s area.
The Transmission Service Provider that maintains CBM shall make available its current CBMID to the
Transmission Operators, Transmission Service Providers, Reliability Coordinators, Transmission Planners,
Resource Planners, and Planning Coordinators that are within or adjacent to the Transmission Service
Provider’s area, and to the Load Serving Entities and Balancing Authorities within the Transmission Service
Provider’s area, and notify those entities of any changes to the CBMID prior to the effective date of the
change.
Each Load‐Serving Entity determining the need for Transmission capacity to be set aside as CBM for imports
into a Balancing Authority Area shall determine that need by:

Page 4 of 8

Proposed Requirements for Retirement in Phase 1 of Project 2013‐02: Paragraph 81

Standard

Requirement
Name

Requirement Text

MOD‐004‐1
MOD‐004‐1

R3.1.
R3.2.

MOD‐004‐1

R4.

Using one or more of the following to determine the GCIR: Loss of Load Expectation (LOLE) studies; Loss of
Load Probability (LOLP) studies; Deterministic risk‐analysis studies; Reserve margin or resource adequacy
requirements established by other entities, such as municipalities, state commissions, regional transmission
organizations, independent system operators, Regional Reliability Organizations, or regional entities
Identifying expected import path(s) or source region(s).
Each Resource Planner determining the need for Transmission capacity to be set aside as CBM for imports
into a Balancing Authority Area shall determine that need by:

R4.1.
R4.2.

R5.

At least every 13 months, the Transmission Service Provider that maintains CBM shall establish a CBM value
for each ATC Path or Flowgate to be used for ATC or Available Flowgate Capability (AFC) calculations during
the 13 full calendar months (months 2‐14) following the current month (the month in which the Transmission
Service Provider is establishing the CBM values). This value shall:

R5.1.

R5.2.

Be allocated as follows: For ATC Paths, based on the expected import paths or source regions provided by
Load‐Serving Entities or Resource Planners; For Flowgates, based on the expected import paths or source
regions provided by Load‐Serving Entities or Resource Planners and the distribution factors associated with
those paths or regions, as determined by the Transmission Service Provider

MOD‐004‐1
MOD‐004‐1

MOD‐004‐1

Page 5 of 8

Proposed Requirements for Retirement in Phase 1 of Project 2013‐02: Paragraph 81

Standard

MOD‐004‐1

Requirement
Name

Requirement Text

R6.

At least every 13 months, the Transmission Planner shall establish a CBM value for each ATC Path or Flowgate
to be used in planning during each of the full calendar years two through ten following the current year (the
year in which the Transmission Planner is establishing the CBM values). This value shall:

R6.1.

R6.2.

MOD‐004‐1

R7.

MOD‐004‐1

R8.

Less than 31 calendar days after the establishment of CBM, the Transmission Service Provider that maintains
CBM shall notify all the Load‐Serving Entities and Resource Planners that determined they had a need for
CBM on the Transmission Service Provider’s system of the amount of CBM set aside.
Less than 31 calendar days after the establishment of CBM, the Transmission Planner shall notify all the Load‐
Serving Entities and Resource Planners that determined they had a need for CBM on the system being
planned by the Transmission Planner of the amount of CBM set aside.

MOD‐004‐1

R9.

The Transmission Service Provider that maintains CBM and the Transmission Planner shall each provide
(subject to confidentiality and security requirements) copies of the applicable supporting data, including any
models, used for determining CBM or allocating CBM over each ATC Path or Flowgate to the following:

MOD‐004‐1

R9.1.

MOD‐004‐1
NUC‐001‐2

R9.2.
R9.1.

Each of its associated Transmission Operators within 30 calendar days of their making a request for the data.
To any Transmission Service Provider, Reliability Coordinator, Transmission Planner, Resource Planner, or
Planning Coordinator within 30 calendar days of their making a request for the data.
Administrative elements:

Page 6 of 8

Proposed Requirements for Retirement in Phase 1 of Project 2013‐02: Paragraph 81

Standard
NUC‐001‐2

Requirement
Name
Requirement Text
R9.1.1.
Definitions of key terms used in the agreement.

NUC‐001‐2
NUC‐001‐2
NUC‐001‐2

R9.1.2.
R9.1.3.
R9.1.4.

PRC‐008‐0

R1.

PRC‐008‐0

R2.

PRC‐009‐0
PRC‐009‐0
PRC‐009‐0
PRC‐009‐0
PRC‐009‐0

R1.
R1.1.
R1.2.
R1.3.
R1.4.

PRC‐009‐0

R2.

PRC‐010‐0

R2.

Names of the responsible entities, organizational relationships, and responsibilities related to the NPIRs.
A requirement to review the agreement(s) at least every three years.
A dispute resolution mechanism.
The Transmission Owner and Distribution Provider with a UFLS program (as required by its Regional Reliability
Organization) shall have a UFLS equipment maintenance and testing program in place. This UFLS equipment
maintenance and testing program shall include UFLS equipment identification, the schedule for UFLS
equipment testing, and the schedule for UFLS equipment maintenance.
The Transmission Owner and Distribution Provider with a UFLS program (as required by its Regional Reliability
Organization) shall implement its UFLS equipment maintenance and testing program and shall provide UFLS
maintenance and testing program results to its Regional Reliability Organization and NERC on request (within
30 calendar days).
The Transmission Owner, Transmission Operator, Load‐Serving Entity and Distribution Provider that owns or
operates a UFLS program (as required by its Regional Reliability Organization) shall analyze and document its
UFLS program performance in accordance with its Regional Reliability Organization’s UFLS program. The
analysis shall address the performance of UFLS equipment and program effectiveness following system
events resulting in system frequency excursions below the initializing set points of the UFLS program. The
analysis shall include, but not be limited to:
A description of the event including initiating conditions.
A review of the UFLS set points and tripping times.
A simulation of the event.
A summary of the findings.
The Transmission Owner, Transmission Operator, Load‐Serving Entity, and Distribution Provider that owns or
operates a UFLS program (as required by its Regional Reliability Organization) shall provide documentation of
the analysis of the UFLS program to its Regional Reliability Organization and NERC on request 90 calendar
days after the system event.
The Load‐Serving Entity, Transmission Owner, Transmission Operator, and Distribution Provider that owns or
operates a UVLS program shall provide documentation of its current UVLS program assessment to its
Regional Reliability Organization and NERC on request (30 calendar days).

Page 7 of 8

Proposed Requirements for Retirement in Phase 1 of Project 2013‐02: Paragraph 81

Standard

PRC‐022‐1

Requirement
Name

R2.

TOP‐001‐1a

R3.

TOP‐005‐2a

R1.

VAR‐002‐WECC‐1

R2.

VAR‐501‐WECC‐1

R2.

Requirement Text
Each Transmission Operator, Load‐Serving Entity, and Distribution Provider that operates a UVLS program
shall provide documentation of its analysis of UVLS program performance to its Regional Reliability
Organization within 90 calendar days of a request.
Each Transmission Operator, Balancing Authority, and Generator Operator shall comply with reliability
directives issued by the Reliability Coordinator, and each Balancing Authority and Generator Operator shall
comply with reliability directives issued by the Transmission Operator, unless such actions would violate
safety, equipment, regulatory or statutory requirements. Under these circumstances the Transmission
Operator, Balancing Authority or Generator Operator shall immediately inform the Reliability Coordinator or
Transmission Operator of the inability to perform the directive so that the Reliability Coordinator or
Transmission Operator can implement alternate remedial actions.
As a condition of receiving data from the Interregional Security Network (ISN), each ISN data recipient shall
sign the NERC Confidentiality Agreement for “Electric System Reliability Data.”
Generator Operators and Transmission Operators shall have documentation identifying the number of hours
excluded for each requirement in R1.1 through R1.10.
Generator Operators shall have documentation identifying the number of hours excluded for each
requirement in R1.1 through R1.12.

Page 8 of 8

Project 2013-02 Retirement of Reliability Standard
Requirements
Unofficial Comment Form for Paragraph 81 (P81) Project —Retirement of Reliability Standard
Requirements
This form is provided in a Word format for the development of your internal drafts only.
Please use the electronic comment form located at the link below to submit official comments on the
P81 Project. Comments must be submitted by September 4, 2012. If you have questions, please
contact Kristin Iwanechko at [email protected] or by telephone at 404‐446‐9736.
http://www.nerc.com/filez/standards/Project2013‐02_Paragraph_81.html
Background Information:
On September 30, 2011, the North American Electric Reliability Corporation (NERC) filed a petition with
the Federal Energy Regulatory Commission (FERC) requesting approval of its proposal to make
informational filings in a “Find, Fix, Track and Report” (FFT) spreadsheet of lesser‐risk, remediated
possible violations of Reliability Standards. On March 15, 2012, the FERC issued an order conditionally
accepting NERC’s FFT proposal. In paragraph 81 (P81) of that order, the FERC also that stated:
The Commission notes that NERC’s FFT initiative is predicated on the view that
many violations of requirements currently included in Reliability Standards pose lesser
risk to the Bulk‐Power System. If so, some current requirements likely provide little
protection for Bulk‐Power System reliability or may be redundant. The Commission is
interested in obtaining views on whether such requirements could be removed from the
Reliability Standards with little effect on reliability and an increase in efficiency of the
ERO compliance program. If NERC believes that specific Reliability Standards or
specific requirements within certain Standards should be revised or removed, we invite
NERC to make specific proposals to the Commission identifying the Standards or
requirements and setting forth in detail the technical basis for its belief. In addition, or in
the alternative, we invite NERC, the Regional Entities and other interested entities to
propose appropriate mechanisms to identify and remove from the Commission‐approved

Reliability Standards unnecessary or redundant requirements. We will not impose a
deadline on when these comments should be submitted, but ask that to the extent such
comments are submitted NERC, the Regional Entities, and interested entities coordinate
to submit their respective comments concurrently.
North American Electric Reliability Corporation, 138 FERC ¶ 61,193 at p 81 (March 15, 2012) (“P81”).
Consistent with P81, a draft Standards Authorization Request (SAR) was drafted to set forth criteria
and a process to identify Reliability Standard requirements that either: (a) provide little protection to
the Bulk Electric System; (b) are unnecessary or (c) are redundant; and, thereafter, to have NERC file
the identified Reliability Standard requirements with FERC to have them removed from the FERC‐
approved list of Reliability Standards.
Standards Process Input Group (SPIG)
In addition to addressing P81, the draft SAR was drafted consistent with what the SPIG developed as
Recommendation No. 4, as set forth in NERC’s Recommendations to Improve The Standards
Development Process on page 12 (April 2012), which states:
Recommendation 4: Standards Product Issues — The NERC board is encouraged to require that the
standards development process address: . . . The retirement of standards no longer needed to meet an
adequate level of reliability.
Collaborative Process
The draft SAR and the suggested list of Reliability Standard requirements embedded in the SAR for
consideration in the Initial Phase are the product of collaborative discussions among the following
entities and their members: Edison Electric Institute, American Public Power Association, National
Rural Electric Cooperative Association, Large Public Power Council, Electricity Consumers Resource
Council, The Electric Power Supply Association, Transmission Access Policy Study Group, the North
American Electric Reliability Corporation, and the Regional Entity Management Group.
It is hoped the time, effort and resources dedicated to the collaborative discussions have resulted in a
reasonable SAR and an appropriately‐scoped list of Reliability Standard requirements for the Initial
Phase. It is also noted the statements accompanying each of the identified Reliability Standard
requirements are the beginning of, and not necessarily a complete technical justification for,
retirement of the requirements. It is also understood that the P81 Standards Drafting Team will need
to coordinate discussions with other active Standard Drafting Teams concerning the retirement of
certain Reliability Standard requirements.

Unofficial Comment Form (Standard) Project 2013-02

To obtain input on the draft SAR, the P81 Standards Drafting Team is posting the draft SAR for
stakeholder comment for a 30‐day comment period. Accordingly, it is requested that you submit your
comments by September 4, 2012 via the electronic comment form.
Questions
1. Do you agree with the criteria listed in the SAR to identify Reliability Standard requirements for
retirement?
If not, please explain in the comment area.
Yes
No
Comments:

2. The Initial Phase of the P81 project is designed to identify all FERC‐approved Reliability Standard
requirements that easily satisfy the criteria. Do you agree that the suggested list of Reliability
Standard requirements included in the draft SAR easily satisfy the criteria listed in the draft SAR?
If you disagree, please provide a statement supporting what Reliability Standard requirements
you would add or subtract from the Initial Phase, including a citation to at least one element of
Criterion B, as applicable.
Yes
No
Comments:

3. The subsequent phases of the P81 project are designed to identify all FERC‐approved Reliability
Standard requirements that could not be included in the Initial Phase due to the need for
additional analysis or an editing of language. Please list any Reliability Standard requirements
that you believe should be revised or retired in a subsequent phase, and include a brief
supporting statement and citation to at least one element of Criterion B for each requirement
listed.
Comments:

4. If you have any other comments or suggestions on the draft SAR that you have not already
provided in response to the previous questions, please provide them here.
Comments:

Unofficial Comment Form (Standard) Project 2013-02

Standards Announcement
Project 2013-02 Paragraph 81

Informal Comment Period Now Open: August 3 – September 4, 2012
Now Available

The Standards Committee has authorized posting of this draft Standards Authorization Request (SAR)
for stakeholder input for 30 days.
Instructions

An informal comment period is open through 8 p.m. Eastern on Monday, September 4, 2012. Please
use this electronic form to submit comments. If you experience any difficulties in using the electronic
form, please contact Monica Benson at [email protected]. An off-line, unofficial copy of the
comment form is posted on the project page.
Next Steps

A webinar on the draft SAR will be conducted on August 21, 2012 from 2-3 p.m. Eastern and will be
announced in a separate email with the registration link.
The drafting team will review the comments and determine whether to revise the SAR before
proceeding with Phase 1 of the project. The drafting team will post a summary of its responses to
comments received during this informal comment period.
Background

On March 15, 2012, the Federal Energy Regulatory Commission (FERC) issued an order on NERC’s Find,
Fix and Track process that stated the following in Paragraph 81:
“The Commission notes that NERC’s FFT initiative is predicated on the view that many violations
of requirements currently included in Reliability Standards pose lesser risk to the Bulk-Power
System. If so, some current requirements likely provide little protection for Bulk-Power System
reliability or may be redundant. The Commission is interested in obtaining views on whether such
requirements could be removed from the Reliability Standards with little effect on reliability and
an increase in efficiency of the ERO compliance program. If NERC believes that specific Reliability
Standards or specific requirements within certain Standards should be revised or removed, we
invite NERC to make specific proposals to the Commission identifying the Standards or
requirements and setting forth in detail the technical basis for its belief. In addition, or in the
alternative, we invite NERC, the Regional Entities and other interested entities to propose
appropriate mechanisms to identify and remove from the Commission-approved Reliability
Standards unnecessary or redundant requirements. We will not impose a deadline on when

these comments should be submitted, but ask that to the extent such comments are submitted
NERC, the Regional Entities, and interested entities coordinate to submit their respective
comments concurrently.”
The purpose of the project is to retire or modify FERC-approved Reliability Standard requirements that
as FERC noted, “provide little protection to the reliable operations of the BES,” are redundant or
unnecessary, or to retire or modify a FERC-approved Reliability Standard requirement to increase the
efficiency of the ERO’s compliance programs. The draft SAR identifies criteria for retiring or modifying
requirements, defines phases for the project, and includes a suggested list of requirements put
together by NERC, the regions, and the trades and their member companies for consideration in Phase
1. The suggested list includes requirements in 28 Reliability Standards. Phase 1 identifies Reliability
Standard requirements that clearly meet the criteria set forth in the SAR and are believed to not
require extensive technical research. Subsequent phases of the project will address Reliability
Standard requirements that need additional technical research before retirement or modification.
To sign up for the plus list for this project to follow along with meetings and work products, please
email Kristin Iwanechko.
Standards Development Process

The Standards Processes Manual contains all the procedures governing the standards development
process. The success of the NERC standards development process depends on stakeholder
participation. We extend our thanks to all those who participate.

For more information or assistance, please contact Monica Benson,
Standards Process Administrator, at [email protected] or at 404-446-2560.
North American Electric Reliability Corporation
3353 Peachtree Rd, NE

Suite 600, North Tower
Atlanta, GA 30326
404-446-2560 | www.nerc.com

Standards Announcement - Project 2013-02

Name (29 Responses)
Organization (29 Responses)
Group Name (14 Responses)
Lead Contact (14 Responses)
Contact Organization (14 Responses)
Question 1 (43 Responses)
Question 1 Comments (43 Responses)
Question 2 (43 Responses)
Question 2 Comments (43 Responses)
Question 3 (0 Responses)
Question 3 Comments (43 Responses)
Question 4 (0 Responses)
Question 4 Comments (43 Responses)

Group
Northeast Power Coordinating Council
Lee Pedowicz
Northeast Power Coordinating Council
Yes
NPCC participating members support the P81 initiative and agree with the criteria listed in the SAR to
identify Reliability Standard requirements for retirement. The criteria are also consistent with FERC’s
guidance in Paragraph 81 of the FFT Order. With respect to the words in Criterion A wording, it could
be interpreted as an indication that the original reliability standard requirement was a mistake.
Suggest the SDT consider alternative wording to indicate that the experience with the requirement,
over time, has proven not to be useful to accomplish its initially intended reliability objective, or has
not produced clear results for the initially intended reliability objective. Criterion A, and Technical
Criteria B9 “Little, if any, value as a reliability requirement” are redundant.
No
From page 25 of the SAR, “Since PRC-008-0 R1; PRC-008-0 R2; PRC-009-0 R1; PRC-009-0 R1.1;
PRC-009-0 R1.2; PRC-009-0 R1.3; PRC-009-0 R1.4; PRC-009-0 R2; PRC-010-0 R2; PRC-022-1 R2
provides little protection to the BES and better handled under event analysis and lessons learned
papers, it should be removed.” is not valid due to that fact that as of this posting the Event Analysis
Program (EAP) has not become part of the RoP and is therefore a voluntary program. The
requirements that are covered by these standards are mandatory cannot be replaced by a voluntary
program. Refer to the following: Additionally, the EAP process is an after-the-fact Analysis of an event
or events. These standard requirements (PRC-008-0 R1; PRC-008-0 R2; PRC-009-0 R1; PRC-009-0
R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC-009-0 R1.4; PRC-009-0 R2; PRC-010-0 R2; PRC-022-1
R2) address different needs which can be determined only if such an event occurs. For example, from
PRC-008-0--“R1. The Transmission Owner and Distribution Provider with a UFLS program (as required
by its Regional Reliability Organization) shall have a UFLS equipment maintenance and testing
program in place. This UFLS equipment maintenance and testing program shall include UFLS
equipment identification, the schedule for UFLS equipment testing, and the schedule for UFLS
equipment maintenance.” This requirement addresses the need to have an equipment maintenance
and testing program in place prior to an event. Discovering that an entity did not have this as a result
of an event analysis would, in this case, be after the damage is done and would not serve reliability.
Analyzing why the UFSL program did not operate properly would come under the purview of the EAP
but that is different from the Standard’s intent. PRC-008-0--“R2. The Transmission Owner and
Distribution Provider with a UFLS program (as required by its Regional Reliability Organization) shall
implement its UFLS equipment maintenance and testing program and shall provide UFLS maintenance
and testing program results to its Regional Reliability Organization and NERC on request (within 30
calendar days).” If the EAP was relied upon to meet this requirement the receipt or confirmation of
this program would only occur after an event. PRC-009-0--“R1. The Transmission Owner,
Transmission Operator, Load-Serving Entity and Distribution Provider that owns or operates a UFLS
program (as required by its Regional Reliability Organization) shall analyze and document its UFLS
program performance in accordance with its Regional Reliability Organization’s UFLS program. The

analysis shall address the performance of UFLS equipment and program effectiveness following
system events resulting in system frequency excursions below the initializing set points of the UFLS
program. The analysis shall include, but not be limited to: R1.1 A description of the event including
initiating conditions. R1.2 A review of the UFLS set points and tripping times. R1.3 A simulation of the
event. R1.4 A summary of the findings." Although this Standard appears that it could be covered
under EAP, it is a highly detailed technical study and needs to be carried out on its own accord. Event
Analysis will focus primarily what caused the event that triggered the UFLS program but not
necessarily the program itself. Because of the importance of the UFLS program to the reliability of the
system, its performance should not be analyzed only on a voluntary basis and not only by those
entities that actually shed load as a result of the event, but against the whole regional program. PRC009-0--“R2. The Transmission Owner, Transmission Operator, Load-Serving Entity, and Distribution
Provider that owns or operates a UFLS program (as required by its Regional Reliability Organization)
shall provide documentation of the analysis of the UFLS program to its Regional Reliability
Organization and NERC on request 90 calendar days after the system event.” This is administrative,
refer to the response for R1 preceding. PRC-010-0--“R2. The Load-Serving Entity, Transmission
Owner, Transmission Operator, and Distribution Provider that owns or operates a UVLS program shall
provide documentation of its current UVLS program assessment to its Regional Reliability
Organization and NERC on request (30 calendar days).” This should not triggered only after an event,
see preceding response for R1 preceding. PRC-022-1--“R2. Each Transmission Operator, Load-Serving
Entity, and Distribution Provider that operates a UVLS program shall provide documentation of its
analysis of UVLS program performance to its Regional Reliability Organization within 90 calendar days
of a request.” This is the same situation as for the UFLS program. Refer to the responses preceding.
IRO-014-2 --The following requirements in Standard IRO-014-2 are administrative requirements only
and do not enhance reliability, and should be considered for removal in the Initial Phase. “R2. Each
Reliability Coordinator shall maintain its Operating Procedures, Operating Processes, or Operating
Plans identified in Requirement R1 as follows: [Violation Risk Factor: Lower] [Time Horizon: Same
Day Operations and Operations Planning] 2.1. Review and update annually with no more that 15
months between reviews. 2.2. Obtain written agreement from all of the Reliability Coordinators
required to take the indicated action(s) for each update. 2.3. Distribute to all Reliability Coordinators
that are required to take the indicated action(s) within 30 days of an update.” FAC-003-1
Requirements R3, and R4 (shown below) and their sub-requirements are administrative (reporting)
requirements only and do not enhance reliability, and should be considered for removal in the Initial
Phase. R3. The Transmission Owner shall report quarterly to its RRO, or the RRO’s designee,
sustained transmission line outages determined by the Transmission Owner to have been caused by
vegetation. R4. The RRO shall report the outage information provided to it by Transmission Owner’s,
as required by Requirement 3, quarterly to NERC, as well as any actions taken by the RRO as a result
of any of the reported outages. In addition, as shown below, CIP-005-3 R4 and CIP-007-3 R8 are
essentially the same. Suggest to eliminate CIP-005-3 R4 and include assessment of access points in
CIP-007-3 R8. CIP-005-3 R4: "R4. Cyber Vulnerability Assessment — The Responsible Entity shall
perform a cyber vulnerability assessment of the electronic access points to the Electronic Security
Perimeter(s) at least annually. The vulnerability assessment shall include, at a minimum, the
following: R4.1. A document identifying the vulnerability assessment process; R4.2. A review to verify
that only ports and services required for operations at these access points are enabled; R4.3. The
discovery of all access points to the Electronic Security Perimeter; R4.4. A review of controls for
default accounts, passwords, and network management community strings; R4.5. Documentation of
the results of the assessment, the action plan to remediate or mitigate vulnerabilities identified in the
assessment, and the execution status of that action plan." CIP-007-3 R8: "R8. Cyber Vulnerability
Assessment — The Responsible Entity shall perform a cyber vulnerability assessment of all Cyber
Assets within the Electronic Security Perimeter at least annually. The vulnerability assessment shall
include, at a minimum, the following: R8.1 A document identifying the vulnerability assessment
process; R8.2 A review to verify that only ports and services required for operation of the Cyber
Assets within the Electronic Security Perimeter are enabled; R8.3 A review of controls for default
accounts; and, R8.4 Documentation of the results of the assessment, the action plan to remediate or
mitigate vulnerabilities identified in the assessment, and the execution status of that action plan."

Individual

Nazra Gladu
Manitoba Hydro
Yes
The technical criteria B.9, "Little if any, value as a reliability requirement", is very subjective and
should be redefined or clarified.
Yes
The following statement should be removed from the standard as it does not support reliability of the
BES [B8]: FAC-013-2 R5. ‘However, if a functional entity that has a reliability related need for the
results of the annual assessment of the Transfer Capabilities makes a written request for such an
assessment after the completion of the assessment, the Planning Coordinator shall make the
documented Transfer Capability assessment results available to that entity within 45 calendar days of
receipt of the request’ The following statement should be removed from the standard as it does not
support reliability or provide any protection to the BES. [B8]: FAC-013-2 R6. ‘If a recipient of a
documented Transfer Capability assessment requests data to support the assessment results, the
Planning Coordinator shall provide such data to that entity within 45 calendar days of receipt of the
request. The provision of such data shall be subject to the legal and regulatory obligations of the
Planning Coordinator’s area regarding the disclosure of confidential and/or sensitive information’.
It is not clear what will happen in instances where this project proposes to remove a requirement
from a FERC approved Reliability Standard when the NERC BOT has already approved a newer version
of that same standard. Will the newer BOT approved version also be modified if it includes one of the
requirements in question? What if industry has already resolved one of these issues in the next
version of a standard? Shouldn’t we just implement the newer version?
Individual
Scott McGough
Georgia System Operations Corporation
Yes
Georgia System Operations agrees with the criteria listed in the SAR to identify Reliability Standard
requirements for either modification or withdrawal.
Yes
Georgia System Operations agrees with the suggested list of Reliability Standard requirements
contained in the SAR for the Initial Phase of P81.
EOP-002-3, R1 PER-001-0.1, R1 Criteria B7, 9 Statement: reference to BA or RC responsibilities and
authority are within the criteria of NERC's Functional Model and so this is redundant. In addition, it is
understood that these functions are substantial if not paramount for an entity to become certified as
such. FAC-001-0 (all requirements) Criteria B 1, 3 and 6 Statement: The requirement in FAC-001-0 to
document and publish facility connection requirements has no impact on reliability. It is purely a
document that those considering to interconnect with a transmission entity may review as a
reference. All INT standards Criteria B 1, 3 and 6 Statement: Many of the INT Reliability Standard
requirements are very close to duplicative of similar requirements in the BAL Reliability Standards or
address commercial matters. As drafted, the INT Reliability Standards include tasks or activities that
do little, if anything, to promote the protection the Bulk Electric System. Note: INT-007-1 R1.2 is part
of Initial Phase. All data collection requirements CIP-005-3a, 4a R5.3 CIP-006c, -4c R7, R8.3 CIP007-3, -4 R5.1.2; R6.4; R7.3 CIP-008-3, -4 R2 PRC-018-1, R5 Criteria B1,2 and 9 Statement: These
requirements are for data retention and although the need is substancial, i.e. as a sort of forensic
tool, they serve no function to reliability from an immediate time perspective. Standards currently
requiring reporting. Criteria 1, 4 and 9 EOP-002-3 R9.2 EOP-004-1 R3 and its subrequirements; R4
and R5 FAC-003-1 R3; FAC-003-1 R3.1: FAC-003-1 R3.2: FAC-003-1 R3.3: FAC-003-1 R3.4: FAC003-1 R3.4.1: FAC-003-1 R3.4.2: FAC-003-1 R3.4.3: FAC-003-1 R4 FAC-010-2.1 R5 FAC-011-2 R5
FAC-013-2 R6 MOD-012-0 R2 MOD-020-0 R1 MOD-021-1 R3 PRC-004-1a R3: PRC-004-2a R3: PRC004-WECC-1 R.3. PRC-007-0 R2; PRC-007-0 R3; PRC-009-0 R2 PRC-011-0 R2; PRC-015-0 R3; PRC016-0.1 R3; PRC-017-0 R2; PRC-021-1 R2 TPL-001-0.1 R3; TPL-002-0b R3; TPL-003-0a R3; TPL004-0 R2. Statement: These are all reporting requirements; they do not aid reliability from an
immediate time perspective. If the Regional Entity desires to review information for purposes of
monitoring reliability or assessing risk, the information should be collected via vehicles other than the

Reliability Standards. Requirements applied to annual reviews Criteria B1, 2,3 7 and 9 CIP-002-2, -4
R4 CIP-003-3, -4 R1.3; CIP-003-3, -4 R4.3; CIP-003-3, - 4 R5.1.2; CIP-003-3, - 4 R5.3 CIP-006-3c, 4 R1.8 CIP-007-3, -4 R9 CIP-009-3, -4 R1 EOP-005-1 R1; EOP-005-2 R3.1 EOP-008-0 R1.7 EOP-0081 R5 IRO-014-1 R4.3 Statement: These requirements do not closely relate to operations of the Bulk
Electric System. They would be better served as processes expected of entities to manage their
compliance programs and processes. PRC-005-1b, R2 Criteria B4, 9 Statement: This requirement
needs to be revised such that language is elminated as it refers to the entity providing to its RE within
30 days. MOD-016-1.1 and MOD-021-1 (all requirements) Criteria B 9 Statement: MOD-016 through
MOD-021 are all about long term load forecasting and reporting of actual loads. Most of this can be
eliminated from the standards and replaced with a data collection process (e.g., DADS). Loads to be
used in modeling should be incorporated in the data requirements of MOD-010 and MOD-012 and not
a separate standard.
Reliability Standard requirements are those that provide for Reliable Operation, including without
limiting the foregoing, requirements for the operation of existing Facilities, including cyber security
protection, and including the design of planned additions or modifications to such Facilities to the
extent necessary for Reliable Operation. NERC administers other programs, such as industry alerts,
reliability assessments, event and trend analyses, education, and monitoring and enforcing Reliability
Standards. These other programs are designed to work in concert with Reliability Standards to
support reliable operation. NERC requirements relating to administering these other programs are
very important but are not Reliability Standard requirements. One of the criteria for evaluating the
elimination of a Reliability Standard requirement is that it is purely reporting. There are a number of
NERC requirements for these other NERC programs embedded in Reliability Standards. Most of them
are purely reporting. However, to the extent that there may be other requirements for these NERC
programs embedded that are not purely reporting, they should also be considered for elimination.
Reliability Standards by definition are not mechanisms for the administration of those other NERC
programs.
Individual
Ronnie C. Hoeinghaus
City of Garland
Yes
Yes

This is a good start on removing requirements that are either redundant or provide little / no
protection for Bulk-Power System reliability.
Individual
Dan Miller
Entergy Services, Inc.
Yes
Yes
CIP-006 R5 - A revision to the language in CIP-006 R5 is needed in order to require the review and
handling of incidents of unauthorized access (when a door, gate or window has been opened without
authorization), as opposed to what is more accurately characterized as "unsuccessful" access
attempts (e.g. invalid access card swipes). There currently is no definition of "unauthorized access
attempts". The methods to be used for monitoring that are listed in the requirement, however do list:
"Alarm Systems that alarm to indicate a door, gate or window has been opened without
authorization". This method does not indicate that the alarm system must alarm on card swipes that
do not result in the door opening, and be characterized as "Unauthorized Access attempts".
Unsuccessful card swipes at a PSP access point, for example, do not suggest an unauthorized access
attempt. A card swipe can be unsuccessful for a number of reasons, all of which are recorded by the
key card system, such as the use of a deactivated card, an invalid card format, and a card not in the

card file. An unsuccessful card swipe itself is not an indication that a PSP access point was “opened
within authorization” because it does not indicate that the door has been opened in any manner.
However, in the FAQ guidance for the CIP Reliability Standards, NERC acknowledged that Responsible
Entities can consider single failed access attempts such as a single failed log-in not to be suspicious
events requiring a response A single failed card swipe should be treated in the same way. The
rewording of this requirement would address Criteria B-8 - "Hinders the protection or reliable
operation of the BES." Investigating and documenting each unsuccessful card swipe would take a
tremendous amount of time and produce a significant amount of paperwork without providing any
additional physical security. CIP-005 R3 and CIP-006 R5 - Revisions to the wording around the timing
of monitoring both physical and electronic access are needed. CIP-005 R3 - Monitoring Electronic
Access states that "The Responsible Entity shall implement and document an electronic or manual
process(es) for monitoring and logging access at access points to the Electronic Security Perimeter(s)
twenty-four hours a day, seven days a week." and CIP-006 R5 -Monitoring Physical Access stats that
"The Responsible Entity shall document and implement the technical and procedural controls for
monitoring physical access at all access points to the Physical Security Perimeter(s) twenty-four hours
a day, seven days a week. Unauthorized access attempts shall be reviewed immediately and handled
in accordance with the procedures specified in Requirement CIP-008-3. The "twenty-four hours a day,
seven days a week" portion of these requirements provides an unachievable requirement for 100%
uptime for all systems used to monitor such access. The requirement should allow for a resonable
amount of downtime. Either the "twenty-four hours a day, seven days a week" wording in these
requirements could be removed altogether, or alternative langauge, such as requiring "High
Availability" (for example 99.9% uptime) or some other wording that allowed for very small amounts
of downtime that might be required for system reboots or minor maintenance.
For future phases, indutry input should be gathered in a more formal process to allow for suggestions
for re-wording or suggesting additional requirements for removal.
Individual
Michael Falvo
Independent Electricity System Operator
No
(1) The IESO supports this proposed effort and agrees with most of the criteria, with some exceptions
(except #5): “The Reliability Standard requirement requires responsible entities to periodically update
(e.g., annually) documentation, such as a plan, procedure or policy without an operational benefit to
reliability.” Take for example the system restoration plan. An annual review is necessary to ensure
that the plan recognizes BES facility changes that occurred since the last review/update. Another
example is the exceptions to the cyber security policy that needs to be reviewed and approved by the
senior manager or delegate(s) to ensure the exceptions are still required and valid. Applying this
criterion in a broad brush manner without looking at each requirement may result in removing
requirements that are still needed for reliability. (2) Generally, the nine criteria listed in the SAR are
simple and sufficient to be used to determine retirement of reliability standard requirements. It is
recommended that the word “Technical” in the heading of the B section “Technical Criteria” be erased
as the criteria aren’t based on technical data. Also, it is unclear and confusing as to how the section C
“Additional Data and Reference Points” will be used by the drafting team to determine retirement of
reliability standards even though they have satisfied Criteria A and B. Criterion B.9 can potentially be
deleted as its purpose seems to be the duplication of Criterion A. (3) The SAR narrative for TOP-0011a R3 states the requirement is redundant with IRO-001-1a R8. IRO-001-1a does not exist; we
believe, it should be IRO-001-1.1 R8 instead.
No
(1) We generally agree that most of the identified standards/requirements would meet the proposed
criteria. However, as indicated under Q1, we believe that the “annual review” criterion is too broad
which could result in retiring some requirements that are still needed for reliability. In addition, the
acid test for retirement a requirement is when the standard drafting team reviews the overall
reliability impact of removing a particular requirement from a standard, and how it may affect other
related standards. In brief, it is premature to pass on this judgment at the SAR stage. We urge the
SAR proponent to simply suggest that the proposed requirements be considered and evaluated by the
SDT as opposed to making a presumption (and hence setting a high expectation for the industry) that
the proposed list will be retired. And, in order to meet the requirements for regulatory approval, we

suggest the SDT to provide strong technical basis to justify each retirement.
(1) IRO-004-2 R1 could be retired if the wording in IRO-001-1.1 R8 was changed to cover all
operating timeframes (Criterion B7). (2) We do not have any other particular standards/requirements
in mind at this time. However, we will review and propose additional candidates for future phases as
this project gets into the mid or end of Phase I. We believe the industry should focus on the Phase I
effort at this time to gauge the regulator’s and industry’s reaction before marching too far down the
path.
No comments.
Individual
Michelle Clements
Wolverine Power Supply Cooperative, Inc.
Yes
Yes
Wolverine agrees with the list of requirements that the trade associations are submitting. We are a
member of NRECA and agree with their comments.
Individual
Thomas C. Duffy
Central Husdon Gas & Electric Corporation
Yes
Yes

We agree with the criteria as listed, however, we believe that another criterion must be added. This
criterion is that the retirement of a requirement must not create a compliance gap for Entities.
Several of the NERC requirements have been crafted to afford Entities a means to display compliance.
Retirement of these requirements can place an Entity's compliance efforts in jeopardy. A salient
example of this is identified below: Central Hudson Gas & Electric Corporation strongly disagrees with
the inclusion of CIP-003-3, -4 Requirements R3, R3.1, R3.2, R3.3 as candidates for retirement. The
reasons stated in the SAR in favor of inclusion are that these requirements are administrative in
nature and are purely examples of a documentation process. Further it is stated in the SAR that they,
“…. have been subject to misinterpretation, including responsible entities believing they can exempt
themselves from compliance with the CIP requirements.” This last statement is precisely the reason
why the aforementioned requirements were included in the standard. These requirements allow
Registered Entities to, on rare occasions, take an exception to one or several of the CIP requirements
(for a limited period of time) if they (1) have valid cause (major emergency, Force Majeure, etc.), (2)
document the occurrence and (3) are reviewed and approved by the CIP Senior Manager. This
process supports the Registered Entity’s compliance effort and acknowledges the need for special
protocols to address emergency circumstances. Without such a process, the only recourse for the
Registered Entity is to self-report a violation which is not within its control. In other words, retirement
of these requirements would force the Registered Entity to be in full compliance with ALL CIP
Standards ALL the time regardless of circumstance. The concept of 'realistic expectation' was
undoubtedly the reason these requirements were crafted and included in the standard. Further, with
regard to the Registered Entity’s decision to claim an exception, a system of checks and balances
already exists. At the time of a compliance audit of the standard’s requirements, the Regional Entity
reviews and makes a determination as to whether the actions taken by the Registered Entity were
warranted.
Group
SERC EC Planning Standards Subcommittee
Jim Kelley

PowerSouth Energy Cooperative
Yes
Yes

The comments expressed herein represent a consensus of the views of the above-named members of
the SERC EC Planning Standards Subcommittee only and should not be construed as the position of
SERC Reliability Corporation, its board, or its officers.
Individual
John Tolo
Tucson Electric Power
Yes
Yes

I appreciate the fact that there is a review of the NERC Standards as well as a review of the absolute
need for various Standards and/or requirements. I also appreciate that the regulatory bodies are
agreeable to such changes and improvements to the compliance process.
Group
Salt River Project
Bob Steiger
ERC Department of Salt River Project
Yes
We like the criteria and methodology.
Yes
Yes
No additions at this time.
Individual
paul haase
seattle city light
Yes
Seattle City Light
Yes
Seattle City Light
Seattle City Light
Seattle City Light
Individual
Thad Ness
American Electric
Yes

supports the consolidated comments of the industry Trade Organizations.
supports the consolidated comments of the industry Trade Organizations.
supports the consolidated comments of the industry Trade Organizations.
supports the consolidated comments of the industry Trade Organizations.

Power

No
AEP does not disagree with a majority of the requirements proposed by the drafting team, though we
recommend the team reconsider the inclusion of CIP-003 R3 and associated sub-requirements. AEP
recommends instead that CIP-003 R1 be removed in which case CIP-003 R3 (and CIP-003 R2.4) can
also be removed. However, if the drafting team does not agree with this recommendation, CIP-003
R3 must be retained in order for entities to take targeted exception(s) where applicable (for example,

in circumstances where an entity’s program is more stringent than the CIP requirements). AEP would
like the team to consider the following additional Reliability Standard requirements as candidates for
retirement on this initial, or subsequent, request for comment. Standard: PRC-021-1 Requirement:
R2 Requirement Text: Each Transmission Operator and Distribution Provider that owns a UVLS
program shall provide its UVLS program data to the Regional Reliability Organization within 30
calendar days of a request. Criterion: B4,9 Standard: PRC-018-1 Requirement: R5 Requirement Text:
The Transmission Owner and Generator Owner shall each archive all data recorded by DMEs for
Regional Reliability Organization-identified events for at least three years. Criterion: B2 Standard:
PRC-016-0.1 Requirement: R3 Requirement Text: The Transmission Owner, Generator Owner, and
Distribution Provider that owns an SPS shall provide documentation of the misoperation analyses and
the corrective action plans to its Regional Reliability Organization and NERC on request (within 90
calendar days). Criterion: B4 Standard: PRC-015-0 Requirement: R3 Requirement Text: The
Transmission Owner, Generator Owner, and Distribution Provider that owns an SPS shall provide
documentation of SPS data and the results of Studies that show compliance of new or functionally
modified SPSs with NERC Reliability Standards and Regional Reliability Organization criteria to
affected Regional Reliability Organizations and NERC on request (within 30 calendar days). Criterion:
B4 Standard: PRC-011-0 Requirement: R2 Requirement Text: The Transmission Owner and
Distribution Provider that owns a UVLS system shall provide documentation of its UVLS equipment
maintenance and testing program and the implementation of that UVLS equipment maintenance and
testing program to its Regional Reliability Organization and NERC on request (within 30 calendar
days). Criterion: B4 Standard: PRC-007-0 Requirement: R3 Requirement Text: The Transmission
Owner and Distribution Provider that owns a UFLS program (as required by its Regional Reliability
Organization) shall provide its documentation of that UFLS program to its Regional Reliability
Organization on request (30 calendar days). Criterion: B4 Standard: CIP-006 Requirement: R1.5
Requirement Text: Review of access authorization requests and revocation of access authorization, in
accordance with CIP-004-3 Requirement R4. Criterion: B7 Standard: CIP-007 Requirement: R5.1.1
Requirement Text: The Responsible Entity shall ensure that user accounts are implemented as
approved by designated personnel. Refer to Standard CIP-003-3 Requirement R5. Criterion: B7
Standard: CIP-007 Requirement: R5.1.3 Requirement Text: The Responsible Entity shall review, at
least annually, user accounts to verify access privileges are in accordance with Standard CIP-003-3
Requirement R5 and Standard CIP-004-3 Requirement R4. Criterion: B7 Standard: CIP-007
Requirement: R6.3 Requirement Text: The Responsible Entity shall maintain logs of system events
related to cyber security, where technically Feasible, to support incident response as required in
Standard CIP-008-3. Criterion: B7 Standard: CIP-007 Requirement: R6.4 Requirement Text: The
Responsible Entity shall retain all logs specified in Requirement R6 for ninety calendar days. Criterion:
B1, B3 Standard: CIP-003-3, CIP-003-4 Requirement: R1 Requirement Text: Cyber Security Policy —
The Responsible Entity shall document and implement a cyber security policy that represents
management’s commitment and ability to secure its Critical Cyber Assets. The Responsible Entity
shall, at minimum, ensure the following: Criterion: B1, B3, B7, B9 Standard: CIP-003-3, CIP-003-4
Requirement: R1.2 Requirement Text: The cyber security policy is readily available to all personnel
who have access to, or are responsible for, Critical Cyber Assets. Criterion: B1, B3, B7, B9 Standard:
CIP-003-3, CIP-003-4 Requirement: R1.3 Requirement Text: Annual review and approval of the cyber
security policy by the senior manager assigned pursuant to R2. Criterion: B5 Standard: CIP-003-3,
CIP-003-4 Requirement: R2.4 Requirement Text: The senior manager or delegate(s), shall authorize
and document any exception from the requirements of the cyber security policy. Criterion: B7
Comment: Although AEP does not necessarily agree with removal of this requirement (see R3
comment below), R2.4 is redundant with R3.3 (which is being removed) and should probably be
removed along with R3. Standard: CIP-003-3, CIP-003-4 Requirement: R3 (R3.1, R3.2, R3.3)
Requirement Text: Exceptions — Instances where the Responsible Entity cannot conform to its cyber
security policy must be documented as exceptions and authorized by the senior manager or
delegate(s). Criterion: Comment: If R1 is not removed, R3 (or some exception process) is necessary.
For example, if the Cyber Security Policy goes above and beyond the standards, then an exception
may be needed even though the standards are met.
Please see the response to Question #2 for additional Reliability Standard requirements that AEP
would like to be considered as candidates for retirement on this initial, or subsequent, request for
comment.
While AEP supports the efforts of this drafting team, it might have been advantageous to first agree
on the criteria as a first phase, and then once determined, enter a second phase where requirements

were proposed based upon the agreed-upon criteria. This might enable the fast-tracking of the criteria
to be used by other concurrent projects and project teams.
Group
Southwest Power Pool Regional Entity
Emily Pennel
Southwest Power Pool Regional Entity
Yes
No
SPP RE does not agree that PRC-008 R1 and R2 should be retired or that they provide "little
protection to the BES and [are] better handled under event analysis and lessons learned papers".
UFLS equipment maintenance and testing programs ARE important to BES reliability, in a preventative
mode, and are NOT covered under the Event Analysis process. Preventative maintenance is very
important to reliability; without it, events are more likely. Industry should not wait for an event to
happen to collect information and consider maintenance and testing. UFLS is the last line of "defense
in depth protection of the BES" (Criteria C6). SPP RE’s comment follows the discussion around
removing PRC-005 and its relationship to BES reliability. SPP RE does not agree that CIP-007-3 R7.3
should be retired. R7.3 requires the Responsible Entity to maintain records of how data storage media
was erased or destroyed prior to disposal or redeployment of the Cyber Asset (which could be simply
the media previously removed from the Cyber Asset). In the absence of such records, the Responsible
Entity cannot demonstrate compliance with CIP-007-3 R7.1 and CIP-007-3 R7.2, rendering those
requirements not auditable. Elimination of this requirement could also result in a loss of visibility of
Cyber Assets that have been disposed of or redeployed, also hampering the ability of the Responsible
Entity to demonstrate compliance and the Compliance Enforcement Authority to audit compliance with
the remaining requirements.

Individual
John Seelke
Public Service Enterprise Group
Yes
No
For these requirements, KEEP: CIP-001-2a R4. If the entity owns or operates a BES asset, there is a
clear reliability benefit to have appropriate law enforcement contacts and procedures to address
sabotage or other security incidents. Similarly, the federal agencies feel that this is a good idea. In a
coordinated attack environment, sabotage reporting to these Law enforcement agencies from the BES
operators and owners would improve the ability of a coordinated response. Thus we feel that this
requirement should be kept within the standards. CIP-003-3 R3. The exceptions language in R3,
though rarely used, allows for those instances where an entity is unable to conform with it's cyber
security policy. In addition, the requirement has been approved by the industry and FERC more than
once. It's removal may have a negative impact on the industry. CIP-003-4 R3. The exceptions
language in R3, though rarely used, allows for those instances where an entity is unable to conform
with it's cyber security policy. In addition, the requirement has been approved by the industry and
FERC more than once. It's removal may have a negative impact on the industry. TOP-005-2a R1.
"TOP-003-2 requires operating entities such as GOs and TOs to provide operating data to BAs ands
TOPs. In TOP-005-2a, R2 and R3 requires BAs and TOPs to exchange this data with other BAs and
TOPs . R1 requires BA and TOP recipients of such data to execute a confidentiality agreement so that
its confidentiality is protected. This requirement ultimately protects the confidentiality of data
provided by entities under TOP-003-2. For these requirements, KEEP BUT MODIFY: FAC-002-1 R2. We
believe the three year limitation on documentation sets a limit; otherwise six years may be required
(the period between audits. We do suggest removing the language " and shall provide the
documentation to the Regional Reliability Organization(s) and NERC on request (within 30 calendar
days)." because we see no reliability benefit. For these rerquirements, KEEP UNTIL REPLACED: EOP-

004-1 R1. NERC's Event Analysis Process was approved by NERC's BOT on February 9, 2012. This
process has already been adopted as RFC's process under EOP-004-1, R1. Draft standard EOP-004-2
will replace Regional reporting requirements in R1 with consistent NERC-wide requirements; however,
while the draft does not presently require the use of the NERC Event Analysis Process, that process is
embedded in proposed NERC ROP changes filed with FERC on May 7, 2012. Keep until these NERC
ROP changes are approved by FERC and become effective. PRC-008-0 R1. This is required for
reliability. Such a testing program has been incorporated into draft PRC-005-2 When this is adopted,
PRC-008-0 can be retired. PRC-009-0 R1. The NERC Event Analysis Process is embedded in proposed
NERC ROP changes filed with FERC on May 7, 2012. Keep until these NERC ROP changes are approved
by FERC and become effective. PRC-009-0 R1.1. See R1 above. PRC-009-0 R1.2. See R1 above. PRC009-0 R1.3. See R1 above. PRC-009-0 R1.4. See R1 above.

Individual
Jose H Escamilla
CPS Energy
Yes
Yes
No additional comments.
No additional comments.
Group
Bonneville Power Administration
Chris Higgins
Transmission Reliability Program
Yes
No
BPA does not support the proposed retirement of TOP-001-1a R3. BPA does not agree that TOP-0011a R3 is redundant with IRO-001-1a R8 because IRO-001-1a R8 only addresses RC directives,
whereas TOP-001-1a R3 addresses both RC directives and TOP directives. BPA believes that retiring
TOP-001-1a R3 before TOP-001-2 R1 is effective would create a gap because no requirement would
address TOP directives. BPA supports the additional proposed retirements and thanks the drafting
team for their efforts.

Group
Dominion
Connie Lowe
Dominion
Yes
Yes

In the Complete Set of Standards with Proposed Retirements for Phase 1 pdf; Need to add IRO-0011a R8 and MOD-004-1 R8 needs to be completely highlighted. In the Spreadsheet with Proposed
Retirements; Suggest the MOD-004-1 Requirements be put in numeric order. Need to add IRO-0011a R8; it is not listed on the spreadsheet.
Individual

Laura Lee
Duke Energy
Yes
Yes
The initial phase of the P81 project should contain only requirements that can quickly gain industry
and regulatory support and that there is adequate time to prepare a strong technical justification for.
Duke Energy asks the P81 Standards Drafting Team to ensure these parameters are taken into
consideration as the list is finalized, and move to a subsequent phase any requirements that could
take additional time to develop a strong technical justification and consensus for.
Duke Energy generally supports the comments submitted by The Edison Electric Institute (EEI) and
the process being used to respond to the Commission’s invitation in the FFT Order.
Group
SPP Standards Review Group
Robert Rhodes
Southwest Power Pool
Yes
We concur that the proposed criteria are a good starting point for the evaluation of requirements to
be retired.
Yes
From our review of the list we feel that this is again, a good starting point, but would hope that the
drafting team could add or subtract requirements as needed as Phase 1 of the project develops.
VAR-002 R3 Status changes on AVRs – Quite often status changes to AVRs may be made for only a
matter of seconds. These changes do not impact the reliability of the BES but still require a call be
made for notification of the change. Perhaps the requirement could be changed such that only status
changes which impact the BES need to be reported. This hits on Items 4, 5, 8 and 9 in Criterion B.
FAC-003-1 R1.3 – Specific training is required for personnel involved with vegetation management
programs. This requirement is purely administrative (Criterion B.1) and does not, in and of itself,
benefit the reliability of the BES. (Although this requirement has been removed in subsequent
versions of this standard (FAC-003-2 and FAC-003-3), it remains in effect today. It needs to be
retired.) While we don’t have an extensive list at this time, we would hope that the drafting team will
ask for potential candidates which fit this category at some point in the future prior to the start of
work on the latter phases of the project.
The following are typos we found in the SAR: Either delete the ‘an’ or make ‘processes’ singular in
Technical Criteria B.2.(b). Either delete the ‘that’ in the 5th line or the ‘to’ in the 6th line of the
Statement paragraph under CIP-001-2a R4. This is the 3rd sentence in the paragraph. Insert an ‘a’
between ‘require’ and ‘new’ in the last sentence of the Statement paragraph under CIP-003-3, -4
R4.2.
Individual
Rich Salgo
NV Energy
Yes
We agree with the Overarching Criterion and the specific Technical Criteria, and believe that the types
of requirements specified in the Technical Criteria can be eliminated without any impact to reliable
operation of the interconnected transmission system.
Yes
Our review of the rationale for each of the suggested requirements of the draft SAR supports the
conclusion that these requirements should be subject to retirement.
We commend NERC and the Drafting Team on their efforts thus far in this important initiative. This
process will serve to better focus the industry’s limited resources on activities that are necessary for
reliability.

Individual
John Falsey
Edison Mission Marketing & Trading
Yes
Yes

Individual
Bob Thomas
Illinois Municipal Electric Agency
Yes
Yes
IRO-010-1a R3
Illinois Municipal Electric Agency fully supports this initiative by the collaboration group which
suppports NERC's application of a risk-based focus to it's programs, and which is consistent with SPIG
Recommendation 4.
Individual
Michelle R. D'Antuono
Occidental Energy Ventures Corp.
Yes
Occidental Energy Ventures Corp. ("OEVC") fully supports the efforts taken by the Trades, NERC, and
the Regional Entity Management Group to develop the criteria to identify requirements that may be
eligible for retirement and modification. The overarching criterion is extremely important in our view,
as it serves to remind us all that FERC’s original purpose as defined by Section 215(a)(4) of the
Federal Power Act is to oversee wide-area reliability of the bulk power system. In recent years, the
Commission’s authority has expanded into distribution systems and localized load shedding –
important issues, but already regulated by the PUCs. In our view, this is duplicative work that
increases costs without serving improved reliability. OEVC also believes that the technical criteria are
appropriate and complete for now. However, in our view, Item #8 “Hinders the protection or reliable
operation of the BES” and Item #9 “Little, if any, value as a reliability requirement” will need further
refinement in future phases of this project. Both are quite subjective, and FERC in our opinion will
only respond to fact-based quantitative data that shows that BPS reliability is not improved by a given
reliability requirement. A painful reminder may be the requirement for secondary Facility Ratings
(FAC-008-3) which FERC clearly perceives to be a reliability imperative despite overwhelming industry
rejection of the concept. It is unlikely that this view will change unless tangible cost/benefit evidence
to the contrary is provided to the Commission.
Yes
OEVC believes that the phased approach proposed in the SAR is prudent and likely the most effective.
Only the most obvious candidates for retirement or modification should be presented at this early
date. If the industry moves too-far, too-fast, the result may be a blanket rejection of every proposal.
Once FERC is comfortable that the industry is in-tune to their sense of risk – which includes public
perception of their oversight effectiveness – we believe they will be prepared to deal with
requirements that seem important on the surface, but whose contribution to reliability is illusory.
OEVC agrees with the process that the Trades are using to approach this question, but do not agree
with some of their priorities. OEVC has only addressed the Requirements where OEVC has additional
comments to what the Trades have provided. In addition, OEVC believes the following requirements
can also be removed: a) BAL-005, R1.1 – BA metering is financial in nature. Telemetry is already
required for reliability. b) TOP-002, R13 – Generator validations are driven by the regions already.
FAC-001-0 (all requirements) Criteria B 1, 3 and 6 Statement: OEVC agrees with the Trade’s analysis,

but will also point out that once connection requirements are in place, they will rarely change. We
believe this would mean a lower priority is in order. All INT Standards Criteria B 6, 7 and 9
Statement: Again, OEVC agrees with the Trades on this. It may even be time to suggest that the
functional designation of the PSE go away. They serve a marketing purpose and are blind to reliability
indicators. All data collection requirements not included in the Initial Phase CIP-005-3a, -4a R5.3 CIP006c, -4c R7, R8.3 CIP-007-3, -4 R5.1.2; R6.4; R7.3 CIP-008-3, -4 R2 PRC-018-1 R5 Criteria B 1, 2
and 9 Statement: OEVC agrees with the Trades. Most of these are captured in Phase I. These fit in
the same category. All reporting out requirements not included in the Initial Phase CIP-001-2a R3
should be modified to eliminate the word “reporting” (added by OEVC) EOP-002-3 R9.2 EOP-004-1 R3
and its sub requirements; R4 and R5 FAC-003-1 R3; FAC-003-1 R3.1: FAC-003-1 R3.2: FAC-003-1
R3.3: FAC-003-1 R3.4: FAC-003-1 R3.4.1: FAC-003-1 R3.4.2: FAC-003-1 R3.4.3: FAC-003-1 R4 FAC010-2.1 R5 FAC-011-2 R5 FAC-013-2 R6 MOD-010-0 R2 Similar to MOD-012-0 (added by OEVC)
MOD-012-0 R2 MOD-020-0 R1 MOD-021-1 R3 PRC-004-1a R3: PRC-004-2a R3: PRC-004-WECC-1
R.3. PRC-007-0 R2; PRC-007-0 R3; PRC-009-0 R2 PRC-011-0 R2; PRC-015-0 R3; PRC-016-0.1 R3;
PRC-017-0 R2; PRC-021-1 R2 TPL-001-0.1 R3; TPL-002-0b R3; TPL-003-0a R3; TPL-004-0 R2.
Criteria B 1, 4 and 9 Statement: In addition to the Trade’s comments, OEVC believes that NERC has
an Events Analysis process, RAPA process, and Section 1600 Data Request process that they can
invoke to get this information. Annual reviews CIP-002-2, -4 R4 CIP-003-3, -4 R1.3; CIP-003-3, -4
R4.3; CIP-003-3, - 4 R5.1.2; CIP-003-3, - 4 R5.3 CIP-006-3c, -4 R1.8 CIP-007-3, -4 R9 CIP-009-3, 4 R1 EOP-005-1 R1; EOP-005-2 R3.1 EOP-008-0 R1.7 EOP-008-1 R5 IRO-014-1 R4.3 Criteria B 1, 2,
3, 7 and 9 Statement: OEVC agrees with the Trades and add that Compliance teams spend far too
much time trying to confirm that a RBAM was reviewed and signed off-on. This serves only to add
time and expense – especially when conditions have not changed in the preceding year. Other
requirements EOP-004-1 R2 Criteria B 7 Statement: OEVC agrees with the Trades. Again, NERC has
an Events Analysis process and RAPA process that they can invoke to require analyses. FAC-002-1 R1
OEVC agrees that this requirement and five sub-requirements are unnecessary. First of all, the PUC,
the BA, and the TOP are highly involved in the interconnection process. It is not clear what extra
value is provided by overlapping oversight from the RE and/or NERC. Second, other standards – the
TPLs in particular – are directly referenced in the requirement. Those are enforceable already, there is
no need to duplicate them here. FAC-008-1 R1.3.5 This requirement is already addressed in Phase I.
IRO-001-1.1 R8 OEVC believes the intent is to consolidate RC directives in IRO-001 with TOP
directives in TOP-001. Since Phase I addresses TOP-001, this seems to have been already
accomplished. IRO-005-3a R10 Criteria B 9 Statement: OEVC agrees with the Trades. This is one that
we propose should be a much higher priority. Since the GOP is already told to follow a directive, this
requirement makes no sense. MOD-017-0.1 R1.1 and MOD-018-0 (all requirements) ; MOD-020-1 R1
OEVC believes that this is redundant with IRO-010 and the new version of TOP-003 when it takes
effect. MOD-019-0.1 R1 OEVC believes that this is redundant with IRO-010 and the new version of
TOP-003 when it takes effect. TOP-002-2b R2; R15 OEVC believes that TOP-002 R15 will be resolved
by the release of the new TOP standards. TOP-002-2b R14 and R14.1 Criteria B 9 Statement: OEVC
believes that TOP-002 R14 and R14.1 will be resolved by the release of the new TOP standards. TOP003-1 R1 and its sub requirements; R2 and R3 Criteria B 9 Statement: OEVC believes that these
items will be resolved by the release of the new TOP standards. TOP-005-2a R3 Criteria B 9
Statement: OEVC agrees with the Trades on this one. Again, it may even be time to suggest that the
functional designation of the PSE go away. TOP-006-2 R1.1, R4, R5, R6; TOP-008-1 R2, R4 OEVC
believes that that TOP-006 R1.1 will be resolved by the release of the new TOP standards.
OEVC Agrees with the Trade Associations on this response.
Individual
Patrick Brown
Essential Power, LLC
Yes
No
CIP-001-2a, R4. This requirement should be removed from the Paragraph 81 project. If an entity
owns or operates a BES asset, there is a clear reliability benefit to have appropriate law enforcement
contacts and procedures to address sabotage or other security incidents. Similarly, the federal
agencies feel that this is a good idea. In a coordinated attack environment, sabotage reporting to

these law enforcement agencies from the BES operators and owners would improve the ability of a
coordinated response. Thus we feel that this requirement should be kept within the standards. CIP003-3, R3. This requirement should be removed from the Paragraph 81 project. The exceptions
language in R3, though rarely used, allows for those instances where an entity is unable to conform to
its cyber security policy. In addition, the requirement has been approved by the industry and FERC
more than once. Its removal may have a negative impact on the industry. CIP-003-4, R3. This
requirement should be removed from the Paragraph 81 project. The exceptions language in R3,
though rarely used, allows for those instances where an entity is unable to conform to its cyber
security policy. In addition, the requirement has been approved by the industry and FERC more than
once. Its removal may have a negative impact on the industry. EOP-004-1, R1. This requirement
should be removed from Phase 1 of the Paragraph 81 project, until replaced by EOP-004-2. NERC's
Event Analysis Process was approved by NERC's BOT on February 9, 2012. This process has already
been adopted as RFC's process under EOP-004-1, R1. Draft standard EOP-004-2 will replace Regional
reporting requirements in R1 with consistent NERC-wide requirements; however, while the draft does
not presently require the use of the NERC Event Analysis Process, which is embedded in proposed
NERC ROP changes filed with FERC on May 7, 2012. This requirement should be kept until these NERC
ROP changes are approved by FERC. FAC-002-1, R2. This requirement should be removed from the
Paragraph 81 project, and modified instead. We believe the three year limitation on documentation
sets a limit; otherwise six years may be required (the period between audits). We do suggest
removing the language “and shall provide the documentation to the Regional Reliability
Organization(s) and NERC on request (within 30 calendar days)." because we see no reliability benefit
to this element of the requirement.

Individual
Becky Stewart
Idaho Power Company
Yes
Yes
MOD-017-0.1 R1.1, R1.2 Criterion B2 MOD-018-0 R1 Criterion B7 (Should be covered by MOD-016)
MOD-021-1 R1, R2 Criterion B7 (Should be covered by MOD-016) MOD-021-1 R3 Criterion B4
MOD standards 016 through 021 should be combined into a single standard, removing duplication and
retiring requirements which are "reporting-only" and/or have little discernable reliability benefit. We
agree with the stated Purpose or Goal of the proposed standard of setting forth specific Reliability
Standard requirement evaluation criteria and establishing a multi-phased process for addressing these
Reliability Standard requirements. We agree with and support this Reliability Standard requirement
evaluation and proposed multi-phased process based on the following: We believe there is value in
differentiation of violations based on risk. We believe that not all violations pose the same risk to
reliability, so they should not all be treated the same. Focusing on the greatest risks to reliability will
allow for more efficient use of resources while improving the reliability of the BES through an
application of structured risk management.
Group
Pepco Holdings Inc & Affiliates
David Thorne
Pepco Holdings Inc
Yes
Yes

Pepco Holdings Inc supports this project. Additionallyl Pepco Holdings Inc supports the comments
provided by EEI.

Individual
Kimberly Tolbert
Occidental Power Services, Inc.
Yes
No
OPSI recommends the following additions for Phase 1 implementation: 1. INT-001-3, R1. The Load
Serving, Purchasing-Selling Entity shall ensure that Arranged Interchange is submitted to the
Interchange Authority for all Dynamic Schedules at the expected average MW profile for each hour.
Criteria: B6, B9 Statement: This requirement is at best a business practice of markets (protocol).
These schedules can be rejected if not correctly submitted, can be cut if not executed correctly, and
the PSE can be penalized if there are offenses. Recommendation: Remove PSE from R1 and from the
Applicability section. 2. INT-004-2, R2. The Purchasing-Selling Entity responsible for tagging a
Dynamic Interchange Schedule shall ensure the tag is updated for the next available scheduling hour
and future hours when any one of the following occurs: o R2.1 The average energy profile in an hour
is greater than 250 MW and in that hour the actual hourly integrated energy deviates from the hourly
average energy profile indicated on the tag by more than ±10% o R2.2 The average energy profile in
an hour is less than or equal to 250 MW and in that hour the actual hourly integrated energy deviates
from the hourly average energy profile indicated on the tag by more than ±25 megawatt-hours o
R2.3 A Reliability coordinator or Transmission Operator determines the deviation, regardless of
magnitude, to be a reliability concern and notifies the Purchasing-Selling Entity of that determination
and the reasons. Criteria: B6,B9 Statement: This requirement is at best a business practice of
markets (protocol). These schedules can be rejected if not correctly submitted, can be cut if not
executed correctly, and the PSE can be penalized if there are offenses. Recommendation: Remove
PSE from R2 and from the Applicability section. 3. IRO-001-1.1, R3 and R8. R3. The Reliability
Coordinator shall have clear decision-making authority to act and to direct actions to be taken by
Transmission Operators, Balancing Authorities, Generator Operators, Transmission Service Providers,
Load-Serving Entities, and Purchasing- Selling Entities within its Reliability Coordinator Area to
preserve the integrity and reliability of the Bulk Electric System. These actions shall be taken without
delay, but no longer than 30 minutes. R8. Transmission Operators, Balancing Authorities, Generator
Operators, Transmission Service Providers, Load-Serving Entities, and Purchasing-Selling Entities shall
comply with Reliability Coordinator directives unless such actions would violate safety, equipment, or
regulatory or statutory requirements. Under these circumstances, the Transmission Operator,
Balancing Authority, Generator Operator, Transmission Service Provider, Load-Serving Entity, or
Purchasing-Selling Entity shall immediately inform the Reliability Coordinator of the inability to
perform the directive so that the Reliability Coordinator may implement alternate remedial actions.
Criteria: B9 Statement: PSEs do not generally receive Reliability Directives from RCs
Recommendation: Remove PSE from R3 and R8 and from the Applicability section. 4. IRO-005-3,
R10. In instances where there is a difference in derived limits, the Transmission Operators, Balancing
Authorities, Generator Operators, Transmission Service Providers, Load-Serving Entities, and
Purchasing-Selling Entities shall always operate the Bulk Electric System to the most limiting
parameter. Criteria: B9 Statement: PSEs do not generally derive limits for the transmission of power
over the BES. Recommendation: Remove PSE from R10 and from the Applicability section. 5. TOP005-2, R3. Each Purchasing-Selling Entity shall provide information as requested by its Host Balancing
Authorities and Transmission Operators to enable them to conduct operational reliability assessments
and coordinate reliable operations. Criteria: B6,B9 Statement: PSEs have to supply this information as
a requirement for participating in market functions. Recommendation: Remove PSE from R3 and from
the Applicability section. 6. VAR-001, R5. Each Purchasing-Selling Entity shall arrange for (selfprovide or purchase) reactive resources to satisfy its reactive requirements identified by its
Transmission Service Provider. Criteria: B6,B9 Statement: This is a requirement to participate in
competitive markets (generally, it is included in the transmission rate) or is required by tariffs in noncompetitive markets. The PSE has no option but to purchase the reactive power in order to make the
transaction. Recommendation: Remove PSE from R5 and from the Applicability section.
If the changes listed in Question 2 are not considered in Phase 1, then they should be considered in
subsequent phases of the project.

Individual
Andrew Gallo
City of Austin dba Austin Energy
Yes
Yes
FAC-001-0 (all requirements) Criteria B 1, 3 and 6 Statement: The requirement in FAC-001-0 to
document and publish facility connection requirements has no impact on reliability. It is purely a
document that those considering to interconnect with a transmission entity may review as a
reference. Once an interconnection request is actually made with a transmission owner, the
transmission owner performs the FAC-002-1 steady-state, short-circuit, and dynamics studies to
determine the new interconnection’s impact on reliability. During the negotiation of an interconnection
agreement the FAC-001-0 referenced material is agreed on and reduced to writing for purposes of
constructing, maintaining and operating the interconnection facilities. Also, during the entire
interconnection process, as FAC-002-1 provides for, the parties must coordinate and cooperate during
the assessment of the reliability impact of the new interconnection facilities. Thus, FAC-001-0, at
best, is a best practice or helpful initial guide to an entity considering interconnecting, but provides
little, if any, meaningful value to reliability, especially when compared to the actual benefits to
reliability via the FAC-002-1 studies, the execution of a negotiated agreement and the coordination of
activities during constriction and operation of the new facilities. Accordingly, FAC-001-0 should be
retired, and, if necessary, any requirements that protect reliability should be transferred to FAC-0021. All INT Standards Criteria B 6, 7 and 9 Statement: Many of the INT Reliability Standard
requirements are very close to duplicative of similar requirements in the BAL Standards or address
commercial matters. As drafted, the INT Reliability Standards include tasks or activities that do little,
if anything, to promote the protection the Bulk Electric System. Thus, we recommend that the
Standards Drafting Team retire the INT Reliability Standards and, as necessary, transfer any
requirement that protect reliability to the BAL Reliability Standards. All data collection requirements
not included in the Initial Phase, more specifically: CIP-005-3a, -4a R5.3 CIP-006c, -4c R7, R8.3 CIP007-3, -4 R5.1.2; R6.4 CIP-008-3, -4 R2 PRC-018-1 R5 Criteria B 1, 2 and 9 Statement: These
requirements are purely data retention requirements with no functional nexus to reliability and,
therefore, best handled via compliance monitoring, RSAW or as a data request during an audit. All
reporting out requirements not included in the Initial Phase, more specifically: EOP-002-3 R9.2 EOP004-1 R3 and its subrequirements; R4 and R5 FAC-003-1 R3; FAC-003-1 R3.1: FAC-003-1 R3.2: FAC003-1 R3.3: FAC-003-1 R3.4: FAC-003-1 R3.4.1: FAC-003-1 R3.4.2: FAC-003-1 R3.4.3: FAC-003-1
R4 FAC-010-2.1 R5 FAC-011-2 R5 FAC-013-2 R6 MOD-012-0 R2 MOD-020-0 R1 MOD-021-1 R3 PRC004-1a R3: PRC-004-2a R3: PRC-004-WECC-1 R.3. PRC-007-0 R2; PRC-007-0 R3; PRC-009-0 R2
PRC-011-0 R2; PRC-015-0 R3; PRC-016-0.1 R3; PRC-017-0 R2; PRC-021-1 R2 TPL-001-0.1 R3; TPL002-0b R3; TPL-003-0a R3; TPL-004-0 R2. Criteria B 1, 4 and 9 Statement: There is no direct
connection between reporting out of information to an entity or Regional Entity and protecting
reliability. If the Regional Entity desires to review information for purposes of monitoring reliability or
assessing risk, the information should be collected via vehicles other than the Reliability Standards.
Annual reviews CIP-002-3, R3; CIP-002 -4 R3 CIP-003-3, -4 R1.3; CIP-003-3, -4 R4.3; CIP-003-3, 4 R5.1.2; CIP-003-3, - 4 R5.3 CIP-006-3c, -4 R1.8 CIP-007-3, -4 R9 CIP-009-3, -4 R1 EOP-005-1 R1;
EOP-005-2 R3.1 EOP-008-0 R1.7 EOP-008-1 R5 IRO-014-1 R4.3 Criteria B 1, 2, 3, 7 and 9
Statement: The annual review and update requirements are arbitrary, administrative and not aligned
with the operation and protection of the Bulk Electric System. These requirements should be retired
or modified to align with how the Bulk Electric System is operated and protected. Other requirements
CIP-007-3, -4 R7 Criteria B 1, 2, 3 and 7 Statement: The essential elements of the process of
disposing or redeploying of Cyber Assets and the associated cyber security are set forth in R7.2 and
R7.3. To require “formal methods, processes and procedures” appears to require formal
documentation for the sake of documentation, rather than allowing the responsible entity to
implement a process that achieves the actions required in R7.2 and R7.3, which may or may not
include formal procedures, for example. EOP-004-1 R2 Criteria B 7 Statement: The analysis of the
BES for system disturbances is covered in PRC-004-2.1a R1. The PRC Requirement R1 calls for the
analysis of its transmission Protection System Misoperations. We believe that BES analysis is covered
inherently through this PRC standard making EOP-004 R1 redundant to the PRC standard. Another

factor is the Version 2 of the EOP-004-2 where the requirement to analyze the BES disturbance is
noticeably absent. The focus on the EOP-004 is for the reporting of applicable events that are
identified in the PRC-004 standard. There is an event analysis reporting process referenced in the
NERC Rules of Procedures (ROPs) that handles this requirement. Therefore, this is a redundant
requirement. In February of 2012, NERC deployed its Events Analysis Process – incorporating the
learnings from two field trials held over the previous year and a half. It includes all the necessary
steps that affected operators must take to analyze and report on events that may impair the
reliability of the BES. Most Regional Entities have already updated their reporting procedures to match
NERC’s. Furthermore, NERC and the Regional Entities already have sufficient authority to order
analyses and corrective action plans outside of the Reliability Standards. These are important steps
for the development of Lessons Learned and trending analyses, but do not contribute to reliable
operations. In fact, the demand for near term reporting – some within one hour of the initiation of the
event – interferes with the efforts of front-line personnel to mitigate the issue at hand BAL-001-0.1a
(all requirements), BAL-004-0 (all requirements), BAL-005-0.1b R11; BAL-006-2 (all requirements)
Criteria B 6 and 9 Statement: BAL-001 requires a 12 month rolling average of ACE and does not
impact reliability and should be eliminated (in favor of BAL-002). Consider augmenting NAESB
standard WEQ-005. BAL-004 requirement for time error correction is not important for reliability and
should be eliminated. It also duplicates NAESB std WEQ-006. In BAL-005 R11, Balancing Authorities
shall include the effect of ramp rates, which shall be identical and agreed to between affected
Balancing Authorities, in the Scheduled Interchange values to calculate ACE, is not needed for
reliability. Ramp rates have minimal impact on ACE calculations, and are already included in the
definition of Interchange Schedule in the NERC Glossary as used in R9. The requirement to use
agreed upon ramp rates is commercial in nature and is already covered by NAESB standard WEQ004-17. BAL-006-2 is an after-the-fact accounting of inadvertent interchange and does not impact
reliability and should be eliminated. Consider augmenting NAESB standard WEQ-007. CIP-003-3, -4
R2 and its subrequirements Criteria B 1 and 9 Statement: Whether the entity has a robust up-to-date
CIP compliance plan may impact reliability, but not whether there is an employee called a CIP senior
manager oversees the plan. CIP-004-3, -4 R2.3 Criteria B 9 Statement: Whether the entity has a
robust up-to-date, trained-on CIP compliance plan may impact reliability, but not whether there is
annual training. CIP-004-3, -4 R3.2 Criteria B 1, 9 Statement: Whether the entity has a robust up-todate CIP compliance plan may impact reliability, but not whether there is a seven year update to the
PRA. CIP-004-3, -4 R4.1 Criteria B 1, 9 Statement: Whether the entity has a robust up-to-date on CIP
compliance plan may impact reliability, but not whether it reviews lists every seven days. CIP-004-3,
-4 R4.2 Criteria B 1, 9 Statement: Whether the entity has a robust up-to-date on CIP compliance plan
may impact reliability, but not whether it revokes access within 24 hours or 7 days. CIP-005-3a, -4a
R2.5 and its subrequirements Criteria B 1, 9 Statement: Whether the entity has a robust up-to-date
CIP compliance plan to protect the ESP may impact reliability, but not whether specific information is
documented. CIP-007-3, -4 R3.1, R3.2 Criteria B 1, 9 Statement: Whether the entity has a robust upto-date CIP compliance plan to protect the PSP may impact reliability, but not whether specific
information is documented within 30 days. Also, whether the entity has a robust up-to-date on CIP
compliance plan to protect the PSP may impact reliability, but not whether specific information is
documented. CIP-008-3 R1.4 Criteria B 1, 9 Statement: Whether the entity has a robust up-to-date
CIP compliance plan may impact reliability, but not whether specific information is documented within
30 days or a change. EOP-001-1b, -2b Criteria B 7 Statement: Duplicative with the other EOP
Standards (e.g., Capacity and Energy emergency of EOP-002, Load Shedding of EOP-003, and
System Restoration of EOP-005). EOP-002-3 R1 Criteria B 7 Statement: Duplicates other
requirements such as IRO-001-1 R8 and should be retired or modified to reduce redundancy. EOP002-3 R9 Criteria B 7 Statement: When a Transmission Service Provider expects to elevate the
transmission service priority of an Interchange Transaction from Priority 6 (Network Integration
Transmission Service from Non-designated Resources) to Priority 7 (Network Integration Transmission
Service from designated Network Resources). It duplicates NAESB standard WEQ-008 and should be
eliminated. EOP-005-2 R1.2. A description of how all Agreements or mutually agreed upon procedures
or protocols for off-site power requirements of nuclear power plants, including priority of restoration,
will be fulfilled during System restoration. Criteria B 1, 3 and 7 Statement: With the implementation
of NUC-001-2 R2, there is no longer a need for EOP-005-2 R1.2. Specifically, NUC-001-2 R2 requires
Nuclear Plant Interface Requirements (NPIRs) to be included in the agreements for operation and
maintenance (including restoration process) for off-site nuclear power: R2. The Nuclear Plant
Generator Operator and the applicable Transmission Entities shall have in effect one or more

Agreements1 that include mutually agreed to NPIRs and document how the Nuclear Plant Generator
Operator and the applicable Transmission Entities shall address and implement these NPIRs. Given
the off-site power requirements of NUC-001-2 which require comprehensive operational interface
protocols (including restoration) between nuclear plants and responsible entities as part of the NPIRs,
there is no longer a need for the administrative, documentation-only requirement in EOP-005-2
related to the same subject matter. IRO-002-2 (all requirements) Criteria B 7 Statement: Redundant
with COM-002-2, R1 COM-001-1.1, R1 and IRO-002-2, R2 and R3 IRO-005-3a R10 Criteria B 9
Statement: Confusing requirement. It was intended to address rare cases where entities were told to
operate to different SOLs and IROLs. However, because only the TOP and the RC can see these
parameters, the only thing a GOP can do is follow a directive. IRO-014-1 R4 Criteria B 9 Statement:
Requirement 4 (including sub-parts) should be rolled up into R1. and eliminated. Requirement 1
should be modified to require "current operating procedures, processes or plans with all adjacent RCs.
IRO-015-1 R2.1 Criteria B1 and 9 Statement: Whether the procedure, process and plan is robust and
up-to-date may impact reliability, not whether there are weekly calls. MOD-001-1 and MOD-008-1 (all
requirements) Criteria 6 and 9 Statement: Do the ATC / TTC standards belong in NERC or NAESB
(i.e., MOD-001, MOD-004, MOD-008, MOD-028 thru 030, and TOP-002-2 R12)? I think NERC should
be focused on managing SOLs and IROLs, whereas NAESB on TTC, ATC, etc., and I think these
can/should be moved to the NAESB standards. Criteria B 6 and 9 Statement: This could be handled as
a data request from an RE or other Registered Entities and, therefore, would not need a requirement,
as there are too many requirements that warrant an attestation that no request was made. MOD-0161.1 and MOD-021-1 (all requirements) Criteria B 9 Statement: MOD-016 through MOD-021 are all
about long term load forecasting and reporting of actual loads. Most of this can be eliminated from
the standards and replaced with a data collection process (e.g., DADS). Loads to be used in modeling
should be incorporated in the data requirements of MOD-010 and MOD-012 and not a separate
standard. MOD-028-1 (all requirements); MOD-029-1a (all requirements); MOD-030-2 (all
requirements) Criteria B 6 and 9 Statements: ATC / TTC standards should belong NAESB (i.e., MOD001, MOD-004, MOD-008, MOD-028 thru 030, and TOP-002-2 R12)? NERC should focus on managing
SOLs and IROLs, whereas NAESB on TTC, ATC, etc. PRC-022-1 R1, R1.1, R1.2, R1.3, R1.4, and R1.5
Criteria B 7 Statement: Whether the responsible entity has robust UVLS misoperation and correction
action is redundant with PRC-004-1a, -2a. TOP-001-1a R3 and R7 (and its subrequirements) Criteria
B 9 Statement: For R3, there are three projects in progress addressing the issuance of directives by
the RC, BA and TOP. Also, for R7, all outages information should be submitted to the TOP and/or BA
in accordance with their data requirements. TOP-002-2b R8 and R 9 Criteria B 6, 7 and 9 Statement:
“Each Balancing Authority shall plan to meet voltage and/or reactive limits, including the
deliverability/capability for any single contingency”, duplicates VAR-001 and should be eliminated.
“Each Balancing Authority shall plan to meet Interchange Schedules and ramps” duplicates the BAL
standards and the NEASB standards and should be eliminated. TOP-002-2b R12 Criteria B 6 and 9
Statement: ATC / TTC standards should belong to NAESB (i.e., MOD-001, MOD-004, MOD-008, MOD028 thru 030, and TOP-002-2 R12). NERC should focus on managing SOLs and IROLs, whereas
NAESB on TTC, ATC, etc., These can/should be moved to the NAESB standard. TOP-002-2b R14 and
R14.1 Criteria B 9 Statement: All derating information should be submitted to the TOP and/or BA in
accordance with their data requirements. TOP-002-2b R15 Criteria B 9 Statement: Each Balancing
Authority and Transmission Operator shall maintain accurate computer models utilized for analyzing
and planning system operations is a "how" requirement that is needed to meet other requirements in
the standard. It is also not measureable, and the requirement should be eliminated. All weekly
forecasts should be submitted to the TOP and/or BA in accordance with their data requirements. TOP003-1 R1 and its subrequirements; R2 and R3 Criteria B 9 Statement: All planned outage information
should be submitted to the TOP and/or BA in accordance with their data requirements. TOP-005-2a
R3 Criteria B 9 Statement: PSEs are not best positioned to provide reliability information. BAL-0050.1b R1 Criteria B7 Statement: Introductory statement; redundant with subrequirements MOD-010-0
R2 Criteria B 1, 4 and 9 Statement: MOD-012-0 R2 was included in the Joint Trade Associations list of
suggested requirements for retirement or modification. MOD-010-0 R2 is nearly identical to MOD012-0 R2 and should also be considered. PER-001-0.1 R1 Criteria B7 Statement: The TOP portion of
this requirement is redundant with TOP-001-1a R1 PRC-018-1 R3 (and all sub requirements) Criteria
B2 and 4 Statement: This requirement involves data collecting and reporting that does not impact the
reliability of the BES; could be part of a data request if necessary
The P81 project should be considered a high priority Standards development project for the following
reasons: (1) Responsive to P81 of FERC’s March 15, 2012 order and SPIG Recommendation No. 4 (2)

Will increase efficiency of the ERO compliance programs (3) Requirements submitted for the initial
phase appear to be clear candidates on their face and should not require extensive technical research
(4) The collaborative nature of the project is an example for future work, because it advances the
project while reducing the impact on stakeholders and NERC staff (5) The proposed pace of the
project sets an example for future work (6) Furthers the focus on results, performance based
Reliability Standards (7) May provide a roadmap of what should or should not be a requirement in
future Reliability Standards (8) The draft P81 SAR criteria is designed to be sufficiently broad to
capture all FERC approved reliability Standards that are unnecessary, redundant or do little to protect
reliability (9) To eliminate Reliability Standards requirements that deter from our focus on reliability
Based on these benefits, we support the Standards Drafting Team and NERC staff working together to
file the initial list of Reliability Standards for retirement with the Federal Energy Regulatory
Commission prior to the end of the year and that the Standards Drafting Team also make significant
progress on the scope of the phase two P81 Reliability Standards list by the end of the year.
Individual
RoLynda Shumpert
South Carolina Electric and Gas
Yes
I support removing redundancy and any items that are not related to reliability impacts.
Yes
Will the measures associated with requirements that are up for retirement be modified or removed?
Eg. Removing R2 of a standard but not removing the text in M1 which refers to R2 of that same
standard.
Instead of retiring R2 of EOP-009-0 could the whole standard can be replaced by the new EOP-005?
Individual
Eric Olson
Transmission Agency of Northern California
Yes
Yes

TANC commends FERC for soliciting input on ways to eliminate requirements that are redundant or
provide little protection for the bulk power system. TANC believes that NERC has proposed an
appropriate response to this opportunity and looks forward to further initiatives that prioritize
reliability ahead of compliance.
Group
ACES Power Marketing Standards Collaborators
Jason Marshall
ACES Power Marketing
Yes
In general, we agree with the criteria. However, we do offer two suggestions. First, in criterion B.1,
we suggest striking “and is needlessly burdensome”. If the activity does not support reliability the
burden is irrelevant. Second, we suggest if there are current standards under development that are
already proposing to retire requirements that those requirements should be considered for inclusion in
this project. In order to include those requirements, the proposed reason for retirement should align
with one of the criteria in this project. This would accelerate the retirement of unnecessary
requirements. Third, we suggest requirements that are assigned to the wrong functional entities
should be added as a criterion for revision/retirement.
No
(1) We believe there are other requirements that easily meet the criteria. (2) VAR-001-2 R5 is
redundant with FERC’s pro forma tariff and was originally included in the NERC policies to align them
with said tariff. The requirement compels the PSE and LSE to arrange for reactive resources to satisfy

the reactive requirements of the Transmission Service Provider. PSEs and LSEs cannot purchase
transmission service without purchasing reactive service or demonstrating to the transmission
provider that they have arranged for reactive resources. From a practical perspective, this means
they always purchase reactive service from the Transmission Provider. Furthermore, it is the
Transmission Operator that actually ensures reactive resources are dispatched per VAR-001-2 R2.
Thus, VAR-001-2 R5 satisfies criteria B.1, B.6, B.7, and B.9. (3) BAL-002 R1 and R3 are redundant.
R1 compels the BA to have access to and operate Contingency Reserve to respond to disturbances.
R3 requires the BA to activate sufficient Contingency Reserve to comply with DCS. We suggest
removing R1 because it is redundant (Criterion B.7). This applies to both versions 0 and 1 of the
standard. (4) BAL-005-0.1b R1 and its sub-requirements are not necessary. All generation,
transmission and load is currently contained within the metered boundaries of a BA. It is impossible to
add new generation, transmission and load and not be within the metered boundaries of a BA. To do
so, would require the equipment owner to carve out an area from the BA. For example, if a TO added
a new transmission line, it would have to put a meter on both ends to carve it out of any BA footprint.
In the process, they, in effect, create a new BA. The only way these requirements can’t be met would
be if BAs started removing metering equipment en masse. Given removing metering equipment has
significant financial consequences due to inaccurate energy accounting; it is not going to happen.
Thus, it meets Criterion B.9. Furthermore, TOs are already required to identify metering requirements
in FAC-001-0 R2.1.6 as part of its facility connection requirements. It also meets Criterion B.7. (5)
COM-001-1.1 is unnecessary and the audit of it has largely become a demonstration that it is an
administrative requirement. English is the primary language across the vast majority of the
Interconnections under NERC’s purview and it is the primary language in all of the areas under FERC’s
jurisdiction. For the few companies in areas where English is not predominant, those companies will
be unable to meet other requirements if they use a different language to speak with companies from
predominantly speaking English languages. Furthermore, audits have regulated this to predominantly
an administrative requirement. The auditors largely look for statement that the English language is
required despite the fact that all evidence has been provided in English, observations of control center
conversations have shown English is used, and the audit has been conducted in English. If there is a
need for this requirement, it should be relegated to a regional requirement for those regions that
include areas that do not speak predominantly English. Thus, this requirement meets Criteria B.1 and
B.9. (6) FAC-010-2.1 R5 is an administrative requirement for the Planning Authority to respond to
comments on its SOL methodology. Failure to provide a written response to technical comments does
not impact reliability. The PC is already required to distribute its methodology in R4. Any functional
entity that would have provided technical comments will see any adjustments. This requirement
meets Criteria B.1 and B.9. (7) FAC-011-2 R5 is an administrative requirement for the Reliability
Coordinator to respond to comments on its SOL methodology. Failure to provide a written response to
technical comments does not impact reliability. The RC is already required to distribute its
methodology in R4. Any functional entity that would have provided technical comments will see any
adjustments when they receive the methodology. This requirement meets criteria B.1 and B.9. (8)
INT-004-2 R1 has nothing to do with reliability and should be included in the list of retirements.
Failing to reload an Interchange Transaction that was curtailed for a reliability event has no reliability
impact. It is a remnant from the NERC Policies that was added at the request of market participants
because once transactions were cut, reliability entities did not always allow the transaction to resume
once the reliability issue had been addressed. This is strictly a commercial issue. Thus, this
requirement meets Criterion B.9. (9) IRO-005-3 R10 should be modified to reflect the functional
model. In cases where there are differences in derived limits, PSEs and LSE cannot operate to the
most limiting parameters. They are not in a position to even have information on the parameters such
as facility ratings. Rather, their role is to follow directives. Thus, inclusion of PSE and LSE in the
requirement does not support reliability. Thus, this requirement meets Criterion B.9. (10) IRO-005-3
R11 is redundant with MOD-028-1 R6.1, MOD-029-1a R3, and MOD-030-2 R2.4. The MOD standards
already require the TSP to consider IROLs and SOLs when determining Available Transfer
Capability/Available Flowgate Capability and Total Transfer Capability. This requirement meets
Criterion B.7. (11) PRC-011-0 R2 should be retired. A requirement is not needed to compel the TO
and DP to provide data on its UVLS equipment maintenance program to the Regional Entity. The
Regional Entity’s CMEP and NERC’s Rules of Procedure compel the TO and DP to provide information
regarding enforceable requirements per the Regional Entity’s request. This requirement meets Criteria
B.1, B.4, and B.9. (12) PRC-015-0 R3 should be retired. A requirement is not needed to compel the
TO, GO and DP to provide data on their Special Protection Systems (SPS) to the Regional Entity. The

Regional Entity’s CMEP and NERC’s Rules of Procedure compel the TO, GO and DP to provide
information regarding enforceable requirements per the Regional Entity’s request. This requirement
meets Criteria B.1, B.4, and B.9. (13) PRC-016-0.1 R3 should be retired. A requirement is not needed
to compel the TO, GO and DP to provide data on their SPS Misoperations analyses and corrective
action plans to the Regional Entity. The Regional Entity’s CMEP and NERC’s Rules of Procedure compel
the TO, GO and DP to provide information regarding enforceable requirements per the Regional
Entity’s request. This requirement meets Criteria B.1, B.4, and B.9. (14) PRC-017-0.1 R2 should be
retired. A requirement is not needed to compel the TO, GO and DP to provide documentation of the
SPS maintenance and testing program to the Regional Entity. The Regional Entities CMEP and NERC’s
Rules of Procedure compel the TO, GO and DP to provide information regarding enforceable
requirements per the Regional Entity’s request. This requirement meets Criteria B.1, B.4, and B.9.
(15) PRC-021-0.1 R2 should be retired. A requirement is not needed to compel the TO and DP to
provide UVLS program data to the Regional Entity. The Regional Entities CMEP and NERC’s Rules of
Procedure compel the TO and DP to provide information regarding enforceable requirements per the
Regional Entity’s request. This requirement meets Criteria B.1, B.4, and B.9. (16) PRC-023-1 R2 and
PRC-023-2 R3 are redundant with FAC-008-1 R1.2.1 and FAC-008-3 Part 2.4.1. FAC-008-1 R1.2.1
and FAC-008-3 Part 2.4.1 already require the GO and TO to consider relay protective devices when
determining facility ratings. The DP cannot limit the Facility Rating because a DP does not have
Transmission Facilities. They only have relays that impact Facility Ratings that must ultimately be
considered by the TO. This requirement meets Criterion B.7 (17) TOP-005-2a R3 is redundant with
the INT standards and should be retired. In the NERC Functional Model, the only role for the PSE is to
facilitate Arranged Interchange. The INT standards already govern Arranged Interchange and contain
the necessary information that the PSE must provide. Furthermore, Project 2007-03 Real-Time
Operations has proposed retirement of this requirement as it is redundant with NAESB e-Tag
specifications. Beyond the E-tag data there is no additional information that a PSE or LSE could
provide for the BA or TOP to conduct operational assessments. This requirement meets Criteria B.6,
B.7 and B.9. (18) PRC-006-1 R7 should be retired. Failure by a Planning Coordinator to provide data
to another Planning Coordinator within 30 days is not a reliability issue because Planning Assessments
have long time lines to complete the studies. Furthermore, any failure to provide data within 30
calendar days is most likely a simple oversight. If a Planning Coordinator refuses to provide data, the
requesting Planning Coordinator may get involved and which will compel them to provide the data.
This can be done without the need for this requirement. This requirement meets criterion B.4.
(1) EOP-002-3 R6 and R7 and their sub-requirements are redundant with BAL-001-0.1a R1 and R2
and BAL-002 R4. BAL-001-0.1a R1 compels a BA to meet CPS1. BAL-001-0.1a R2 compels a BA to
meet CPS2. BAL-002 R4 compels a BA to respond meet the DCS for all reportable events less than
MSSC. EOP-002-3 R6 and R7 do not make the BA any more or less responsible to meet these
requirements but rather creates an opportunity for double jeopardy. Furthermore, EOP-002-3 R6 and
R7 do not make any sense in context with the CPS1 and CPS2 calculations. They are averages over a
long term and would never require the emergency actions listed in the sub-requirements to comply
with them. These requirements have already proven to incent behavior that is contrary to reliability
(criterion B.8). At the August NERC BOT meeting, the NERC OC Chair explained that a BA shed load to
meet the DCS criterion even though there were no other concerns (i.e. voltage, frequency, IROL or
SOL violations) on the transmission system at the time. These requirements meet criterion B.7. (2)
EOP-004-1 R2 should be considered for future retirement. The approval of the Event Analysis
Procedure obviates the need for a standard requirement to analyze Bulk Electric System disturbances.
This would be especially true if the procedure is added to the Rules of Procedure as NERC has
planned. This requirement meets criterion B.7. (3) Retirement of FAC-001-0 R3 should be considered
in the next phase. There is an implied obligation for the TO to update its Facility connection
requirements when they change. Additionally, a requirement to make them available to the Regional
Entity and users of the transmission system is unnecessary. First, the Regional Entity could request
them through the compliance monitoring process. Second, the TO will provide the Facility connection
requirements to those with genuine interconnection requests because the TO will want its connection
standards met. This requirement meets criterion B.4, B.7 and B.9. (4) FAC-002-1 R1 should be
revised to reflect the NERC Functional Model because it assigns the requirements to the wrong
functional entities. The Transmission Planner and Planning Coordinator are responsible for conducting
the assessments for new Facilities. The requirement appears to be an attempt to require the GO, TO,
DP, and LSE to coordinate with the TP and PC. However, the requirement actually defines what is
required in the TP and PC assessments which unfortunately place these responsibilities on the GO,

TO, DP and LSE. None of these functional entities have the capability to meet requirements such as
performing dynamics studies. This requirement meets criterion B.8. (5) VAR-001-2 R2 and TOP-006-2
R2 are duplicate requirements. VAR-001-2 R2 compels the TOP to acquire sufficient reactive
resources. TOP-006-2 R2 requires the RC, TOP and BA to monitor reactive resources. Since VAR-0012 R2 applies all the time, a TOP cannot know they have acquired and maintained reactive resources
unless they are monitoring them. Furthermore, TOP-006-2 R2 incorrectly applies to the BA. According
to the NERC Functional Model, the BA cannot monitor reactive resources that are not generators and
have no role in ensuring system voltages. Thus, TOP-006-2 R2 meets criterion B.7 because it is
redundant, and it meets criteria B.8 and B.9 because it assigns responsibility to a functional entity
(BA) that cannot meet it. This distracts the BA from its reliability mission.
NERC needs to develop guidance that includes these criteria for drafting teams to avoid developing
requirements that offer little reliability value in the future. There are many standards currently being
developed that include similar kinds of requirements that will make a future exercise like this
necessary. NERC should expend every effort to avoid such a future situation. Some examples can be
found in Project 2007-09 Generator Verification. Proposed MOD-027-1 R3 through R5 largely
memorializes the administrative interactions that must occur between the GO and TP to develop a
good active power/frequency control model. PRC-004-3 Part 4.2 in Project 2010-05.1 Misoperations is
another example. It requires maintenance of data regarding Corrective Action Plans. These are
administrative requirements and are unnecessary.
Group
The Edison Electric Institute (EEI), the National Rural Electric Cooperative Association (NRECA), the
Electric Power Supply Association (EPSA), the Transmission Access Policy Study Group (TAPS),
Electricity Consumers Resource Council (ELCON), the American Public Power Association (APPA), the
Large Public Power Council (LPPC) and, the Canadian Electricity Association (CEA) (collectively, the
Trade Associations).
Mark S. Gray
Edison Electric Institute
Yes
The Trade Associations agree with the criteria listed in the SAR to identify Reliability Standard
requirements for retirement. As noted above, the criteria were the product of intense discussions
among numerous stakeholders, including the Trade Associations, NERC, and the Regional Entities.
The criteria are also consistent with FERC’s guidance in paragraph 81 of the FFT Order.
Yes
The Trade Associations agree with the suggested list of Reliability Standard requirements contained in
the SAR for the Initial Phase of P81.
The Trade Associations support the following list of Reliability Standard requirements to be retired or
modified in a subsequent phase of the P81 project. To assist the Standards Drafting Team decide
what should be considered in phase 2, phase 3 etc., the Trade Associations have listed the
requirements in the order of importance – with those at the top of the list candidates for phase 2. The
Trade Associations understand, however, that the decision on how best to proceed with phase 2,
phase 3 will be weighed by the Standards Drafting Team, and, therefore, have not indicated any
bright line on what should or should not be included in phase 2 versus phase 3, etc. The Trade
Associations further note that the list of requirements listed below may be supplemented with
additional requirements as the phase 2/phase 3 discussions evolve. Additionally, the Trade
Associations believe that additional criteria for elimination may be proposed as part of the phase
2/phase 3 process. FAC-001-0 (all requirements) Criteria B 1, 3 and 6 Statement: The requirement in
FAC-001-0 to document and publish facility connection requirements has no impact on reliability. It is
purely a document that those considering to interconnect with a transmission entity may review as a
reference. Once an interconnection request is actually submitted to a transmission owner, the
transmission owner performs the FAC-002-1 steady-state, short-circuit, and dynamics studies to
determine the new interconnection’s impact on reliability. During the negotiation of an interconnection
agreement the FAC-001-0 reference material is agreed on and reduced to writing for purposes of
constructing, maintaining and operating the interconnection facilities. Also, FAC-002-1 imposes an
obligation on the parties to coordinate and cooperate during the assessment of the reliability impact
of the new interconnection facilities. Thus, FAC-001-0, at best, is a best practice or helpful initial
guide to an entity considering interconnecting, but provides little, if any, meaningful value to

reliability, especially when compared to the actual benefits to reliability via the FAC-002-1 studies, the
execution of a negotiated agreement and the coordination of activities during construction and
operation of the new facilities. Accordingly, FAC-001-0 should be retired, and, if necessary, the
transfer of any requirements that protect reliability to FAC-002-1. All INT Standards (With the
exception of INT-007-1 R1.2 which is part of and should remain in the Initial Phase.) Criteria B 6, 7
and 9 Statement: Many of the INT Reliability Standard requirements are very close to duplicative of
similar requirements in the BAL Reliability Standards or address commercial matters. As drafted, the
INT Reliability Standards include tasks or activities that do little, if anything, to promote the
protection the Bulk Electric System. Thus, it is recommended that the Standards Drafting Team retire
the INT Reliability Standards, and, as necessary, transfer any requirement that protect reliability to
the BAL Reliability Standards. ALL DATA COLLECTION REQUIREMENTS NOT INCLUDED IN THE
INITIAL PHASE CIP-005-3a, -4a R5.3 CIP-006-3c, -4c R7, R8.3 CIP-007-3, -4 R5.1.2; R6.4 CIP-0083, -4 R2 PRC-018-1 R5 Criteria B 1, 2 and 9 Statement: These requirements are purely a data
retention requirement with no functional nexus to reliability, and, therefore, are best handled via
compliance monitoring, RSAWs or as a data request during an audit. ALL REPORTING OUT
REQUIREMENTS NOT INCLUDED IN THE INITIAL PHASE EOP-002-3 R9.2 EOP-004-1 R3 and its
subrequirements; R4 and R5 FAC-003-1 R3; FAC-003-1 R3.1: FAC-003-1 R3.2: FAC-003-1 R3.3:
FAC-003-1 R3.4: FAC-003-1 R3.4.1: FAC-003-1 R3.4.2: FAC-003-1 R3.4.3: FAC-003-1 R4 FAC-0102.1 R5 FAC-011-2 R5 FAC-013-2 R6 MOD-012-0 R2 MOD-020-0 R1 MOD-021-1 R3 PRC-004-1a R3:
PRC-004-2a R3: PRC-004-WECC-1 R.3. PRC-007-0 R2; PRC-007-0 R3; PRC-009-0 R2; PRC-011-0 R2;
PRC-015-0 R3; PRC-016-0.1 R3; PRC-017-0 R2; PRC-021-1 R2 TPL-001-0.1 R3; TPL-002-0b R3; TPL003-0a R3; TPL-004-0 R2. Criteria B 1, 4 and 9 Statement: There is no direct nexus between
reporting out of information to an entity or Regional Entity and protecting reliability. If the Regional
Entity desires to review information for purposes of monitoring reliability or assessing risk, the
information should be collected via vehicles other than the Reliability Standards. Annual reviews CIP002-3, R3; CIP-002 -4 R3 CIP-003-3, -4 R1.3; CIP-003-3, -4 R4.3; CIP-003-3, - 4 R5.1.2; CIP-003-3,
- 4 R5.3 CIP-006-3c, -4 R1.8 CIP-007-3, -4 R9 CIP-009-3, -4 R1 EOP-005-1 R1; EOP-005-2 R3.1
EOP-008-0 R1.7 EOP-008-1 R5 IRO-014-1 R4.3 Criteria B 1, 2, 3, 7 and 9 Statement: The annual
review and update requirements are arbitrary, administrative and not aligned with the operation and
protection of the Bulk Electric System. These requirements should be retired or modified to align with
how the Bulk Electric System is operated and protected. OTHER REQUIREMENTS CIP-007-3, -4 R7
Criteria B 1, 2, 3 and 7 Statement: The essential elements of the process of disposing or redeploying
of Cyber Assets and the associated cyber security are set forth in R7.2 and R7.3. To require “formal
methods, processes and procedures” appears to require formal documentation for the sake of
documentation, rather than allowing the responsible entity to implement a process that achieves the
actions required in R7.2 and R7.3, which may or may not include formal procedures, for example.
EOP-004-1 R2 Criteria B 7 Statement: The analysis of the BES for system disturbances is covered in
the PRC-004-2.1a R1. The PRC Requirement R1 calls for the analysis of its transmission Protection
System Misoperations. We believe that BES analysis is covered inherently through this PRC standard,
making EOP-004 R1 redundant to the PRC standard. Another factor that was considered is the notable
absence of any requirement in EOP-004-2 to analyze the BES disturbance. The focus of EOP-004 is on
the reporting of applicable events that are identified in the PRC-004 standard. There is an event
analysis reporting process referenced in the NERC Rules of Procedures (ROP) that addresses this
requirement. Therefore, this is a redundant requirement. In February of 2012, NERC deployed its
Events Analysis Process – incorporating the learnings from two field trials held over the previous year
and a half. It includes all the necessary steps that affected operators must take to analyze and report
on events that may impair the reliability of the BES. Most Regional Entities have already updated their
reporting procedures to match NERC’s. Furthermore, NERC and the Regional Entities already have
sufficient authority to order analyses and corrective action plans outside of the Reliability Standards.
These are important steps for the development of Lessons Learned and trending analyses, but do not
contribute to reliable operations. In fact, it is arguable that the demand for near term reporting –
some within one hour of the initiation of the event – interferes with the efforts of front-line personnel
to mitigate the issue at hand BAL-004-0 (all requirements), BAL-005-0.1b R11; BAL-006-2 (all
requirements) Criteria B 6 and 9 Statement: BAL-004 requirement for time error correction is not
important for reliability and should be eliminated. BAL-004 also duplicates NAESB standard WEQ-006.
BAL-005 R11 states that Balancing Authorities shall include the effect of ramp rates, which shall be
identical and agreed to between affected Balancing Authorities, in the Scheduled Interchange values
to calculate ACE. This requirement is not needed for reliability. Ramp rates have minimal impact on

ACE calculations, and are already included in the definition of Interchange Schedule in the NERC
Glossary as used in R9. The requirement to use agreed upon ramp rates is commercial in nature and
is already covered by NAESB standard WEQ-004-17. BAL-006-2 is an after the fact accounting of
inadvertent interchange and does not impact reliability and should be eliminated. Consider
augmenting NAESB standard WEQ-007. CIP-003-3, -4 R2 and its subrequirements Criteria B 1 and 9
Statement: Whether the entity has a robust up-to-date CIP compliance plan may impact reliability,
but not whether there is an employee called a CIP senior manager that oversees the plan. CIP-004-3,
-4 R2.3 Criteria B 9 Statement: Whether the entity has a robust up-to-date, trained-on CIP
compliance plan may impact reliability, but not whether there is annual training. CIP-004-3, -4 R3.2
Criteria B 1, 9 Statement: Whether the entity has a robust up-to-date CIP compliance plan may
impact reliability, but not whether there is a seven year update to the personnel risk
assessment(PRA). CIP-004-3, -4 R4.1 Criteria B 1, 9 Statement: Whether the entity has a robust upto-date on CIP compliance plan may impact reliability, but not whether it reviews lists every seven
days. CIP-005-3a, -4a R2.5 and its subrequirements Criteria B 1, 9 Statement: Whether the entity
has a robust up-to-date CIP compliance plan to protect the ESP may impact reliability, but not
whether specific information is documented. CIP-007-3, -4 R3.1, R3.2 Criteria B 1, 9 Statement:
Whether the entity has a robust up-to-date CIP compliance plan to protect the PSP may impact
reliability, but not whether specific information is documented within 30 days. Also, whether the
entity has a robust up-to-date CIP compliance plan to protect the PSP may impact reliability, but not
whether specific information is documented. CIP-008-3 R1.4 Criteria B 1, 9 Statement: Whether the
entity has a robust up-to-date CIP compliance plan may impact reliability, but not whether specific
information is documented within 30 days or a change. EOP-001-1b, -2b Criteria B 7 Statement:
Duplicative with the other EOP Standards (e.g., Capacity and Energy emergency of EOP-002, Load
Shedding of EOP-003, and System Restoration of EOP-005). EOP-002-3 R1 Criteria B 7 Statement:
Duplicative of other requirements such as IRO-001-1 R8, and should be retired or modified to reduce
redundancy. EOP-002-3 R9 Criteria B 7 Statement: When a Transmission Service Provider expects to
elevate the transmission service priority of an Interchange Transaction from Priority 6 (Network
Integration Transmission Service from Non-designated Resources) to Priority 7 (Network Integration
Transmission Service from designated Network Resources). It is duplicative of NAESB standard WEQ008 and should be eliminated. EOP-005-2 R1.2. A description of how all Agreements or mutually
agreed upon procedures or protocols for off-site power requirements of nuclear power plants,
including priority of restoration, will be fulfilled during System restoration. Criteria B 1, 3 and 7
Statement: With the implementation of NUC-001-2 R2, there is no longer a need for EOP-005-2 R1.2.
Specifically, NUC-001-2 R2 requires Nuclear Plant Interface Requirements (NPIRs) to be included in
the agreements for operation and maintenance (including restoration process) for off-site nuclear
power: Ref: NUC-001-2 R2. The Nuclear Plant Generator Operator and the applicable Transmission
Entities shall have in effect one or more Agreements1 that include mutually agreed to NPIRs and
document how the Nuclear Plant Generator Operator and the applicable Transmission Entities shall
address and implement these NPIRs. Given the off-site power requirements of NUC-001-2 which
require comprehensive operational interface protocols (including restoration) between nuclear plants
and responsible entities as part of the NPIRs, there is no longer a need for the administrative,
documentation-only requirement in EOP-005-2 related to the same subject matter. FAC-013-1 (all
requirements) Criteria B 6 Statement: It is really a commercial planning practice suitable for Order
1000 under Section 205/206 as opposed to Section 215. IRO-002-2 (all requirements) Criteria B 7
Statement: Redundant with COM-002-2, R1 COM-001-1.1, R1 and IRO-002-2, R2 and R3 IRO-005-3a
R10 Criteria B 9 Statement: Confusing requirement. It was intended to address rare cases where
entities were told to operate to different SOLs and IROLs. However, since only the TOP and the RC
can see these parameters, the only thing a GOP can do is follow a directive. IRO-014-1 R4 Criteria B 9
Statement: Requirement 4 (including sub-parts) should be rolled up into R1 and eliminated.
Requirement 1 should be modified to require "current operating procedures, processes or plans with
all adjacent RCs. IRO-015-1 R2.1 Criteria B1 and 9 Statement: Whether the procedure, process and
plan is robust and up-to-date may impact reliability, not whether there are weekly calls. MOD-001-1
and MOD-008-1 (all requirements) Criteria B 6 and 9 Statement: NERC should be focused on
modeling the BES and managing SOLs and IROLs, the methodologies for the determination of CBM,
TTC and ATC are commercial matters associated with the reservation and allocation of rights to
transfer capability among transmission customers. While transfer capability calculations should be
based on models of the BES, the NAESB WEQ should address the issues raised in MOD-001, MOD004, MOD-008, MOD-028 thru 030, and TOP-002-2 R12. Criteria B 6 and 9 Statement: This could be

handled as a data request from an RE or other Registered Entities, and therefore would not need a
requirement, as there are too many requirements that warrant an attestation that no request was
made. MOD-016-1.1 and MOD-021-1 (all requirements) Criteria B 9 Statement: MOD-016 through
MOD-021 are all about long term load forecasting and reporting of actual loads. Most of this can be
eliminated from the standards and replaced with a data collection process (e.g., DADS). Loads to be
used in modeling should be incorporated in the data requirements of MOD-010 and MOD-012 and not
a separate standard. MOD-019-0.1 R1 Criteria B 1, 2, and 9 Statement: MOD-019-0.1 covers
“Reporting of Interruptible Demands and Direct Control Load Management,” which requires reporting
of a forecast of interruptible demand and direct control load management data. This reporting is
administrative in nature, and the information is not important for reliability. The data is best gathered
through DADS and not through a standard. MOD-028-1 (all requirements); MOD-029-1a (all
requirements); MOD-030-2 (all requirements) Criteria B 6 and 9 Statement: Do the ATC / TTC
standards belong in NERC or NAESB (i.e., MOD-001, MOD-004, MOD-008, MOD-028 thru 030, and
TOP-002-2 R12)? I think NERC should be focused on managing SOLs and IROLs, whereas NAESB on
TTC, ATC, etc., and I think these can/should be moved to the NAESB standards. PRC-011-0 R1
Criteria B 4 and 9 Statement: Requirements for maintenance of under-frequency load shedding
systems (“UFLS”) and under-voltage load shedding systems (“UVLS”) are not needed to meet an
adequate level of BES reliability. UFLS and UVLS installations are widely distributed. Distribution
circuit outages, distribution field switching, and varying load profiles, such as peak and off-peak,
could impact the amount of load that would be automatically shed by UFLS and UVLS. Therefore,
entities must include adequate margins above their obligation to be able to meet the obligated load
shed at all times as required by Reliability Standards, such as PRC-006 and PRC-007, that are
performance-based, or results-based. While UFLS and UVLS are, of course, important safety-net
systems, PRC-011-0 R 1 maintenance requirement is not needed to provide a “defense-in-depth”
approach due to the margins required to meet performance-based requirements. Thus, Like PRC-0080 R1 included in Phase I, Reliability Standard PRC-011-0 R1 which involves maintenance of UVLS, is
not needed. In fact, it is typically the same relays and associated equipment that provides both the
UFLS and the UVLS functions. PRC-022-1 R1, R1.1, R1.2, R1.3, R1.4, and R1.5 Criteria B 7
Statement: Whether the responsible entity has robust UVLS misoperation and correction action is
redundant with PRC-004-1a, -2a. TOP-001-1a R7 (and its subrequirements) Criteria B 9 Statement:
For R3, there are three projects in progress addressing the issuance of directives by the RC, BA, and
TOP. This includes COM-003-1's requirements for the issuances of "not quite directives" Also, for R7
All outages information should be submitted to the TOP and/or BA in accordance with their data
requirements. TOP-002-2b R8 and R 9 Criteria B 6, 7 and 9 Statement: “Each Balancing Authority
shall plan to meet voltage and/or reactive limits, including the deliverability/capability for any single
contingency”, is duplicative of VAR-001 (and incorrect) and should be eliminated. “Each Balancing
Authority shall plan to meet Interchange Schedules and ramps”, is duplicative of the BAL standards
and the NAESB standards and should be eliminated. TOP-002-2b R12 Criteria B 6 and 9 Statement:
The ATC / TTC standards may belong in NAESB (i.e., MOD-001, MOD-004, MOD-008, MOD-028 thru
030, and TOP-002-2 R12)? NERC standards should be focused on managing SOLs and IROLs, whereas
NAESB on TTC, ATC, etc. TOP-002-2b R14 and R14.1 Criteria B 9 Statement: All derating information
should be submitted to the TOP and/or BA in accordance with their data requirements. TOP-002-2b
R15 Criteria B 9 Statement: Each Balancing Authority and Transmission Operator shall maintain
accurate computer models utilized for analyzing and planning system operations is a "how"
requirement that is needed to meet other requirements in the standard. It is also not measureable,
and the requirement should be eliminated. All weekly forecasts should be submitted to the TOP
and/or BA in accordance with their data requirements. TOP-003-1 R1 and its subrequirements; R2
and R3 Criteria B 9 Statement: All planned outage information should be submitted to the TOP and/or
BA in accordance with their data requirements. TOP-005-2a R3 Criteria B 9 Statement: PSEs are not
best positioned to provide reliability information.
The Trade Associations believe that the P81 project should be considered a high priority Standards
development project for the following reasons: • Responsive to P81 of FERC’s March 15, 2012 order
and SPIG Recommendation No. 4 • Will increase efficiency of the ERO compliance programs •
Requirements submitted for the initial phase appear to be clear candidates on their face and should
not require extensive technical research • The collaborative nature of the project is an example for
future work, because it advances the project while reducing the impact on stakeholders and NERC
staff • The proposed pace of the project sets an example for future work • Furthers the focus on
results, performance based Reliability Standards • May provide a roadmap of what should or should

not be a requirement in future Reliability Standards • The draft P81 SAR criteria are designed to be
sufficiently broad to capture all FERC approved reliability Standards that are unnecessary, redundant
or do little to protect reliability • Eliminating Reliability Standards requirements that are unnecessary,
redundant or do little to protect reliability will eliminate distractions from our focus on reliability Based
on these benefits, the Trade Associations strongly support the Standards Drafting Team and NERC
staff working together to file the initial list of Reliability Standards for retirement with the Federal
Energy Regulatory Commission prior to the end of the year, and that the Standards Drafting Team
also make significant progress on the scope of the phase two P81 Reliability Standards list by the end
of the year.
Individual
Kirit Shah
Ameren
Yes
Yes
We appreciate the excellent work done by the P81 Project team in developing the criteria and agree
with the list of suggested standards/requirements that easily satisfy the criteria in this initial phase.
We support and agree with Trade Association's comments and their suggested list of Reliability
Standard requirements to be retired or modified in the subsequent phase of the P81 Project. In
addition, we suggest that IRO-005-3, R10 should be modify to eliminate its applicability to LSE and
PSE in addition to GOP. While the IRO-005-3_1a, R10 is necessary for the reliable operation of the
BES, its applicability to LSE and PSE also is questionable as these entities do not "operate" the BES.
We believe that it is redundant (criteria B7) with other requirements where these entities (GOP, LSE,
and PSE) have to follow the RC and/or TOP directives.
Individual
Jason Snodgrass
Georgia Transmission Corporation
Yes
Georgia Transmission Corporation agrees with the criteria listed in the SAR to identify Reliability
Standard requirements for either modification or withdrawal.
No
GTC agrees that the suggested list easily satisfies the criteria in the draft SAR, but GTC also believes
this is an incomplete list for Phase I. GTC also believes the following Reliability Standard requirements
easily satisfy the criteria listed in the draft SAR and recommends reconsidering and adding to the list
in the initial Phase I. MOD-016-1.1;R1:The Planning Authority and Regional Reliability Organization
shall have documentation identifying the scope and details of the actual and forecast (a) Demand
data, (b) Net Energy for Load data, and (c) controllable DSM data to be reported for system modeling
and reliability analyses. [Meets Criteria A, B1, B2, B3, B9] MOD-016-1.1 R1.1 The aggregated and
dispersed data submittal requirements shall ensure that consistent data is supplied for Reliability
Standards TPL-005, TPL-006, MOD-010, MOD-011, MOD-012, MOD-013, MOD-014, MOD-015, MOD016, MOD-017, MOD-018, MOD-019, MOD-020, and MOD-021. The data submittal requirements shall
stipulate that each Load-Serving Entity count its customer Demand once and only once, on an
aggregated and dispersed basis, in developing its actual and forecast customer Demand values. Meets
Criteria A, B1, B3, B4, B9 MOD-016-1.1 R3 The Planning Authority shall distribute its documentation
required in R1 for reporting customer data and any changes to that documentation, to its
Transmission Planners and Load-Serving Entities that work within its Planning Authority Area. Meets
Criteria A, B1, B3, B9 MOD-016-1.1 R3.1 The Planning Authority shall make this distribution within 30
calendar days of approval. Meets Criteria A, B1, B3, B9 MOD-017-0.1 R1 The Load-Serving Entity,
Planning Authority and Resource Planner shall each provide the following information annually on an
aggregated Regional, subregional, Power Pool, individual system, or Load-Serving Entity basis to
NERC, the Regional Reliability Organizations, and any other entities specified by the documentation in
Standard MOD-016-1_R1. Meets Criteria A, B1, B4, B9 MOD-017-0.1 R1.1 Integrated hourly demands
in megawatts (MW) for the prior year. Meets Criteria A, B1, B4, B9 MOD-017-0.1 R1.2 Monthly and
annual peak hour actual demands in MW and Net Energy for Load in gigawatthours (GWh) for the

prior year. Meets Criteria A, B1, B4, B9 MOD-017-0.1 R1.3 Monthly peak hour forecast demands in
MW and Net Energy for Load in GWh for the next two years. Meets Criteria A, B1, B4, B9 MOD-0170.1 R1.4 Annual Peak hour forecast demands (summer and winter) in MW and annual Net Energy for
load in GWh for at least five years and up to ten years into the future, as requested. Meets Criteria A,
B1, B4, B9 MOD-018-0 R1 The Load-Serving Entity, Planning Authority, Transmission Planner and
Resource Planner’s report of actual and forecast demand data (reported on either an aggregated or
dispersed basis) shall: Meets Criteria A, B1, B3, B9 MOD-018-0 R1.1 Indicate whether the demand
data of nonmember entities within an area or Regional Reliability Organization are included, and
Meets Criteria A, B1, B3, B9 MOD-018-0 R1.2 Address assumptions, methods, and the manner in
which uncertainties are treated in the forecasts of aggregated peak demands and Net Energy for
Load. Meets Criteria A, B1, B3, B9 MOD-018-0 R1.3 Items (MOD-018-0_R 1.1) and (MOD-018-0_R
1.2) shall be addressed as described in the reporting procedures developed for Standard MOD-0161_R 1. Meets Criteria A, B1, B3, B9 MOD-018-0 R2. The Load-Serving Entity, Planning Authority,
Transmission Planner, and Resource Planner shall each report data associated with Reliability
Standard MOD-018-0_R1 to NERC, the Regional Reliability Organization, Load-Serving Entity,
Planning Authority, and Resource Planner on request (within 30 calendar days). Meets Criteria A, B1,
B4, B9 MOD-019-0.1 R1. The Load-Serving Entity, Planning Authority, Transmission Planner, and
Resource Planner shall each provide annually its forecasts of interruptible demands and Direct Control
Load Management (DCLM) data for at least five years and up to ten years into the future, as
requested, for summer and winter peak system conditions to NERC, the Regional Reliability
Organizations, and other entities (Load-Serving Entities, Planning Authorities, and Resource Planners)
as specified by the documentation in Reliability Standard MOD-016-1_R 1. Meets Criteria A, B1, B4,
B9 MOD-020-0 R1. The Load-Serving Entity, Transmission Planner, and Resource Planner shall each
make known its amount of interruptible demands and Direct Control Load Management (DCLM) to
Transmission Operators, Balancing Authorities, and Reliability Coordinators on request within 30
calendar days. Meets Criteria A, B1, B4, B9 MOD-021-1 R1. The Load-Serving Entity, Transmission
Planner and Resource Planner’s forecasts shall each clearly document how the Demand and energy
effects of DSM programs (such as conservation, time-of-use rates, interruptible Demands, and Direct
Control Load Management) are addressed. Meets Criteria A, B1, B3, B9 MOD-021-1 R2. The LoadServing Entity, Transmission Planner and Resource Planner shall each include information detailing
how Demand-Side Management measures are addressed in the forecasts of its Peak Demand and
annual Net Energy for Load in the data reporting procedures of Standard MOD-016-0_R1. Meets
Criteria A, B1, B3, B9 MOD-021-1 R3. The Load-Serving Entity, Transmission Planner and Resource
Planner shall each make documentation on the treatment of its DSM programs available to NERC on
request (within 30 calendar days). Meets Criteria A, B1, B3, B9 PRC-005-1b R2. Each Transmission
Owner and any Distribution Provider that owns a transmission Protection System and each Generator
Owner that owns a generation Protection System shall provide documentation of its Protection System
maintenance and testing program and the implementation of that program to its Regional Reliability
Organization on request (within 30 calendar days). The documentation of the program
implementation shall include: Meets Criteria A, B1, B3, B9 PRC-005-1b R2.1. Evidence Protection
System devices were maintained and tested within the defined intervals. Meets Criteria A, B1, B3, B9
PRC-005-1b R2.2. Date each Protection System device was last tested/maintained. Meets Criteria A,
B1, B3, B9 PRC-006-1 R7. Each Planning Coordinator shall provide its UFLS database containing data
necessary to model its UFLS program to other Planning Coordinators within its Interconnection within
30 calendar days of a request. Meets Criteria A, B1, B4, B9 PRC-006-1 R8. Each UFLS entity shall
provide data to its Planning Coordinator(s) according to the format and schedule specified by the
Planning Coordinator(s) to support maintenance of each Planning Coordinator’s UFLS database. Meets
Criteria A, B1, B4, B9 PRC-006-1 R14. Each Planning Coordinator shall respond to written comments
submitted by UFLS entities and Transmission Owners within its Planning Coordinator area following a
comment period and before finalizing its UFLS program, indicating in the written response to
comments whether changes will be made or reasons why changes will not be made to the following:
14.1. UFLS program, including a schedule for implementation 14.2. UFLS design assessment 14.3.
Format and schedule of UFLS data submittal Meets Criteria A, B1, B3, B9 PRC-007-0 R2. The
Transmission Owner, Transmission Operator, Distribution Provider, and Load-Serving Entity that owns
or operates a UFLS program (as required by its Regional Reliability Organization) shall provide, and
annually update, its underfrequency data as necessary for its Regional Reliability Organization to
maintain and update a UFLSprogram database. Meets Criteria A, B1, B4, B9 PRC-007-0 R3. The
Transmission Owner and Distribution Provider that owns a UFLS program (as required by its Regional

Reliability Organization) shall provide its documentation of that UFLS program to its Regional
Reliability Organization on request (30 calendar days). Meets Criteria A, B1, B3, B4, B9 PRC-011-0
R2. The Transmission Owner and Distribution Provider that owns a UVLS system shall provide
documentation of its UVLS equipment maintenance and testing program and the implementation of
that UVLS equipment maintenance and testing program to its Regional Reliability Organization and
NERC on request (within 30 calendar days). Meets Criteria A, B1, B3, B4, B9 PRC-015-0 R3. The
Transmission Owner, Generator Owner, and Distribution Provider that owns an SPS shall provide
documentation of SPS data and the results of studies that show compliance of new or functionally
modified SPSs with NERC Reliability Standards and Regional Reliability Organization criteria to
affected Regional Reliability Organizations and NERC on request (within 30 calendar days). Meets
Criteria A, B1, B4, B9 PRC-017-0 R2. The Transmission Owner, Generator Owner, and Distribution
Provider that owns an SPS shall provide documentation of the program and its implementation to the
appropriate Regional Reliability Organizations and NERC on request (within 30 calendar days). Meets
Criteria A, B1, B3, B4, B9 PRC-018-1 R5. The Transmission Owner and Generator Owner shall each
archive all data recorded by DMEs for Regional Reliability Organization-identified events for at least
three years. Meets Criteria A, B1, B2, B3, B9 PRC-021-1 R2. Each Transmission Owner and
Distribution Provider that owns a UVLS program shall provide its UVLS program data to the Regional
Reliability Organization within 30 calendar days of a request. Meets Criteria A, B1, B4, B9 PRC-023-1
R3.3. The Planning Coordinator shall provide a list of facilities to its Reliability Coordinators,
Transmission Owners, Generator Owners, and Distribution Providers within 30 days of the
establishment of the initial list and within 30 days of any changes to the list. Meets Criteria A, B1, B4,
B9 TOP-001-1a R4. Each Distribution Provider and Load-Serving Entity shall comply with all reliability
directives issued by the Transmission Operator, including shedding firm load, unless such actions
would violate safety, equipment, regulatory or statutory requirements. Under these circumstances,
the Distribution Provider or Load-Serving Entity shall immediately inform the Transmission Operator
of the inability to perform the directive so that the Transmission Operator can implement alternate
remedial actions. Same requirement as R3 which made the Phase I list, only difference is applicability.
FAC-001-0 (all requirements) Criteria B 1, 3 and 6 Statement: The requirement in FAC-001-0 to
document and publish facility connection requirements has no impact on reliability. It is purely a
document that those considering to interconnect with a transmission entity may review as a
reference. MOD-016-1.1 and MOD-021-1 (all requirements) Criteria Meets Criteria A and a
combination of either or all of B1, B2, B3, B4, B 9 Statement: MOD-016 through MOD-021 are about
long term load forecasting and reporting of actual and forecast loads. Requirements could be
eliminated from the standards and replaced with a data collection process (e.g., TADS/DADS, etc.).
Loads to be used in modeling could be incorporated in the data requirements of MOD-010 and MOD012 and not a separate standard. Additionally, MODs-016 through 021 have yet to be classified as
Tier 1, 2, or 3; nor have they yet to be identified on NERC’s Actively Monitored List. PRC-006-1 (R7,
R8, and R14) Criteria: Meets Criteria A and a combination of either or all of B1, B3, B4, B9
Statement: Recommend these requirements to be eliminated from the standards and replaced with a
data collection and or reporting process (e.g., TADS/DADS, etc.). PRC-023-1 (R3.3) Criteria: Meets
Criteria A and a combination of either or all of B1, B4, B9 Statement: Recommend these requirements
to be eliminated from the standards and replaced with a data reporting process. TOP-001-1a (R4)
Criteria: Meets Criteria A and B1 Statement: Same requirement as TOP-001-1a (R3) which made the
Phase I list, only difference is applicability.
Reliability Standard requirements are those that provide for Reliable Operation, including without
limiting the foregoing, requirements for the operation of existing Facilities, including cyber security
protection, and including the design of planned additions or modifications to such Facilities to the
extent necessary for Reliable Operation. NERC administers other programs, such as industry alerts,
reliability assessments, event and trend analyses, education, and monitoring and enforcing Reliability
Standards. These other programs are designed to work in concert with Reliability Standards to
support reliable operation. NERC requirements relating to administering these other programs are
very important but are not Reliability Standard requirements. One of the criteria for evaluating the
elimination of a Reliability Standard requirement is that it is purely reporting. There are a number of
NERC requirements for these other NERC programs embedded in Reliability Standards. Most of them
are purely reporting. However, to the extent that there may be other requirements for these NERC
programs embedded that are not purely reporting, they should also be considered for elimination.
Reliability Standards by definition are not mechanisms for the administration of those other NERC
programs. GTC recommends identifying these requirements (ex. MOD-016 through 021) and

appending them to the Phase I list.
Group
SRC
Al DiCaprio
PJM
Yes
The criteria listed in the SAR capture the right categories; however, consider restructuring B1. B2
through B5 are examples of administrative requirements and should possibly be sub-items of B1.
While we generally support this proposed effort and agrees with most of the criteria, the exception is
B5: “The Reliability Standard requirement requires responsible entities to periodically update (e.g.,
annually) documentation, such as a plan, procedure or policy without an operational benefit to
reliability.” Take for example the system restoration plan. An annual review is necessary to ensure
that the plan recognizes BES facility changes that occurred since the last review/update. Another
example is the exceptions to the cyber security policy that needs to be reviewed and approved by the
senior manager or delegate(s) to ensure the exceptions are still required and valid. Applying this
criterion in a broad brush manner without looking at each requirement may result in removing
requirements that are still needed for reliability. In addition, the acid test for retirement of a
requirement is when the standard drafting team reviews the overall reliability impact of removing a
particular requirement from a standard, and how it may affect other related standards. In brief, it
may be a bit premature to pass on this judgment at the SAR stage. We urge the SAR proponent to
simply suggest that the proposed requirements be considered and evaluated by the SDT as opposed
to making a presumption (and hence setting a high expectation for the industry) that the proposed
list will be retired. And, in order to meet the requirements for regulatory approval, we suggest the
SDT to provide strong technical basis to justify each retirement.
Yes
• PRC-009-0 R1 – R2 are in the process of being retired by PRC-006-1 as such these requirements
will eventually go away. • VAR-002-WECC-1 R2 - Regional standards/requirements for retirement
should go through the regional standards process not the NERC continent wide process. • VAR-501WECC-1 R2 - Regional standards/requirements for retirement should go through the regional
standards process not the NERC continent wide process. • Consider adding IRO-014-2 R2
requirements: R2 Each Reliability Coordinator shall maintain its Operating Procedures, Operating
Processes, or Operating Plans identified in Requirement R1 as follows: [Violation Risk Factor: Lower]
[Time Horizon: Same Day Operations and Operations Planning] 2.1. Review and update annually with
no more that 15 months between reviews. 2.2. Obtain written agreement from all of the Reliability
Coordinators required to take the indicated action(s) for each update. These meet criteria B1 and B5.
Consider including the following standards for review in Phase II: BAL-004-0 – Time Error Correction
MOD-030-2 – Flowgate Methodology PRC-006-1 R8 (provision of data) PRC-006-1 R14 (administrative
– response to written comments)
We support the P81 team’s efforts and appreciate the effort to pull together this initial list of criteria
and requirements. The SRC is looking forward to seeing a concrete timeline for the project.
Group
PPL Corporation NERC Registered Affiliates
Stephen J. Berger
PPL Generation, LLC on behalf of its Supply NERC Registered Entities
Yes
Yes

Process will be used where the SDT must respond to comments and a stakeholder vote for approval.
Additionally, the process should allow for individual (or groups) of stakeholders to request a
standard’s removal or modification that is not designated by the SDT for removal.
Group
Western Electricity Coordinating Council
Steve Rueckert
WECC
No
WECC offers the following related to the criteria listed in the SAR. WECC beleives the OVERARCHING
CRITERIA listed under "A" needs clarification and that as currently identified is too vague. The
Overarching Criterion statement is too broad and is contrary to the FPA Section 215. “Impact” is an
ambiguous term. There is no measure as to how to quantify a Requirement’s “impact” and to
distinguish between “little” impacts as opposed to some other metric of “impact.” More importantly,
however, a Requirement that has any impact on the reliable operation of the BES cannot be dismissed
as inconsequential, even if it is determined to have “little” impact. The "impact" must be weighed
against the "burden" of the standard and potential for efforts to demonstrate compliance hindering or
preventing other more "impactful" reqiurements. Further, the Standard Requirements work in concert
with one another. For many Standard Requirements, it is impossible to reasonably assess the
“impact” of a single Standard Requirement. For example, the “purpose” statement for CIP Standard
Requirements reads that “[CIP Standard Requirements] should be read as part of a group of
standards numbered Standards CIP-002 through CIP-009.” To examine the “impact” of a single
Standard Requirement, therefore, contradicts the intent and purpose of many Standard Requirements
that are crafted to operate in concerns with one another. WECC believes the B1 Administrative
Technical Criteria needs claificaiton and is vague as currently written. The term “administrative” is
ambiguous and could cover a broad range of activities. Further, “administrative requirements” often
require evidence of program or procedure creation. However, WECC does agree with this criteria, but
only in the case where all three criteria listed (administrative, does not support reliability, and
needlessly burdensome) are met. WECC disagrees witht he B2 Technical Criteria Data Collection/Data
Retention. Data Collection/Data Retention is often the only means by which a Responsible Entity can
objectively demonstrate compliance. As to mandatory data retention periods, an explicit mandate to
retain data may be required to meet compliance obligations unique to a particular Standard
Requirement. However, if treated correctly, a requirement for the data collection/retention for
compliance purposes could be removed from the Requirmeetns and made part of the Measures or
RSAWs. WECC Disagrees with the B3 criteria Purley Documentation unless it can be clearly
demonstrated that the dcoumentation does not protect the reliabiltity of the BES in any way. In some
cases Plans/Policies/Procedures are necessary for employees to have a guide for not only protection
but maintaining and restoring BES assets (i.e. Restoration Plans). Documentation of plans, policies
and procedures, is key in defining the parameters of compliance. Further, plans/policies and
procedures are often the only means by which Compliance and Enforcement can assess a responsible
entity’s compliance with a Standard Requirement. WECC Disagrees with the B4 criteria Purely
Reporting unless no purpose for the reporting can be identified. Reporting helps overarching
organizations (ex. ES ISAC) detect potential issues earlier, by giving them more information and from
multiple entities. These issues may seem small or insignificant when viewed by a singular entity but
may have a more a drastic impact when viewed from the perspective of the entire BES. WECC
Disagrees with the B5 criteria Periodic Updates unless it can be clearly demonstrated that the
reproting has no operational benefit to reliability. Without these requirements there is nothing in place
to ensure entityies are maintaining, and periodically verifying the accuracy of these documents. With
the criteria established as it is, there is no real way of measuring the effect of “operational benefit to
reliability”. Is it measured by the size of impact (MW), by time (something that will take over a 1hr),
or by Time Horizon (Same-Day operations vs. Real Time Operations). It is recommended to establish
a more accurate means to measure these criteria. If proberly handled, these reporting requirements
that that demonstrate the entities are maintaining certain necessary documents could be moved from
the Requirements to the Measures or RSAWs. WECC agrees with the B6 criteria of Business Practices.
B7 criteria Redundant: Although WECC agrees requirements should not be redundant with each other,
if compliance is left to other regulators (Open Access Transmission Tariff, NAESB, etc.) compliance
may not be held up to NERC expectations or interpretations. In identifying redundant standards, only
NERC Reliability Standards should be considered. WECC agrees with B* criteria, WECC believes the B9

criteria needs clarification and as written is vague. How will the determination that teh Requirements
do little, if anything, to promote the protection of the BES be determined? WECC disagrees with C1.
The FFT determination is not predicated on any particular Standard Requirement. The FFT
determination is fact specific. Even a requirement that is critical to the BES may have an FFT’d
violation if the manner in which the requirement was violated was minor. WECC beleives C2 is vague
and needs clarification. Not certan what it means if the requirement is being revieweed in an on-going
Standards Development Project. Is this the same as B7 Redundant? WECC agrees C3 is a factor that
should be considered. WECC agrees with C4 but beleives information on how the tiers will be viewed
should be included. WECC agrees with C5. WECC believes C6 and C7 are vague as written and
believes that these last two reference points are intended to indicate that if the answer is yes, then
the requirement or standard would NOT be eligable for retirement. This should be clarified.
No
WECC supports the majority of the Standards Requirements identified, but notes concerns with the
following. WECC recommends eliminating CIP-003 R1 in its entirety. WECC disagrees with the
inclustion of CIP-007, R7.3. This requirement is necessary for entity’s to demonstrate compliance with
the other sub-requirements of CIP 007 R7. However, this requirement could be moved to a Measure
or RSAW to demonstrate compliance with the other sub-requirements of CIP-007, R7. WECC
disagrees with the includsion of IRO-016-1, R2. Required documentation of the RC’s actions to
remedy an event is necessary for quality and efficient root cause analysis, including insight into the
RC’s wide view of actions during an event or disagreement. The language in the SAR statement for
IRO-016-1 R2 points to this information being monitored through Spot Checks or other compliance
monitoring methods. If this standard is removed yet the information is to be included in future
compliance monitoring there must be some sort of methodology that requires the entity to retain the
associated data to be kept for the duration of the required cycle for monitoring (i.e. audit cycle if
monitored through audits). It is important that entities document the actions taken that analyze the
effect on the system as well as the BES for either an even or/and for the disagreement on the
problem. Therefore, it is important that this information is part of the overall compliance monitoring
program. MOD-004 is not redundant to TOP-002 even though the CBM itself may be a tariff issue and
rarely used. The reliability piece is that if the CBM is used by a TSP then the details of it must be
available for use in system studies. Without the awareness of a transmission holdback for CBM when
it exists, a network study could be run and show no issues but if at some time the CBM were
implemented an overload could result. This might not always be the case but unless the CBM
parameters are known and modeled it could impact reliability. WECC disagrees with the
recommendations with PRC-008-0 R1 and PRC-008-0 R2. Unless these standards are being
superseded, WECC does not agree that they provide “little protection to the BES.” They are not
administrative in nature like the other standards in this group. They insure that maintenance and
testing program is established and implemented for an entity’s UFLS protection systems. Without
these standards, there is reduced assurance that UFLS protection systems will operate correctly when
called upon for an under-frequency event. UFLS has a vital role in its effectiveness for preserving
system stability and elimination of these standards may reduce its effectiveness. This standard is
about making sure the equipment is maintained not about collecting data. If and when PRC-005-2 is
adopted, and if it were to include the UFLS devices, then this standard should be considered for
removal. WECC believes the statements associated with TOP-001-1a, R3 are incorrect. Removing
TOP-001-1a would result in no NERC requirement for parties to follow TOP directives. The current
TOP-001-1a R3 requires BOTH TOP and RC directives to be followed. The proposed IRO-001-3 R2
requires ONLY RC directives to be followed. In addition, the SAR statement is incorrect. TOP-001-1a
R3 applies to directives issued by the TOP (and also the RC). IRO-001-1a applies only to directives
from the RC. If the intent, as they state, is to replace TOP-001-1a R3 with IRO-001-3, that leaves a
void for an entity to comply with a directive from the TOP. Only the part about following an RC
directive is redundant. Requirement should be modified to eliminate the redundancy, but not retired.
WECC disagrees witht he inclusion of CIP-001, R4. An entity has many enforcement agencies to
contact without the FBI listed in the operating instructions they could easily be overlooked. This
Requirement has encouraged entities to establish a current communication line with the FBI. In fact,
several other larger entities are members of InfraGard®, which is a partnership between the FBI and
the private sector. Retiring R4 will remove the incentive of having a working relationship with the FBI,
especially among the smaller entities. Retiring R4 may effectively delay or prevent the FBI from
rapidly locating those responsible for sabotage. The requirement is not “needlessly burdensome”,
which is a criteria for deletion. WECC believes the requirements VAR-002-WECC-1, R2, and VAR-502-

WECC-1, R2, are probably the best way of demonstrating compliance with the accociated R1
requirments. The two VAR R2 requirements do not say the entity has to submit the information to
WECC (Regional Entity), only that it shall have the documentation to prove exclusion for the sub
requirements in R1. We’ve had cases where entities don’t meet the 98% availability and if the entity
was claiming exclusion time, WECC would want to review the documentation that proves the
exclusion. It is in the entity’s best interest to keep exclusion documentation in case its units don’t
make the 98%, but this is beter suited for a Measure or RSAW.
CIP 002 R2/R3/R4: Redundant and require revision. Each of these requirements requires an annual
review of the Critical Asset list and Critical Cyber Asset list. WECC agrees these protections are
required, however, the standard should be revised so either CIP 002-3 R4 is removed and CIP 002-3
R1-R3 are revised to require annual review and approval of the appropriate documentation, or CIP
002-3 R2 and R3 are revised to no longer require an annual review. CIP 005 R1.5/006 R3: These are
redundant and should be removed/revised. CIP 006-3 R3 is redundant with CIP 005-3 R1.5. Either
CIP 005-3 R1.5 should be revised to no longer require the protections of CIP 006-3 R3, or CIP 006-3
R3 should be removed and the content of CIP 006 R3 moved to CIP 005 R1.5. CIP 005 R1.5/006
R2.2: Redundant. Should be revised. Devices applicable to these requirements may be redundant if
they are classified as CCA (thus duplicated with CIP 002 – CIP 009) or reside within an ESP (thus
duplicated with CIP 007). The requirements should be revised to take into account the situation where
a device resides within an ESP or is classified as CCA, and is a device used in the EACM/PACM of
ESPs/PSPs. Note: It appears this is being addressed in V.5 of CIP. CIP-005, R5: Should be removed
and the protections highlighted in this requirement moved to appropriate requirements it references.
This will cause less confusion with entities, and be more precise with exactly what documentation is
required to be reviewed and approved. CIP 005 R5.1/R5.2: Redundant. Should revise CIP 005 R1.6 to
include the wording of CIP 005 R5.1, and remove CIP 005 R5.1. This will cause less confusion with
entities, and be better aligned with the CIP 005 R1.6 requirement. CIP 005 R5.3: Redundant. Should
revise CIP 005 R3 to include the wording of this sub-requirement, and CIP 005 R5.3 should be
removed. This change will create a better fit in the appropriate requirement, and be less confusing for
entities. CIP 007 R9: Should be removed and the protections highlighted in this requirement moved
to appropriate requirements it references. Thus CIP 007 requirements that require documentation
should include the need to review and update the documentation. This will cause less confusion with
entities, and be more precise with what documentation is required to be reviewed and approved. EOP004-1 R3.2: Little, if any, value as a reliability requirement. This requirement points to attachments
that could be addressed in the main part of the R3 standard. This requirement does nothing to
promote the protection of the BES. VAR-001-2 R10: Redundant. The reliability purpose for R10 is to
make sure that operators don’t think that exceeding an SOL or IROL due to voltage issues is
acceptable. There are multiple standards requiring operators not exceed and maintain an SOL or IROL
with 30 minutes, regardless of the cause of the exceedance. These standards are TOP-001-2 R7, R11;
TOP-004-2 R1; TOP-007-0 R2; TOP-008-1 R1.
WECC recognizes and appreciates the large amount of work done in a short time on this project and
appreciates the opportunity to proved our comments.
Group
Tampa Electric Company
Ron Donahey
Tampa Electric Company
Yes
Yes
Tampa Electric suggests that the P81 Drafting Team consider the adoption of concepts from the CIP
version 5 criteria for consideration under CIP version 3 and 4. In particular Tampa Electric proposes
that draft language for CIP-007 patching will reduce administrative burden for compliance with
patching process TFEs under current versions (CIP-007 V3 and V4). The version 5 draft Guidelines
and Technical Basis for CIP-007 V5 states: R2.1 A patch source is not required for Cyber Assets that
have no updateable software or firmware (there is no user accessible way to update the internal
software or firmware executing on the Cyber Asset), or those Cyber Assets that have no existing
source of patches such as vendors that no longer exist. R2.2 Determination that a security related

patch, hotfix, and/or update poses too great a risk to install on a system or is not applicable due to
the system configuration should not require a TFE.
Tampa Electric recommends that the P81 DT ensure that the CIP requirements proposed for removal
via P81 are also removed from v5 of the NERC CIP standards. Tampa Electric also supports the
consideration of the following for NERC CIP standards: Removal of data collection requirements: CIP005-3a, -4a R5.3 CIP-006c, -4c R7, R8.3 CIP-007-3, -4 R5.1.2; R6.4; R7.3 CIP-008-3, -4 R2 Removal
of annual review requirements: CIP-002-2, -4 R4 CIP-003-3, -4 R1.3; CIP-003-3, -4 R4.3; CIP-003-3,
- 4 R5.1.2; CIP-003-3, - 4 R5.3 CIP-006-3c, -4 R1.8 CIP-007-3, -4 R9 CIP-009-3, -4 R1
Individual
Kristin Iwanechko
NERC
No
(1) Revise Criteria A to focus on the content of the Reliability Standards. NERC Staff suggests the
following language for Criteria A: “The Reliability Standard requirement requires responsible entities
to conduct an activity or task that does little, if anything, to protect reliable operation of the BES.”
This language is currently included as Criteria B9. NERC notes that both Criterion B8 (hinders the
protection or reliable operation of the BES) and B9 (little, if any value as a reliability requirement) are
duplicative with Criterion A and should be eliminated. Since any requirement that meets Criterion B8
or B9 would necessarily meet Criterion A, this creates an unintended consequence by undermining the
objective that requirements for consideration must satisfy both the overarching Criterion A and a
separate technical criteria. For these reasons, NERC Staff supports the elimination of both Criteria B8
and B9 and the re-phrasing of Criteria A. (2) There is significant overlap between Criteria B3 (Purely
Documentation) and B5 (Periodic Updates) and these criteria could be combined. Criteria B3
addresses requirements for entities to develop a document that is not necessary and Criteria B5
addresses the requirement for entities to periodically update such documentation. NERC Staff
suggests renaming Criteria B3 “Documentation” and suggests the following language: “The Reliability
Standard requirement requires responsible entities to develop and/or periodically update a document
(e.g., plan, policy or procedure) which is not necessary to protect BES reliability.” (3) The explanation
of Criterion B6 (Commercial or Business Practice) states that the Reliability Standard requirement “is
a commercial or business practice, e.g., better served as a NAESB standard or as part of NAESB
Electric Industry Registry (EIR).” However, the technical justifications provided for the application of
the B6 criteria do not state that the standard/requirement should be addressed in another manner,
e.g., with a NAESB standard. Please clarify or otherwise modify this criterion appropriately. Further,
the technical justification should address the fact that such business practices may not be applicable
to the same entities and may not be mandatory or enforceable.
No
After further review, NERC Staff recommends that the SDT review the following standard
requirements and consider moving them from Phase I to Phase II. If the SDT determines the
following standard requirements still fall into Phase I, a more robust technical justification would be
needed. (1) FAC-008-1 R2, R3, FAC-008-3 R4, R5 and FAC-013-2 R3: These requirements, combined
with others, provide checks and balances on the Facility Rating Methodology and Transfer Capability
methodology established by the responsible entities. This provides a reliability benefit by requiring the
responsible entity to consider areas in which their methodology may not be sufficient to support
reliable operation of the interconnected transmission system. There may be better ways of assuring
that entities have sufficient methodologies and alternatives should be considered during Phase II.
NERC Staff suggests that the SDT reconsider whether discussing the methodology (and not the
numerical rating of a facility) has commercial or market related implications. With respect to FAC013-2 R3, NERC Staff suggests that the SDT reconsider whether the requirement relates to “a back
and forward on transfer capability” as noted in the draft SAR, as the requirement pertains only to the
methodology for determining transfer capability. (2) PRC-008-0 R2: Maintenance and testing of
underfrequency load shedding (UFLS) relays is necessary to assure reliable operation of a UFLS
program and this requirement is included in PRC-005-2 as part of Project 2007-17, Protection System
Maintenance and Testing. NERC Staff recommends that the language in R2 relating to implementing
its UFLS equipment maintenance and testing program remain to avoid a reliability gap prior to the
effective date of PRC-005-2. NERC Staff recognizes that the second part of R2 does meet the criteria
in the SAR and recommends that the SDT consider revising the requirement in a future phase to

remove the language that requires an entity to “provide UFLS maintenance and testing program
results to its Regional Reliability Organization and NERC on request (within 30 calendar days).” (3)
TOP-001-1a R3: The technical justification states that this requirement is redundant with IRO-001-1a
R8. NERC Staff notes that the requirement is only partially redundant until IRO-001-3 is approved by
FERC and therefore, it is premature to consider it for Phase I; it should be considered for Phase II. (4)
MOD-004-1: NERC Staff notes that there are a number of Commission directives associated with
MOD-004-1 and the technical justification provided for the elimination of this standard should directly
address these directives. If a solid technical justification cannot be made, NERC Staff suggests that
the requirements should not be included in Phase I. In addition to the above, NERC Staff recommends
that the SDT consider removing the following standard requirements from the scope of the P81
project: (1) PRC-008-0 R1: The requirement to have a maintenance and testing program for UFLS is
necessary to assure reliable operation of a UFLS program and this requirement is included in PRC005-2 as part of Project 2007-17, Protection System Maintenance and Testing. NERC Staff
recommends retaining R1 to avoid a reliability gap prior to the effective date of PRC-005-2. (2) PRC009-0 R1: Analysis to assess the performance of UFLS equipment and program effectiveness following
system events provides a reliability benefit by identifying whether the UFLS program is effective and
whether modifications are necessary. A requirement similar to R1 is included in FERC-approved
standard PRC-006-1 and NERC Staff recommends retaining R1 to avoid a reliability gap prior to the
effective date of PRC-006-1. If the SDT believes this requirement is not necessary, the justification for
removing R1 should discuss Commission comments in Order No. 763 pertaining to Requirement R11
in PRC-006-1. (3) VAR-002-WECC-1 and VAR-501-WECC-1: NERC Staff notes that the regional
standards should be removed from the scope of the P81 project because they must first be eliminated
via the regional standards development process prior to being processed through the NERC standard
development process.
Please see NERC Staff’s response to question 2 for Phase I requirements that NERC Staff recommends
be reviewed for inclusion in a future phase. NERC Staff may propose additional requirements for a
future phase of the P81 project at a later date.
(1) NERC Staff notes that the scope of the SAR should be expanded to include currently-pending
versions of related Reliability Standards to address requirements proposed in Phase I that are also
included in a subsequent version of the standard that has been adopted by the NERC Board of
Trustees, but not yet approved by FERC. NERC Staff suggests that footnotes could be included to
capture these situations. (2) NERC Staff submits that the technical justification for removal of
particular requirements should not be a restatement of the Criteria (see e.g., INT-007-1 R1.2). Nor
should the technical justifications reference and/or rely upon for support any Reliability Standards
unless those Reliability Standards are Commission-approved. (3) NERC Staff suggests that the
technical justifications for the satisfaction of the Criteria should include an explanation of how removal
of the requirement will result in an “increase in efficiency of the ERO compliance program” consistent
with the language of P81.
Individual
Cheryl Moseley
Electric Reliability Council of Texas, Inc.
Yes
ERCOT agrees with the ISO/RTO SRC comments. However, in addition for SRC comments, ERCOT
offers the following: ERCOT agrees with the criteria listed in the SAR to identify Reliability Standard
requirements for retirement in Phase 1. However, the criteria used for future phases should remain
flexible. The initial list should not preclude the use of additional criteria for future phases where
additional criteria support the elimination of requirements in those efforts.
Yes
ERCOT agrees with the ISO/RTO SCR comments. However, in addition to the SRC comments, ERCOT
offers the following: ERCOT agrees that all the requirements included in the SAR warrant retirement
based on the relevant criteria, as supported by the corresponding justification statements. ERCOT
offers the following additional comments related to the justification statements for the SDT’s
consideration: BAL-005-0.1b R2 – The justification statement could benefit from additional
clarification regarding the reason why this requirement is redundant, because it isn’t readily apparent
why this is redundant with BAL-001 R1 and R2. Maintaining CPS requires the use of regulation.
Therefore, it is implicit that the relevant functional entities have regulation to comply with BAL-001 R1

and 2. Also, the justification should clarify the point of the discussion related to equating compliance
based on compliance of BAL-001 R 1 and 2 and how that argument justifies retirement. CIP-001-2a
R4 – The justification statement should clarify that this requirement is redundant to the
communications obligations in R1-3. CIP-003-3, 4 R1.2 – In addition to the justifications presented in
the SAR, the term “readily available” is ambiguous and creates the opportunity for the use of CEA
subjective judgment during compliance assessments. This is problematic for compliance risk
generally, but is especially problematic when the requirement is administrative in nature. Entities
should not be subject to unnecessary compliance risk based on ambiguity that can result in subjective
compliance determinations based on the opinion of CEA personnel, as opposed to the four corners of
the requirements, especially when the underlying requirement provides no reliability value. Further
evidence that this requirement serves no purpose is the fact that it is not included in CIP v5. CIP-0033 R3, 3.1, 3.2 and 3.3 – In addition to the justifications presented in the SAR, this issue is already
fully addressed in the TFE process in Appendix 4D of the ROP, which is not only adequate, but is the
appropriate place for this type of administrative function related to documentation. There are a
specific set of defined requirements that allow an exception, and those exceptions have be to be filed
according to the TFE process. Thus, the requirements proposed for retirement are redundant to that
process. CIP-003-3, -4 R4.2 – In addition to the justification presented in the SAR, the phrase “based
on sensitivity”, is ambiguous and creates the opportunity to insert subjective judgment into
compliance assessments. This is problematic for compliance risk generally, but especially when the
requirement is administrative in nature AND redundant. Entities should not be subject to unnecessary
compliance risk based on ambiguity resulting in subjective compliance determinations, as opposed to
the four corners of the requirements, especially when the underlying requirement provides no
operational reliability value. Further evidence that this requirement serves no purpose is the fact that
it is not included in CIP v5. CIP-005-3a, -4a R2.6 – The justification statement could benefit from
additional clarification as to why the banner is not useful. An appropriate use banner has not been
useful over time, because people who intend to use sites inappropriately will simply ignore the
banner. Banners are generally considered to be a legal protection and not a security protection.
Further evidence that this requirement serves no purpose is the fact that it has been removed from
CIP v5 because the use of banners does not meet a reliability objective. CIP-007-3, -4 R7.3 – In
addition to the justification presented in the SAR, it should be noted that to demonstrate that an
entity performed the data destruction under R7.1 and R7.2, the entity needs to collect evidence.
Having a separate requirement for evidence is redundant and not needed. COM-001-1.1 R6 – In
addition to the justification presented in the SAR, the justification statement could note that this
policy should be documented in the ROP for information within NERCNet that is considered sensitive
or impacting to the BES. It should be a voluntary best practice or business practice for other
information so that entities may use it, or use some other policy that better fits its circumstances. The
justification should state that the NERCNet policy should be a voluntary best practice type of issue for
information that is not considered sensitive or impacting to the BES. EOP-009-0 R2 – This is a
reporting obligation and a documentation issue. The justification statement should also note that both
documentation and reporting on this does not rise to the level of a reliability standard. The statement
could note that this may be a best practices issue, but just for documentation. Reporting test results
to REs isn’t a best practice. Additionally, the justification should not state that the relevant
information is better considered / obtained during an audit. If it’s not relevant to the mandatory
requirements, then it has no place in CMEP proceedings. FAC-002-1 R2 - The justification should not
include that the relevant information is better considered / obtained during an audit. If it’s not
relevant to the mandatory requirements, then it has no place in CMEP proceedings. FAC-008-1 R1.3.5
– In addition to the justification presented in the SAR, the justification statement could note that the
term “other assumptions” is ambiguous and introduces the potential for inefficient/ineffective
administration of the CMEP due to introduction of subjectivity and opinions into compliance
assessments. This is problematic for compliance risk generally, but especially when the requirement is
administrative in nature AND redundant. Entities should not be subject to unnecessary compliance
risk based on ambiguity resulting in subjective compliance determinations, as opposed to the four
corners of the requirements, especially when the underlying requirement provides no operational
reliability value. FAC-008-1 R2; FAC-008-1 R3; FAC-008-3 R4; FAC-008-3 R5 – In addition to the
justification presented in the SAR, the justification statement could note that it is inappropriate for
entities other than the owners of equipment to establish facility ratings. The owners don’t have to
change their ratings, but the scheme is far more effective if the respective functional roles are distinct
and not blurred by the review process contemplated in the requirements proposed for retirement. The

owners should set the ratings and the RCs receive them and perform their functions in accordance
with those ratings. The RC should not be involved with the TO/GO business-management of their
equipment. Also, by keeping the roles distinct, it mitigates any liability risk of the third party if the
owner uses its input and then the equipment breaks because of the new rating; FAC-013-2 R3 –
Same comment as above. MOD-004-1 R1; MOD-004-1 R1.1; MOD-004-1 R1.2; MOD-004-1 R1.3;
MOD-004-1 R2; MOD-004-1 R3; MOD-004-1 R3.1; MOD-004-1 R3.2; MOD-004-1 R4; MOD-004-1
R4.1; MOD-004-1 R4.2; MOD-004-1 R5; MOD-004-1 R5.1; MOD-004-1 R5.2; MOD-004-1 R6; MOD004-1 R6.1; MOD-004-1 R6.2; MOD-004-1 R7; MOD-004-1 R8; MOD-004-1 R9; MOD-004-1 R9.1;
MOD-004-1 R9.2; MOD-004-1 R10; MOD-004-1 R11; MOD-004-1 R12; MOD-004-1 R12.1; MOD-0041 R12.2; MOD-004-1 R12.3 – ERCOT agrees with the comments/justifications. PRC-008-0 R1; PRC008-0 R2; PRC-009-0 R1; PRC-009-0 R1.1; PRC-009-0 R1.2; PRC-009-0 R1.3; PRC-009-0 R1.4; PRC009-0 R2; PRC-010-0 R2; PRC-022-1 R2 – In addition to the justification presented in the SAR, the
justification statement could note that the tasks required in these standards are
administrative/documentation/reporting in nature and they don’t affect reliability from a standards
perspective. These could either be best practices or evidentiary in RSAWs – e.g. provide UFLS/UVLS
program documentation – which could be relative to requirements that have actionable UVLS/UFLS
requirements; TOP-001-1a R3 – ERCOT agrees with the justification with regard to the RC function,
but the TOP standard also requires BAs/GOPs to follow the directives of the TOP, so the two relevant
requirements are not apples to apples. Modification to one or the other may be needed to ensure
appropriate authority and corresponding obligation to follow that authority is reflected in one or the
other standard, or both, but eliminate overlaps. TOP-005-2a R1 – ERCOT agrees with the justification.
This should either be in the ROP or just via the ISN access process/agreement. VAR-002-WECC-1 R2;
VAR-501-WECC-1 R2 – ERCOT agrees with the justification, but if the documentation/reporting are
not relevant for the requirement, then the SAR should not suggest the REs should seek the info in
CMEP proceedings, which should solely focus on compliance with the substance of the standards.
ERCOT agrees with the ISO/RTO SCR comments. However, in addition to the SRC comments, ERCOT
offers the following: ERCOT supports future phases of the P81 project to eliminate/retire reliability
standards that do not facilitate BES reliability. ERCOT is reviewing all standards to that end, however,
developing a list of additional requirements for retirement will require additional time. The SDT should
establish a prospective process that provides adequate time and opportunity for entities to perform a
meaningful review of remaining requirements to determine which additional requirements warrant
retirement and to develop appropriate criteria, if relevant, that may be incremental to the ones
proposed in this SAR, and to develop appropriate retirement justifications based on the relevant
retirement criteria.
This SAR offers significant potential value by retiring requirements that provide no BES reliability
value, but nonetheless require commitment of time and resources for both regulated entities and
regulators to effect and oversee compliance, respectively, and also pose liability risk for no reason,
given that they provide no reliability value. However, the substance of the requirements (e.g.
administrative processes, etc.) may have non-essential value unrelated to system reliability. To the
extent the SDT/industry/NERC believe there may be some non-mandatory use for this information
outside of the reliability standards, the information could be considered for guidance in another
format, such as guidelines, best practice documentation or lessons learned. If such an effort is
deemed worthwhile, it should be established in a separate process/effort, and should not distract from
moving this and future phases of this SAR forward in the most efficient and effective manner to
achieve the significant benefits that may result from this SAR. In addition, the standards process
going forward should include consideration of whether a proposed standard addresses a reliability
requirement, is cost effective and meets the reliability-based standards criteria of “what” needs to be
met and not “how” an entity will meet the standard which is better address through guidelines, best
practices and/or lessons learned.
Individual
Brett Holland
Kansas City Power & Light
Yes
Yes

Efforts need to be made to make sure that the retirement of the requirements listed in "Proposed
Requirements for Retirement in Phase 1 of Project 2013-02: Paragraph 81" don't have a ripple impact
in other standards or requirements.
Individual
Judy VanDeWoestyne
MidAmerican Energy Company
Yes
No
FERC Order 706 clearly states that an exception forms alternative obligations for the responsible
entity to meet the requirements; an exception is not an exemption from the requirements. We believe
a Responsible Entity should still be allowed to have exceptions to its cyber security policy.
MidAmerican Energy Company agrees with the proposed removal of CIP-003-3 (CIP-003-4) R3, R3.1,
R3.2, R3.3, as long as CIP-003-3 (CIP-003-4) R2.4 remains and allows for possible exceptions to a
Responsible Entities’ cyber security policy. R2.4 states “The senior manager or delegate(s), shall
authorize and document any exception from the requirements of the cyber security policy.” When
removing requirements eligible for TFEs, revisions to the Rules of Procedure Appendix 4D –
Procedures for Requesting and Receiving Technical Feasibility Exceptions to NERC Critical
Infrastructure Protection Standards will be necessary. For example, CIP-005-3, R2.6 should be
deleted from the list of requirements with TFEs in the Scope section on page 1 if the requirement is
removed as part of this process.
Consider the list provided by EEI.
MidAmerican Energy Company supports the draft SAR as a positive step to allow Responsible Entities,
Regional Entities, NERC and FERC to focus their combined efforts on protecting the Bulk Electric
System.

Consideration of Comments
Project 2013-02 Paragraph 81

The appeals process is in the Standard Processes Manual: http://www.nerc.com/files/Appendix_3A_StandardsProcessesManual_20120131.pdf

Index to Questions, Comments, and Responses

If you have any other comments or suggestions on the draft SAR that you have not already
provided in response to the previous questions, please provide them here. ............................94

Consideration of Comments: Project 2013-02 Paragraph 81

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

Group
Additional Member

Lee Pedowicz

Northeast Power Coordinating Council

Additional Organization

Region Segment Selection

Alan Adamson

New York State Reliability Council, LLC NPCC 10

Greg Campoli

New York Independent System Operator NPCC 2

Sylvain Clermont

Hydro-Quebec TransEnergie

NPCC 1

Ben Wu

Orange and Rockland Utilities

NPCC 1

Gerry Dunbar

Northeast Power Coordinating Council

NPCC 10

Carmen Agavriloai

Independent Electricity System Operator NPCC 2

Mike Garton

Dominion Resources Services, Inc.

NPCC 5

Kathleen Goodman

ISO - New England

NPCC 2

Michael Jones

National Grid

NPCC 1

New Brunswick System Operator

NPCC 2

10. Donald Weaver

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

11. Michael R. Lombardi Northeast Utilities

NPCC 1

12. Randy MacDonald

New Brunswick Power Transmission

NPCC 9

13. Bruce Metruck

New York Power Authority

NPCC 6

14. Silvia Parada Mitchell NextEra Energy, LLC

NPCC 5

15. Robert Pellegrini

The United Illuminating Company

NPCC 1

16. Si-Truc Phan

Hydro-Quebec TransEnergie

NPCC 1

17. David Ramkalawan

Ontario Power Generation, Inc.

NPCC 5

18. Brian Robinson

Utility Services

NPCC 8

19. Michael Schiavone

National Grid

NPCC 1

20. Wayne Sipperly

New York Power Authority

NPCC 5

Jim Kelley

Group
Additional Member

SERC EC Planning Standards Subcommittee

Additional Organization
Ameren

SERC

2. Bob Jones

Southern Company Services SERC

3. Pat Huntley

SERC

4. Darrin Church

TVA

SERC

Group

Emily Pennel

Southwest Power Pool Regional Entity

Chris Higgins

Bonneville Power Administration

1. Tedd

Snodgrass

WECC 1

2. Tim

Loepker

WECC 1

3. Erika

Doot

WECC 3, 5, 6

4. Alfredo

Bocanegra

WECC 1

Group

Additional Member Additional Organization Region Segment Selection

No additional members listed.
4.

Region Segment Selection

1. John Sullivan

Connie Lowe

Dominion

Additional Member Additional Organization Region Segment Selection
1. Louis Slade

RFC

2. Mike Garton

NPCC 5, 6

5, 6

3. Randi Heise

MRO

5, 6

4. Mike Crowley

SERC

1, 3

Consideration of Comments: Project 2013-02 Paragraph 81

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

Group

Robert Rhodes

Additional Member

SPP Standards Review Group

Additional Organization

Region Segment Selection

Michelle Corley

Cleco Power

SPP

1, 3, 5

Eric Ervin

Westar Energy

SPP

1, 3, 5, 6

Greg Froehling

Rayburn Country Electric Cooperative SPP

Jonathan Hayes

Southwest Power Pool

SPP

Louis Guidry

Cleco Power

SPP

1, 3, 5

Bo Jones

Westar Energy

SPP

1, 3, 5, 6

Tiffany Lake

Westar Energy

SPP

1, 3, 5, 6

John Mason

City of Independence, MO

SPP

Valerie Pinamonti

American Electric Power

SPP

1, 3, 5

10. Patrick Smith

Westar Energy

SPP

1, 3, 5, 6

11. Ashley Stringer

Oklahoma Municipal Power Authority SPP

David Thorne

Group

Pepco Holdings Inc & Affiliates

Additional Member Additional Organization Region Segment Selection
1. Mark Godfrey

Pepco Holdings Inc

Group

Jason Marshall

Additional Member

RFC

1, 3

ACES Power Marketing Standards
Collaborators

Additional Organization

1. Clem Cassmeyer

Western Farmers Electric Cooperative

2. Scott Brame

North Carolina Electric Membership Corporation RFC

1, 3, 4, 5

3. Bill Watson

Old Dominion Electric Cooperative

3, 4

Group

Mark S. Gray

Region Segment Selection
SPP
SERC

1, 5

Consideration of Comments: Project 2013-02 Paragraph 81

X
5

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

(collectively, the Trade Associations).

www.eei.org/ for members
10.

Group

Stephen J. Berger

Additional
Member

PPL Corporation NERC Registered Affiliates
Additional Organization

Region

Brenda L. Truhe

PPL Electric Utilities Corporation

RFC

Brent Ingebrigtson

LG&E and KU Services Company

SERC

Annette M. Bannon

PPL Generation, LLC on behalf of its Supply NERC Registered
Entities

RFC

Segment
Selection

WECC 5

MRO

Elizabeth A. Davis

NPCC

SERC

SPP

RFC

10.

WECC 6

11.

Group

PPL Energy Plus, LLC

Steve Rueckert

Western Electricity Coordinating Council

Additional Member Additional Organization Region Segment Selection
1. Phil O'Donnell

WECC

WECC 10

2. Brent Castagnetto

WECC

WECC 10

3. Tim Reynolds

WECC

WECC 10

4. Tyson Jarrett

WECC

WECC 10

12.

Individual

Bob Steiger

Salt River Project

13.

Individual

Al DiCaprio

SRC

14.

Individual

Ron Donahey

Tampa Electric Company

15.

Individual

Nazra Gladu

Manitoba Hydro

X
X

16.

Individual

Scott McGough

Georgia System Operations Corporation

17.

Individual

Ronnie C. Hoeinghaus

City of Garland

18.

Individual

Dan Miller

Entergy Services, Inc.

19.

Individual

Michael Falvo

Independent Electricity System Operator

Consideration of Comments: Project 2013-02 Paragraph 81

X
X

X
6

Group/Individual

Commenter

Organization

Registered Ballot Body Segment
1

Michelle Clements

Wolverine Power Supply Cooperative, Inc.

Individual
22. Individual

Thomas C. Duffy
John Tolo

Central Husdon Gas & Electric Corporation
Tucson Electric Power

23.

Individual

paul haase

seattle city light

24.

Individual

Thad Ness

25.

Individual

26.

20.

Individual

21.

American Electric Power

X
X

John Seelke

Public Service Enterprise Group

Individual

Jose H Escamilla

CPS Energy

27.

Individual

Laura Lee

Duke Energy

28.

Individual

Rich Salgo

NV Energy

29.

Individual

John Falsey

Edison Mission Marketing & Trading

30.

Individual

Bob Thomas

Illinois Municipal Electric Agency

31.

Individual

Michelle R. D'Antuono

Occidental Energy Ventures Corp.

32.

Individual

Patrick Brown

Essential Power, LLC

33.

Individual

Becky Stewart

Idaho Power Company

34.

Individual

Kimberly Tolbert

Occidental Power Services, Inc.

35.

Individual

Andrew Gallo

City of Austin dba Austin Energy

36.

Individual

RoLynda Shumpert

South Carolina Electric and Gas

37.

Individual

Eric Olson

Transmission Agency of Northern California

Individual
39. Individual

Kirit Shah
Jason Snodgrass

Ameren
Georgia Transmission Corporation

40.

Individual

Kristin Iwanechko

NERC Staff Technical Review

41.

Individual

Cheryl Moseley

Electric Reliability Council of Texas, Inc.

42.

Individual

Brett Holland

Kansas City Power & Light

43.

Individual

Judy VanDeWoestyne

MidAmerican Energy Company

38.

Consideration of Comments: Project 2013-02 Paragraph 81

X
X
X

X
X

X
X
X

X
X

Do you agree with the criteria listed in the SAR to identify Reliability Standard requirements for retirement? If not, please
explain in the comment area.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Question 1 Comment
12

Organization
Western Electricity Coordinating Council

Yes or No

Question 1 Comment

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Independent Electricity System
Operator

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

NERC Technical Staff Review

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Northeast Power Coordinating Council

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment

Yes

SPP Standards Review Group

Yes

We concur that the proposed criteria are a good starting point for the
evaluation of requirements to be retired.

Salt River Project

Yes

We like the criteria and methodology.

ACES Power Marketing Standards
Collaborators

The Edison Electric Institute (EEI), the
National Rural Electric Cooperative
Association (NRECA), the Electric Power
Supply Association (EPSA), the
Transmission Access Policy Study Group
(TAPS), Electricity Consumers Resource
Council (ELCON), the American Public
Power Association (APPA), the Large Public
Power Council (LPPC) and, the Canadian
Electricity Association (CEA) (collectively,
the Trade Associations).

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment

SRC

Yes

Manitoba Hydro

Yes

The technical criteria B.9, "Little if any, value as a reliability requirement", is
very subjective and should be redefined or clarified.

Georgia System Operations Corporation

Yes

Georgia System Operations agrees with the criteria listed in the SAR to
identify Reliability Standard requirements for either modification or

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment
withdrawal.

seattle city light

Yes

Seattle City Light supports the consolidated comments of the industry Trade
Organizations.

NV Energy

Yes

Occidental Energy Ventures Corp.

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 1 Comment
is provided to the Commission.

South Carolina Electric and Gas

Yes

I support removing redundancy and any items that are not related to
reliability impacts.

Georgia Transmission Corporation

Yes

Georgia Transmission Corporation agrees with the criteria listed in the SAR
to identify Reliability Standard requirements for either modification or
withdrawal.

Electric Reliability Council of Texas, Inc.

Yes

SERC EC Planning Standards
Subcommittee

Yes

Southwest Power Pool Regional Entity

Yes

Bonneville Power Administration

Yes

Dominion

Yes

Pepco Holdings Inc & Affiliates

Yes

PPL Corporation NERC Registered
Affiliates

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Tampa Electric Company

Yes

City of Garland

Yes

Entergy Services, Inc.

Yes

Wolverine Power Supply Cooperative,
Inc.

Yes

Central Husdon Gas & Electric
Corporation

Yes

Tucson Electric Power

Yes

American Electric Power

Yes

Public Service Enterprise Group

Yes

CPS Energy

Yes

Duke Energy

Yes

Edison Mission Marketing & Trading

Yes

Illinois Municipal Electric Agency

Yes

Essential Power, LLC

Yes

Idaho Power Company

Yes

Occidental Power Services, Inc.

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Question 1 Comment

Organization

Yes or No

City of Austin dba Austin Energy

Yes

Transmission Agency of Northern
California

Yes

Ameren

Yes

Kansas City Power & Light

Yes

MidAmerican Energy Company

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Question 1 Comment

The Initial Phase of the P81 project is designed to identify all FERC-approved Reliability Standard requirements that easily satisfy
the criteria. Do you agree that the suggested list of Reliability Standard requirements included in the draft SAR easily satisfy the
criteria listed in the draft SAR? If you disagree, please provide a statement supporting what Reliability Standard requirements
you would add or subtract from the Initial Phase, including a citation to at least one element of Criterion B, as applicable.

Consideration of Comments: Project 2013-02 Paragraph 81

Automatic Underfrequency Load Shedding and Load Shedding Plans Reliability Standards, 139 F.E.R.C. ¶ 61,098 (2012).

Consideration of Comments: Project 2013-02 Paragraph 81

VAR-001-2 was approved via a Letter Order issued on January 10, 2011.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization
Northeast Power Coordinating
Council

Yes or No

Question 2 Comment

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Southwest Power Pool
Regional Entity

Bonneville Power
Administration

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment
effective would create a gap because no requirement would address TOP directives.
BPA supports the additional proposed retirements and thanks the drafting team for
their efforts.

ACES Power Marketing
Standards Collaborators

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Western Electricity
Coordinating Council

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Independent Electricity
System Operator

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

American Electric Power

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Public Service Enterprise
Group

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Essential Power, LLC

CIP-001-2a, R4. This requirement should be removed from the Paragraph 81 project.
If an entity owns or operates a BES asset, there is a clear reliability benefit to have

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Occidental Power Services,

OPSI recommends the following additions for Phase 1 implementation: 1. INT-001-3,
R1. The Load Serving, Purchasing-Selling Entity shall ensure that Arranged

Consideration of Comments: Project 2013-02 Paragraph 81

Organization
Inc.

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Georgia Transmission
Corporation

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

NERC Staff Technical Review

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

MidAmerican Energy
Company

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

SPP Standards Review Group

The Edison Electric Institute (EEI),
the National Rural Electric
Cooperative Association
(NRECA), the Electric Power
Supply Association (EPSA), the
Transmission Access Policy Study
Group (TAPS), Electricity
Consumers Resource Council
(ELCON), the American Public
Power Association (APPA), the
Large Public Power Council
(LPPC) and, the Canadian
Electricity Association (CEA)
(collectively, the Trade
Associations).

Yes

From our review of the list we feel that this is again, a good starting point, but would
hope that the drafting team could add or subtract requirements as needed as Phase 1
of the project develops.

Yes

The Trade Associations agree with the suggested list of Reliability Standard
requirements contained in the SAR for the Initial Phase of P81.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment

Salt River Project

Yes

SRC

Yes

Georgia System Operations
Corporation

Yes

Georgia System Operations agrees with the suggested list of Reliability Standard
requirements contained in the SAR for the Initial Phase of P81.

seattle city light

Yes

Seattle City Light supports the consolidated comments of the industry Trade
Organizations.

Duke Energy

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment

NV Energy

Yes

Our review of the rationale for each of the suggested requirements of the draft SAR
supports the conclusion that these requirements should be subject to retirement.

Occidental Energy Ventures
Corp.

Yes

South Carolina Electric and
Gas

Yes

Ameren

Yes

Electric Reliability Council of
Texas, Inc.

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

SERC EC Planning Standards
Subcommittee

Yes

Dominion

Yes

Pepco Holdings Inc & Affiliates

Yes

PPL Corporation NERC
Registered Affiliates

Yes

Tampa Electric Company

Yes

Manitoba Hydro

Yes

City of Garland

Yes

Entergy Services, Inc.

Yes

Wolverine Power Supply
Cooperative, Inc.

Yes

Central Husdon Gas & Electric

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 2 Comment

Corporation
Tucson Electric Power

Yes

CPS Energy

Yes

Edison Mission Marketing &
Trading

Yes

Illinois Municipal Electric
Agency

Yes

Idaho Power Company

Yes

City of Austin dba Austin
Energy

Yes

Transmission Agency of
Northern California

Yes

Kansas City Power & Light

Yes

Consideration of Comments: Project 2013-02 Paragraph 81

The subsequent phases of the P81 project are designed to identify all FERC-approved Reliability Standard requirements that
could not be included in the Initial Phase due to the need for additional analysis or an editing of language. Please list any
Reliability Standard requirements that you believe should be revised or retired in a subsequent phase, and include a brief
supporting statement and citation to at least one element of Criterion B for each requirement listed.

Organization

Yes or No

ACES Power Marketing

Question 3 Comment
(1) EOP-002-3 R6 and R7 and their sub-requirements are redundant with BAL-001-

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Standards Collaborators

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Independent Electricity
System Operator

Western Electricity
Coordinating Council

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Entergy Services, Inc.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

SRC

MidAmerican Energy
Company

Consider the list provided by EEI.

Georgia System Operations
Corporation

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Electric Reliability Council of
Texas, Inc.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

City of Austin dba Austin
Energy

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Georgia Transmission
Corporation

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Occidental Power Services,
Inc.

If the changes listed in Question 2 are not considered in Phase 1, then they should be
considered in subsequent phases of the project.

Illinois Municipal Electric
Agency

IRO-010-1a R3

Idaho Power Company

MOD-017-0.1 R1.1, R1.2 Criterion B2MOD-018-0 R1 Criterion B7 (Should be covered
by MOD-016)MOD-021-1 R1, R2 Criterion B7 (Should be covered by MOD-016)MOD021-1 R3 Criterion B4

CPS Energy

No additional comments.

Salt River Project

No additions at this time.

Occidental Energy Ventures
Corp.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

NERC Staff Technical Review

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment

American Electric Power

seattle city light

Seattle City Light supports the consolidated comments of the industry Trade
Organizations.

Tampa Electric Company

Manitoba Hydro

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

The Edison Electric Institute (EEI),
the National Rural Electric
Cooperative Association
(NRECA), the Electric Power
Supply Association (EPSA), the
Transmission Access Policy Study
Group (TAPS), Electricity
Consumers Resource Council
(ELCON), the American Public
Power Association (APPA), the
Large Public Power Council
(LPPC) and, the Canadian
Electricity Association (CEA)
(collectively, the Trade
Associations).

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

SPP Standards Review Group

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 3 Comment

Ameren

Wolverine Power Supply
Cooperative, Inc.

Wolverine agrees with the list of requirements that the trade associations are
submitting. We are a member of NRECA and agree with their comments.

Consideration of Comments: Project 2013-02 Paragraph 81

If you have any other comments or suggestions on the draft SAR that you have not already provided in response to the previous
questions, please provide them here.

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

NERC Staff Technical Review

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 4 Comment
should include an explanation of how removal of the requirement will result in an
“increase in efficiency of the ERO compliance program” consistent with the language
of P81.

Duke Energy

Duke Energy generally supports the comments submitted by The Edison Electric
Institute (EEI) and the process being used to respond to the Commission’s invitation
in the FFT Order.

Kansas City Power & Light

Entergy Services, Inc.

For future phases, indutry input should be gathered in a more formal process to allow
for suggestions for re-wording or suggesting additional requirements for removal.

Tucson Electric Power

Illinois Municipal Electric
Agency

Dominion

South Carolina Electric and
Gas

Instead of retiring R2 of EOP-009-0 could the whole standard can be replaced by the
new EOP-005?

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 4 Comment

Manitoba Hydro

MidAmerican Energy
Company

Idaho Power Company

ACES Power Marketing
Standards Collaborators

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

CPS Energy

No additional comments.

Independent Electricity
System Operator

No comments.

Occidental Energy Ventures
Corp.

OEVC Agrees with the Trade Associations on this response.

Pepco Holdings Inc & Affiliates

Pepco Holdings Inc supports this project. Additionallyl Pepco Holdings Inc supports
the comments provided by EEI.

Georgia System Operations
Corporation

Consideration of Comments: Project 2013-02 Paragraph 81

Organization

Yes or No

Question 4 Comment
reporting, they should also be considered for elimination. Reliability Standards by
definition are not mechanisms for the administration of those other NERC programs.

Georgia Transmission
Corporation

seattle city light

Seattle City Light supports the consolidated comments of the industry Trade
Organizations.

Tampa Electric Company

Consideration of Comments: Project 2013-02 Paragraph 81

100

Organization

Yes or No

Question 4 Comment
R5.1.2; CIP-003-3, - 4 R5.3CIP-006-3c, -4 R1.8CIP-007-3, -4 R9CIP-009-3, -4 R1

Transmission Agency of
Northern California

SERC EC Planning Standards
Subcommittee

SPP Standards Review Group

City of Austin dba Austin
Energy

Consideration of Comments: Project 2013-02 Paragraph 81

101

Organization

Yes or No

PPL Corporation NERC
Registered Affiliates

The Edison Electric Institute (EEI),
the National Rural Electric
Cooperative Association
(NRECA), the Electric Power
Supply Association (EPSA), the
Transmission Access Policy Study
Group (TAPS), Electricity
Consumers Resource Council
(ELCON), the American Public
Power Association (APPA), the
Large Public Power Council
(LPPC) and, the Canadian
Electricity Association (CEA)
(collectively, the Trade

Consideration of Comments: Project 2013-02 Paragraph 81

102

Organization

Yes or No

Associations).

City of Garland

This is a good start on removing requirements that are either redundant or provide
little / no protection for Bulk-Power System reliability.

Electric Reliability Council of
Texas, Inc.

Central Husdon Gas & Electric

We agree with the criteria as listed, however, we believe that another criterion must
be added. This criterion is that the retirement of a requirement must not create a

Consideration of Comments: Project 2013-02 Paragraph 81

103

Organization

Yes or No

Question 4 Comment

Corporation

NV Energy

We commend NERC and the Drafting Team on their efforts thus far in this important
initiative. This process will serve to better focus the industry’s limited resources on

Consideration of Comments: Project 2013-02 Paragraph 81

104

Organization

Yes or No

Question 4 Comment
activities that are necessary for reliability.

SRC

Western Electricity
Coordinating Council

WECC recognizes and appreciates the large amount of work done in a short time on
this project and appreciates the opportunity to proved our comments.

American Electric Power

END OF REPORT

Consideration of Comments: Project 2013-02 Paragraph 81

105

Standard BAL-005-0.2b — Automatic Generation Control
A.

Introduction
1.

Title:

Automatic Generation Control

Number:

BAL-005-0.2b

Applicability:

5.
B.

4.1.

Balancing Authorities

4.2.

Generator Operators

4.3.

Transmission Operators

4.4.

Load Serving Entities

Effective Date:

May 13, 2009

Device

Accuracy

Digital frequency transducer

≤ 0.001 Hz

MW, MVAR, and voltage transducer

≤ 0.25 % of full scale

Remote terminal unit

≤ 0.25 % of full scale

Potential transformer

≤ 0.30 % of full scale

Current transformer

≤ 0.50 % of full scale

Measures
Not specified.

Compliance
1.

Compliance Monitoring Process
1.1.

Compliance Monitoring Responsibility
Balancing Authorities shall be prepared to supply data to NERC in the format defined
below:

1.2.

1.1.1.

1.1.2.

Compliance Monitoring Period and Reset Timeframe
Not specified.

1.3.

Data Retention
1.3.1.

1.3.2.

Additional Compliance Information
Not specified.

Levels of Non-Compliance
Not specified.

Regional Differences
None identified.

Associated Documents
1.

Appendix 1  Interpretation of Requirement R17 (February 12, 2008).

Version History
Version

Date

Action

Change Tracking

February 8, 2005

Adopted by NERC Board of Trustees

New

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from Effective Date

Errata

December 19, 2007

Added Appendix 1 – Interpretation of R17
approved by BOT on May 2, 2007

Addition

January 16, 2008

Section F: added “1.”; changed hyphen to “en
dash.” Changed font style for “Appendix 1” to
Arial

Errata

February 12, 2008

Replaced Appendix 1 – Interpretation of R17
approved by BOT on February 12, 2008 (BOT
approved retirement of Interpretation included in
BAL-005-0a)

Replacement

0.1b

October 29, 2008

BOT approved errata changes; updated version
number to “0.1b”

Errata

0.1b

May 13, 2009

FERC approved – Updated Effective Date

Addition

0.2b

March 8, 2012

Errata

0.2b

September 13, 2012

FERC approved – Updated Effective Date

Addition

0.2b

TBD

R2 and associated elements retired as part of the
Paragraph 81 project (Project 2013-02)

Page 4 of 6

Standard BAL-005-0.2b — Automatic Generation Control

Appendix 1
Effective Date: August 27, 2008 (U.S.)
Interpretation of BAL-005-0 Automatic Generation Control, R17
Request for Clarification received from PGE on July 31, 2007

BAL-005-0

Accuracy

Digital frequency transducer

≤ 0.001 Hz

MW, MVAR, and voltage transducer

≤ 0.25% of full scale

Remote terminal unit

≤ 0.25% of full scale

Potential transformer

≤ 0.30% of full scale

Current transformer

≤ 0.50% of full scale

Existing Interpretation Approved by Board of Trustees May 2, 2007

Page 6 of 6

Standard CIP-001-2a— Sabotage Reporting

A. Introduction
1.

Title:

Sabotage Reporting

Number:

CIP-001-2a

Purpose:
Disturbances or unusual occurrences, suspected or determined to be caused by
sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory
bodies.

ERCOT Regional Variance will be effective the first day of
the first calendar quarter after applicable regulatory approval.

Effective Date:

B. Requirements
R1.

R2.

R3.

R4.

Page 1 of 6

D. Compliance
1.

Self-certification (Conducted annually with submission according to schedule.)

Spot Check Audits (Conducted anytime with up to 30 days notice given to prepare.)

Periodic Audit (Conducted once every three years according to schedule.)

Levels of Non-Compliance:
2.1. Level 1: There shall be a separate Level 1 non-compliance, for every one of the
following requirements that is in violation:
2.1.1

Does not have procedures for the recognition of and for making its operating
personnel aware of sabotage events (R1).

Page 2 of 6

Standard CIP-001-2a— Sabotage Reporting
2.1.2

Does not have procedures or guidelines for the communication of information
concerning sabotage events to appropriate parties in the Interconnection (R2).

2.1.3

Has not established communications contacts, as specified in R4. (Retired)

2.2. Level 2: Not applicable.
2.3. Level 3: Has not provided its operating personnel with sabotage response procedures or
guidelines (R3).
2.4. Level 4:.Not applicable.

E. ERCOT Interconnection-wide Regional Variance
Requirements
EA.1. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have procedures for the recognition of and for making their operating
personnel aware of sabotage events on its facilities and multi-site sabotage affecting
larger portions of the Interconnection.
EA.2. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have procedures for the communication of information concerning
sabotage events to appropriate parties in the Interconnection.
EA.3. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall provide its operating personnel with sabotage response guidelines,
including personnel to contact, for reporting disturbances due to sabotage events.
EA.4. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall establish communications contacts with local Federal Bureau of
Investigation (FBI) officials and develop reporting procedures as appropriate to their
circumstances. (Retired)
Measures
M.A.1. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have and provide upon request a procedure (either electronic or hard
copy) as defined in Requirement EA1.
M.A.2. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have and provide upon request the procedures or guidelines that will be
used to confirm that it meets Requirements EA2 and EA3.
M.A.3. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have and provide upon request evidence that could include, but is not
limited to, procedures, policies, a letter of understanding, communication records,
Page 3 of 6

Standard CIP-001-2a— Sabotage Reporting

or other equivalent evidence that will be used to confirm that it has established
communications contacts with the local FBI officials to communicate sabotage
events (Requirement EA4). (Retired)
Compliance
1. Compliance Monitoring Process
1.1. Compliance Enforcement Authority
Regional Entity shall be responsible for compliance monitoring.
1.2. Data Retention
Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have current, in-force documents available as evidence of compliance
as specified in each of the Measures.
If an entity is found non-compliant the entity shall keep information related to the
non-compliance until found compliant or for two years plus the current year,
whichever is longer.
Evidence used as part of a triggered investigation shall be retained by the entity
being investigated for one year from the date that the investigation is closed, as
determined by the Compliance Monitor,
The Compliance Monitor shall keep the last periodic audit report and all requested
and submitted subsequent compliance records.

Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from Effective Date

Errata

November 1, 2006

Adopted by Board of Trustees

Amended

April 4, 2007

Regulatory Approval — Effective Date

New

February 16, 2010

Added Appendix 1 — Interpretation of R2
approved by the NERC Board of Trustees

Addition

February 2, 2011

Interpretation of R2 approved by FERC on
February 2, 2011

Same addition

June 10, 2010

TRE regional ballot approved variance

By Texas RE

August 24, 2010

Regional Variance Approved by Texas RE
Board of Directors

February 16, 2011

Approved by NERC Board of Trustees

Page 4 of 6

Standard CIP-001-2a— Sabotage Reporting

August 2, 2011

FERC Order issued approving Texas RE
Regional Variance

TBD

R4 and EA.4 and associated elements retired as
part of the Paragraph 81 project (Project 201302)

Page 5 of 6

Standard CIP-001-2a— Sabotage Reporting

Page 6 of 6

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

A. Introduction
1.

Title:

Cyber Security — Security Management Controls

Number:

CIP-003-3

Applicability:
4.1. Within the text of Standard CIP-003-3, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-003-3:

4.2.1

Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets shall only be required to comply with CIP003-3 Requirement R2.

The cyber security policy addresses the requirements in Standards CIP-002-3 through
CIP-009-3, including provision for emergency situations.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R1.2.

The cyber security policy is readily available to all personnel who have access to, or are
responsible for, Critical Cyber Assets. (Retired)

R1.3.

Annual review and approval of the cyber security policy by the senior manager
assigned pursuant to R2.

The senior manager shall be identified by name, title, and date of designation.

R2.2.

Changes to the senior manager must be documented within thirty calendar days of the
effective date.

R2.3.

R2.4.

The senior manager or delegate(s), shall authorize and document any exception from
the requirements of the cyber security policy.

Exceptions to the Responsible Entity’s cyber security policy must be documented
within thirty days of being approved by the senior manager or delegate(s). (Retired)

R3.2.

Documented exceptions to the cyber security policy must include an explanation as to
why the exception is necessary and any compensating measures. (Retired)

R3.3.

R4. Information Protection — The Responsible Entity shall implement and document a program to
identify, classify, and protect information associated with Critical Cyber Assets.
R4.1.

R4.2.

The Responsible Entity shall classify information to be protected under this program
based on the sensitivity of the Critical Cyber Asset information. (Retired)

R4.3.

R5. Access Control — The Responsible Entity shall document and implement a program for
managing access to protected Critical Cyber Asset information.
R5.1.

The Responsible Entity shall maintain a list of designated personnel who are
responsible for authorizing logical or physical access to protected information.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R5.1.1.

Personnel shall be identified by name, title, and the information for which
they are responsible for authorizing access.

R5.1.2.

The list of personnel responsible for authorizing access to protected
information shall be verified at least annually.

R5.2.

R5.3.

The Responsible Entity shall assess and document at least annually the processes for
controlling access privileges to protected information.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.1.1

Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.

1.1.2

ERO for Regional Entity.

1.1.3

Third-party monitor without vested interest in the outcome for NERC.

1.2. Compliance Monitoring Period and Reset Time Frame
Not applicable.
1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

1.4.2

The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.

1.5. Additional Compliance Information
1.5.1
2.

None

Violation Severity Levels (To be developed later.)

E. Regional Variances
None identified.
Version History
Version

Date

Action

Update version number from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

Change Tracking

Update

S ta n d a rd CIP –003–3 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

TBD

R1.2, R3, R3.1, R3.2, R3.3, and R4.2 and associated
elements retired as part of the Paragraph 81 project
(Project 2013-02)

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

A. Introduction
1.

Title:

Cyber Security — Security Management Controls

Number:

CIP-003-4

Applicability:
4.1. Within the text of Standard CIP-003-4, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-003-4:

4.2.1

Facilities regulated by the Canadian Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54

4.2.4

Responsible Entities that, in compliance with Standard CIP-002-4, identify that
they have no Critical Cyber Assets shall only be required to comply with CIP003-4 Requirement R2.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R1.1.

The cyber security policy addresses the requirements in Standards CIP-002-4 through
CIP-009-4, including provision for emergency situations.

R1.2.

The cyber security policy is readily available to all personnel who have access to, or are
responsible for, Critical Cyber Assets. (Retired)

R1.3.

Annual review and approval of the cyber security policy by the senior manager
assigned pursuant to R2.

The senior manager shall be identified by name, title, and date of designation.

R2.2.

Changes to the senior manager must be documented within thirty calendar days of the
effective date.

R2.3.

R2.4.

The senior manager or delegate(s), shall authorize and document any exception from
the requirements of the cyber security policy.

Exceptions to the Responsible Entity’s cyber security policy must be documented
within thirty days of being approved by the senior manager or delegate(s). (Retired)

R3.2.

Documented exceptions to the cyber security policy must include an explanation as to
why the exception is necessary and any compensating measures. (Retired)

R3.3.

R4. Information Protection — The Responsible Entity shall implement and document a program to
identify, classify, and protect information associated with Critical Cyber Assets.
R4.1.

R4.2.

The Responsible Entity shall classify information to be protected under this program
based on the sensitivity of the Critical Cyber Asset information. (Retired)

R4.3.

R5. Access Control — The Responsible Entity shall document and implement a program for
managing access to protected Critical Cyber Asset information.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

R5.1.

The Responsible Entity shall maintain a list of designated personnel who are
responsible for authorizing logical or physical access to protected information.
R5.1.1.

Personnel shall be identified by name, title, and the information for which
they are responsible for authorizing access.

R5.1.2.

The list of personnel responsible for authorizing access to protected
information shall be verified at least annually.

R5.2.

R5.3.

The Responsible Entity shall assess and document at least annually the processes for
controlling access privileges to protected information.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1

For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement
Authority.

1.2.2

For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the
Compliance Enforcement Authority.

1.2.3

1.2.4

For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance
Enforcement Authority.

1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

The Responsible Entity shall keep all documentation and records from the previous full calendar year unless directed by
its Compliance Enforcement Authority to retain specific evidence for a longer period of time as part of an investigation.

1.4.2

The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all
requested and submitted subsequent audit records.

1.5. Additional Compliance Information
1.5.1
2.

None

Violation Severity Levels

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

R1.

MEDIUM

N/A

The Responsible Entity has documented but not
implemented a cyber security policy.

The Responsible Entity has not documented nor implemented a
cyber security policy.

R1.1.

LOWER

N/A

The Responsible Entity's cyber security policy does not address
all the requirements in Standards CIP-002-4 through CIP-009-4,
including provision for emergency situations.

R1.2.

LOWER

N/A

The Responsible Entity's cyber security policy is not readily
available to all personnel who have access to, or are responsible
for, Critical Cyber Assets.

R1.3

LOWER

N/A

The Responsible Entity's senior manager, assigned pursuant
to R2, annually reviewed but did not annually approve its
cyber security policy.

The Responsible Entity's senior manager, assigned pursuant to
R2, did not annually review nor approve its cyber security
policy.

R2.

LOWER

N/A

The Responsible Entity has not assigned a single senior manager
with overall responsibility and

(Retired)

authority for leading and managing the entity’s implementation
of, and adherence to, Standards CIP-002-4 through CIP-009-4.
R2.1.

LOWER

N/A

The senior manager is not identified by name, title, and date of
designation.

R2.2.

LOWER

Changes to the senior
manager were
documented in greater
than 30 but less than 60
days of the effective
date.

Changes to the senior manager
were documented in 60 or more
but less than 90 days of the
effective date.

Changes to the senior manager were documented in 90 or
more but less than 120 days of the effective date.

Changes to the senior manager were documented in 120 or more
days of the effective date.

R2.3.

LOWER

N/A

The identification of a senior manager’s delegate does not
include at least one of the following; name, title, or date of
the designation,

A senior manager’s delegate is not identified by name, title, and
date

delegating the authority is not approved by the senior manager;

The document is not approved by the senior manager,

AND

changes to the delegated authority are not documented within
thirty calendar days of the effective date.

Changes to the delegated authority are not documented

of designation; the document delegating the authority does not
identify the authority being delegated; the document

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

within thirty calendar days of the effective date.

R2.4

LOWER

N/A

The senior manager or delegate(s) did not authorize and
document any exceptions from the requirements of the cyber
security policy as required.

R3.

LOWER

N/A

LOWER

Exceptions to the
Responsible Entity’s
cyber security policy
were documented in
more than 30 but less
than 60 days of being
approved by the senior
manager or delegate(s).

Exceptions to the Responsible
Entity’s cyber security policy
were documented in 60 or more
but less than 90 days of being
approved by the senior manager
or delegate(s).

Exceptions to the Responsible Entity’s cyber security policy
were documented in 90 or more but less than 120 days of
being approved by the senior manager or delegate(s).

Exceptions to the Responsible Entity’s cyber security policy
were documented in 120 or more days of being approved by the
senior manager or delegate(s).

LOWER

N/A

The Responsible Entity has a documented exception to the
cyber

The Responsible Entity has a documented exception to the cyber

(Retired)

R3.1.
(Retired)

R3.2.
(Retired)

security policy (pertaining to CIP 002-4 through CIP 009-4)
but did not include either:
1) an explanation as to why the exception is necessary, or

security policy (pertaining to CIP 002-4 through CIP 009-4) but
did not include both:
1) an explanation as to why the exception is necessary, and
2) any compensating measures.

2) any compensating measures.
LOWER

N/A

R4.

MEDIUM

N/A

The Responsible Entity
implemented but did not
document a program to identify,
classify, and protect information
associated with Critical Cyber
Assets.

The Responsible Entity documented but did not implement a
program to identify, classify, and protect information
associated with Critical Cyber Assets.

The Responsible Entity did not implement nor document a
program to identify, classify, and protect information associated
with Critical Cyber Assets.

R4.1.

MEDIUM

N/A

The information protection program does not include one of
the minimum information types to be protected as detailed in
R4.1.

The information protection program does not include two or
more of the minimum information types to be protected as
detailed in R4.1.

R3.3.
(Retired)

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement
R4.2.

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

LOWER

N/A

The Responsible Entity did not classify the information to be
protected under this program based on the sensitivity of the
Critical Cyber Asset information.

R4.3.

LOWER

N/A

The Responsible Entity annually assessed adherence to its
Critical Cyber Asset information protection program, did not
document the assessment results, and did not implement a
remediation plan.

R5.

LOWER

N/A

The Responsible Entity
implemented but did not
document a program for
managing access to protected
Critical Cyber Asset
information.

The Responsible Entity documented but did not implement a
program for managing access to protected Critical Cyber
Asset information.

The Responsible Entity did not implement nor document a
program for managing access to protected Critical Cyber Asset
information.

R5.1.

LOWER

N/A

The Responsible Entity maintained a list of designated
personnel for authorizing either logical or physical access
but not both.

The Responsible Entity did not maintain a list of designated
personnel who are responsible for authorizing logical or physical
access to protected information.

R5.1.1.

LOWER

N/A

The Responsible Entity did identify the personnel by name
and title but did not identify the information for which they
are responsible for authorizing access.

The Responsible Entity did not identify the personnel by name
and title nor the information for which they are responsible for
authorizing access.

R5.1.2.

LOWER

N/A

The Responsible Entity did not verify at least annually the list of
personnel responsible for authorizing access to protected
information.

R5.2.

LOWER

N/A

R5.3.

LOWER

N/A

The Responsible Entity did not assess and document at least
annually the processes for controlling access privileges to
protected information.

R6.

LOWER

The Responsible Entity
has established but not
documented a change

The Responsible Entity has
established but not documented
both a change control process
and configuration management

The Responsible Entity has not established and documented
a change control process

The Responsible Entity has not established and documented a
change control process

AND

(Retired)

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Requirement

VRF

Lower VSL
control process
OR

Moderate VSL
process.

High VSL

Severe VSL

The Responsible Entity has not established and documented
a configuration management process.

The Responsible Entity
has established but not
documented a
configuration
management process.

Regional Variances
None identified.

The Responsible Entity has not established and documented a
configuration management process.

S ta n d a rd CIP –003–4 — Cyb e r S e c u rity — S e c u rity Ma n a ge m e n t Co n trols

Version History
Version Date

Action

Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing
compliance elements of standards.
Removal of reasonable business judgment.
Replaced the RRO with the RE as a responsible
entity.
Rewording of Effective Date.
Requirement R2 applies to all Responsible Entities,
including Responsible Entities which have no
Critical Cyber Assets.
Modified the personnel identification information
requirements in R5.1.1 to include name, title, and
the information for which they are responsible for
authorizing access (removed the business phone
information).
Changed compliance monitor to Compliance
Enforcement Authority.

Update version number from -2 to -3

Change
Tracking

12/16/09

Approved by the NERC Board of Trustees

Update

Board approved
01/24/2011

Update version number from “3” to “4”

Update to conform
to changes to CIP002-4 (Project
2008-06)

4/19/12

FERC Order issued approving CIP-003-4 (approval
becomes effective June 25, 2012)
Added approved VRF/VSL table to section D.2.

3, 4

TBD

R1.2, R3, R3.1, R3.2, R3.3, and R4.2 and
associated elements retired as part of the Paragraph
81 project (Project 2013-02)

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

A. Introduction
1.

Title:

Cyber Security — Electronic Security Perimeter(s)

Number:

CIP-005-3a

Applicability
4.1. Within the text of Standard CIP-005-3, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity
4.2. The following are exempt from Standard CIP-005-3:

4.2.1

Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets.

Effective Date: The first day of the third calendar quarter after applicable regulatory approvals
have been received (or the Reliability Standard otherwise becomes effective in those
jurisdictions where regulatory approval is not required).

R1.2.

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R1.3.

R1.4.

Any non-critical Cyber Asset within a defined Electronic Security Perimeter shall be
identified and protected pursuant to the requirements of Standard CIP-005-3.

R1.5.

R1.6.

These processes and mechanisms shall use an access control model that denies access
by default, such that explicit access permissions must be specified.

R2.2.

R2.3.

The Responsible Entity shall implement and maintain a procedure for securing dial-up
access to the Electronic Security Perimeter(s).

R2.4.

R2.5.

The required documentation shall, at least, identify and describe:

R2.6.

R2.5.1.

The processes for access request and authorization.

R2.5.2.

The authentication methods.

R2.5.3.

The review process for authorization rights, in accordance with Standard
CIP-004-3 Requirement R4.

R2.5.4.

The controls used to secure dial-up accessible connections.

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R3.1.

R3.2.

A document identifying the vulnerability assessment process;

R4.2.

A review to verify that only ports and services required for operations at these access
points are enabled;

R4.3.

The discovery of all access points to the Electronic Security Perimeter;

R4.4.

A review of controls for default accounts, passwords, and network management
community strings;

R4.5.

Documentation of the results of the assessment, the action plan to remediate or mitigate
vulnerabilities identified in the assessment, and the execution status of that action plan.

R5. Documentation Review and Maintenance — The Responsible Entity shall review, update, and
maintain all documentation to support compliance with the requirements of Standard CIP-0053.
R5.1.

R5.2.

The Responsible Entity shall update the documentation to reflect the modification of
the network or controls within ninety calendar days of the change.

R5.3.

Compliance Monitoring Process
3

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

1.1. Compliance Enforcement Authority
1.1.1

Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.

1.1.2

ERO for Regional Entity.

1.1.3

Third-party monitor without vested interest in the outcome for NERC.

1.4.2

The Responsible Entity shall keep other documents and records required by
Standard CIP-005-3 from the previous full calendar year.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.

1.5. Additional Compliance Information
2.

Violation Severity Levels (To be developed later.)

E. Regional Variances
None identified.
Version History
Version
1
2

Date

Action

Change Tracking

01/16/06

D.2.3.1 — Change “Critical Assets,” to “Critical Cyber Assets”
as intended.

03/24/06

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

shall “implement and maintain” a procedure for securing dial-up
access to the Electronic Security Perimeter(s).
Changed compliance monitor to Compliance Enforcement
Authority.
3

Update version from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

Update

02/16/10

Added Appendix 1 – Interpretation of R1.3 approved by BOT
on February 16, 2010

Interpretation

02/02/11

Approved by FERC

TBD

R2.6 and associated elements retired as part of the Paragraph 81
project (Project 2013-02)

S ta n d a rd CIP –005–3a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Introduction
1.

Title:

Cyber Security — Electronic Security Perimeter(s)

Number:

CIP-005-4a

Applicability
4.1. Within the text of Standard CIP-005-4a, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity
4.2. The following are exempt from Standard CIP-005-4a:

4.2.1

Facilities regulated by the Canadian Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-4, identify that
they have no Critical Cyber Assets.

4.2.4

In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54.

Effective Date: The first day of the eighth calendar quarter after applicable regulatory
approvals have been received (or the Reliability Standard otherwise becomes effective the
first day of the ninth calendar quarter after BOT adoption in those jurisdictions where
regulatory approval is not required).

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R1.2.

R1.3.

R1.4.

Any non-critical Cyber Asset within a defined Electronic Security Perimeter shall be
identified and protected pursuant to the requirements of Standard CIP-005-4a.

R1.5.

R1.6.

These processes and mechanisms shall use an access control model that denies access
by default, such that explicit access permissions must be specified.

R2.2.

R2.3.

The Responsible Entity shall implement and maintain a procedure for securing dial-up
access to the Electronic Security Perimeter(s).

R2.4.

R2.5.

The required documentation shall, at least, identify and describe:

R2.6.

R2.5.1.

The processes for access request and authorization.

R2.5.2.

The authentication methods.

R2.5.3.

The review process for authorization rights, in accordance with Standard
CIP-004-4 Requirement R4.

R2.5.4.

The controls used to secure dial-up accessible connections.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

R3.2.

A document identifying the vulnerability assessment process;

R4.2.

A review to verify that only ports and services required for operations at these access
points are enabled;

R4.3.

The discovery of all access points to the Electronic Security Perimeter;

R4.4.

A review of controls for default accounts, passwords, and network management
community strings;

R4.5.

Documentation of the results of the assessment, the action plan to remediate or mitigate
vulnerabilities identified in the assessment, and the execution status of that action plan.

R5. Documentation Review and Maintenance — The Responsible Entity shall review, update, and
maintain all documentation to support compliance with the requirements of Standard CIP-0054a.

R5.1.

R5.2.

The Responsible Entity shall update the documentation to reflect the modification of
the network or controls within ninety calendar days of the change.

R5.3.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1

For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement Authority.

1.2.1

For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the Compliance
Enforcement Authority.

1.2.1

For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other applicable
governmental authorities shall serve as the Compliance Enforcement Authority.

1.2.2

For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance Enforcement
Authority.

1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

1.4.2

The Responsible Entity shall keep other documents and records required by Standard CIP-005-4a from the previous full calendar year.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all requested and
submitted subsequent audit records.

1.5. Additional Compliance Information
2.

Violation Severity Levels
4

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement
R1.

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

MEDIUM

The Responsible Entity
did not document one
or more access points
to the Electronic
Security Perimeter(s).

The Responsible Entity
identified but did not document
one or more Electronic Security
Perimeter(s).

The Responsible Entity did not ensure that one or more of
the Critical Cyber Assets resides within an Electronic
Security Perimeter.

OR
The Responsible Entity did not identify nor document one
or more Electronic Security Perimeter(s).

R1.1.

MEDIUM

N/A

R1.2.

MEDIUM

N/A

R1.3.

MEDIUM

N/A

R1.4.

MEDIUM

N/A

One or more non-critical Cyber
Asset within a defined
Electronic Security Perimeter is
not identified but is protected
pursuant to the requirements of
Standard CIP-005.

One or more non-critical Cyber Asset within a defined
Electronic Security Perimeter is identified but not
protected pursuant to the requirements of Standard CIP005.

One or more non-critical Cyber Asset within a defined
Electronic Security Perimeter is not identified and is not
protected pursuant to the requirements of Standard CIP-005.

R1.5.

MEDIUM

A Cyber Asset used in
the access

A Cyber Asset used in the
access

A Cyber Asset used in the access

control and/or monitoring of the

control and/or
monitoring of the

control and/or monitoring of
the

Electronic Security Perimeter(s) is

Electronic Security
Perimeter(s) is

provided with all but three (3) of

provided without four (4) or

the protective measures as

more of the protective measures as
specified in Standard CIP-003-4;

provided with all but
one (1) of

provided with all but two (2) of

specified in Standard CIP-003-4;

the protective measures as

Standard CIP-004-4 Requirement

the protective measures
as

specified in Standard CIP-0034;

R3; Standard CIP-005-4

Requirements R2 and R3;

specified in Standard
CIP-003-4;

Standard CIP-004-4
Requirement

Standard CIP-006-4

R3; Standard CIP-005-4

Requirement R3; Standard CIP-007-4 Requirements R1
and R3

Requirement R3; Standard CIP-007-4 Requirements R1 and
R3

Requirements R2 and R3;

through R9; Standard CIP-008-4;

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL
R3; Standard CIP-0054
Requirements R2 and
R3;
Standard CIP-006-4
Requirement R3;
Standard CIP-007-4
Requirements R1 and
R3

Moderate VSL
Standard CIP-006-4

High VSL

Severe VSL

and Standard CIP-009-4.

Requirement R3; Standard CIP007-4 Requirements R1 and R3
through R9; Standard CIP-0084;
and Standard CIP-009-4.

through R9; Standard
CIP-008-4;
and Standard CIP-0094.
R1.6.

LOWER

N/A

R2.

MEDIUM

N/A

R2.1.

MEDIUM

N/A

The processes and mechanisms did not use an access control
model that denies access by default, such that explicit access
permissions must be specified.

R2.2.

MEDIUM

N/A

At one or more access points to the Electronic Security
Perimeter(s), the Responsible Entity enabled ports and services
not required for operations and for monitoring Cyber Assets
within the Electronic Security Perimeter, and did not
document, individually or by specified grouping, the
configuration of those ports and services.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

Perimeter.

R2.3.

MEDIUM

N/A

The Responsible Entity did

The Responsible Entity did not

implement but did not maintain a

implement nor maintain a

procedure for securing dial-up

access to the Electronic Security

Perimeter(s) where applicable.

R2.4.

MEDIUM

N/A

R2.5.

LOWER

The required
documentation for R2
did not include one of
the elements described
in R2.5.1 through
R2.5.4

The required documentation for
R2 did not include two of the
elements described in R2.5.1
through R2.5.4

The required documentation for R2 did not include three of
the elements described in R2.5.1 through R2.5.4

The required documentation for R2 did not include any of the
elements described in R2.5.1 through R2.5.4

R2.5.1.

LOWER

N/A

R2.5.2.

LOWER

N/A

R2.5.3.

LOWER

N/A

R2.5.4.

LOWER

N/A

R2.6.

LOWER

The Responsible Entity
did not maintain a
document identifying
the content of the
banner.

Where technically feasible 5%
but less than 10% of electronic
access control devices did not
display an appropriate use
banner on the user screen upon
all interactive access attempts.

Where technically feasible 10% but less than 15% of
electronic access control devices did not display an
appropriate use banner on the user screen upon all
interactive access attempts.

Where technically feasible, 15% or more electronic access
control devices did not display an appropriate use banner on
the user screen upon all interactive access attempts.

(Retired)

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

Where technically
feasible less than 5%
electronic access
control devices did not
display an appropriate
use banner on the user
screen upon all
interactive access
attempts.
R3.

MEDIUM

The Responsible Entity
did not document the
electronic or manual
processes for
monitoring and logging
access to access points.

The Responsible Entity did not
implement electronic or manual
processes monitoring and
logging at 5% or more but less
than 10% of the access points.

The Responsible Entity did not implement electronic or
manual processes monitoring and logging at 10% or more
but less than 15 % of the access points.

The Responsible Entity did not implement electronic or
manual processes monitoring and logging at 15% or more of
the access points.

Where technically feasible, the
Responsible Entity did not
implement electronic or manual
processes for monitoring at 5%
or more but less than 10% of
the access points to dial-up
devices.

Where technically feasible, the Responsible Entity did not
implement electronic or manual processes for monitoring
at 10% or more but less than 15% of the access points to
dial-up devices.

Where technically feasible, the Responsible Entity did not
implement electronic or manual processes for monitoring at
15% or more of the access points to dial-up devices.

N/A

Where technically feasible, the Responsible Entity did not
implement security monitoring process(es) to detect and alert
for attempts at or actual unauthorized accesses.

OR
The Responsible Entity
did not implement
electronic or manual
processes monitoring
and logging at less than
5% of the access
points.
R3.1.

MEDIUM

R3.2.

MEDIUM

N/A

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

R4.

VRF

MEDIUM

Lower VSL

Moderate VSL

High VSL

Severe VSL

notification to designated response personnel.

The Responsible Entity
did not perform a
Vulnerability
Assessment at least
annually for less than
5% of access points to
the Electronic Security
Perimeter(s).

The Responsible Entity did not
perform a Vulnerability
Assessment at least annually
for 5% or more but less than
10% of access points to the
Electronic Security
Perimeter(s).

The Responsible Entity did not perform a Vulnerability
Assessment at least annually for 10% or more but less than
15% of access points to the Electronic Security
Perimeter(s).

OR
The vulnerability assessment did not include one (1) or more
of the subrequirements R 4.1, R4.2, R4.3, R4.4, R4.5.

R4.1.

LOWER

N/A

R4.2.

MEDIUM

N/A

R4.3.

MEDIUM

N/A

R4.4.

MEDIUM

N/A

R4.5.

MEDIUM

N/A

R5.

LOWER

The Responsible Entity
did not review, update,
and maintain at least
one but less than or
equal to 5% of the
documentation to
support compliance
with the requirements
of Standard CIP-005-4.

The Responsible Entity did not
review, update, and maintain
greater than 5% but less than or
equal to 10% of the
documentation to support
compliance with the
requirements of Standard CIP005-4.

The Responsible Entity did not review, update, and
maintain greater than 10% but less than or equal to 15% of
the documentation to support compliance with the
requirements of Standard CIP-005-4.

The Responsible Entity did not review, update, and maintain
greater than 15% of the documentation to support compliance
with the requirements of Standard CIP-005-4.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Requirement

VRF

Lower VSL

Moderate VSL

High VSL

Severe VSL

R5.1.

LOWER

N/A

The Responsible Entity did not
provide evidence of an annual
review of the documents and
procedures referenced in
Standard CIP-005-4.

The Responsible Entity did not document current
configurations and processes referenced in Standard CIP005-4.

The Responsible Entity did not document current
configurations and processes and did not review the documents
and procedures referenced in Standard CIP-005-4 at least
annually.

R5.2.

LOWER

For less than 5% of the
applicable changes, the
Responsible Entity did
not update the
documentation to
reflect the modification
of the network or
controls within ninety
calendar days of the
change.

For 15% or more of the applicable changes, the Responsible
Entity did not update the documentation to reflect the
modification of the network or controls within ninety calendar
days of the change.

R5.3.

LOWER

The Responsible Entity
retained electronic
access logs for 75 or
more calendar days, but
for less than 90
calendar days.

The Responsible Entity retained
electronic access logs for 60 or
more calendar days, but for less
than 75 calendar days.

The Responsible Entity retained electronic access logs for
45 or more calendar days , but for less than 60 calendar
days.

The Responsible Entity retained electronic access logs for less
than 45 calendar days.

Regional Variances
None identified.

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

Version History
Version

Date

Action

Change Tracking

01/16/06

D.2.3.1 — Change “Critical Assets,” to
“Critical Cyber Assets” as intended.

03/24/06

Approved by
NERC Board of
Trustees 5/6/09

Modifications to clarify the requirements
and to bring the compliance elements into
conformance with the latest guidelines for
developing compliance elements of
standards.
Removal of reasonable business judgment.
Replaced the RRO with the RE as a
responsible entity.
Rewording of Effective Date.
Revised the wording of the Electronic
Access Controls requirement stated in R2.3
to clarify that the Responsible Entity shall
“implement and maintain” a procedure for
securing dial-up access to the Electronic
Security Perimeter(s).
Changed compliance monitor to
Compliance Enforcement Authority.

Revised.

12/16/09

Conforming revisions for
FERC Order on CIP V2
Standards (9/30/2009)

02/16/10

Added Appendix 1 — Interpretation of R1.3
approved by BOT on February 16, 2010

Addition

01/24/11

Adopted by the NERC Board of Trustees

Update to conform to
changes to CIP-002-4
(Project 2008-06)
Update version number
from “3” to “4a”

4/19/12

FERC Order issued approving CIP-005-4a
(approval becomes effective June 25, 2012)
Added approved VRF/VSL table to section
D.2.

3a, 4a

TBD

R2.6 and associated elements retired as part
of the Paragraph 81 project (Project 201302)
11

S ta n d a rd CIP –005–4a — Cyb e r S e c u rity — Ele c tro n ic S e c u rity P e rim e te r(s )

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

A. Introduction
1.

Title:

Cyber Security — Systems Security Management

Number:

CIP-007-3

Applicability:
4.1. Within the text of Standard CIP-007-3, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-007-3:

4.2.1

Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets.

B. Requirements
R1.

The Responsible Entity shall create, implement, and maintain cyber security test
procedures in a manner that minimizes adverse effects on the production system or its
operation.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R2.

R3.

R4.

R5.

R1.2.

The Responsible Entity shall document that testing is performed in a manner that
reflects the production environment.

R1.3.

The Responsible Entity shall document test results.

The Responsible Entity shall enable only those ports and services required for normal
and emergency operations.

R2.2.

The Responsible Entity shall disable other ports and services, including those used for
testing purposes, prior to production use of all Cyber Assets inside the Electronic
Security Perimeter(s).

R2.3.

In the case where unused ports and services cannot be disabled due to technical
limitations, the Responsible Entity shall document compensating measure(s) applied
to mitigate risk exposure.

The Responsible Entity shall document the assessment of security patches and
security upgrades for applicability within thirty calendar days of availability of the
patches or upgrades.

R3.2.

R4.2.

The Responsible Entity shall document and implement a process for the update of
anti-virus and malware prevention “signatures.” The process must address testing and
installing the signatures.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R5.3.

R6.

R7.

R6.2.

The security monitoring controls shall issue automated or manual alerts for detected
Cyber Security Incidents.

R6.3.

The Responsible Entity shall maintain logs of system events related to cyber security,
where technically feasible, to support incident response as required in Standard CIP008-3.

R6.4.

The Responsible Entity shall retain all logs specified in Requirement R6 for ninety
calendar days.

R6.5.

The Responsible Entity shall review logs of system events related to cyber security
and maintain records documenting review of logs.

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R8.

R9.

R7.1.

Prior to the disposal of such assets, the Responsible Entity shall destroy or erase the
data storage media to prevent unauthorized retrieval of sensitive cyber security or
reliability data.

R7.2.

Prior to redeployment of such assets, the Responsible Entity shall, at a minimum,
erase the data storage media to prevent unauthorized retrieval of sensitive cyber
security or reliability data.

R7.3.

The Responsible Entity shall maintain records that such assets were disposed of or
redeployed in accordance with documented procedures. (Retired)

R8.3.
R8.4.

Compliance Monitoring Process

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

1.1. Compliance Enforcement Authority
1.1.1

Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.

1.1.2

ERO for Regional Entity.

1.1.3

Third-party monitor without vested interest in the outcome for NERC.

1.4.2

The Responsible Entity shall retain security–related system event logs for ninety
calendar days, unless longer retention is required pursuant to Standard CIP-008-3
Requirement R2.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.

1.5. Additional Compliance Information.
2.

Violation Severity Levels (To be developed later.)

E. Regional Variances
None identified.
Version History
Version
2

Date

Action

Change Tracking

Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing compliance
elements of standards.
Removal of reasonable business judgment and
acceptance of risk.
Revised the Purpose of this standard to clarify that
Standard CIP-007-2 requires Responsible Entities to
define methods, processes, and procedures for
securing Cyber Assets and other (non-Critical)

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–3 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

Updated version numbers from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

TBD

R7.3 and associated elements retired as part of the
Paragraph 81 project (Project 2013-02)

Ap p ro ve d b y Bo a rd o f Tru s te e s : De c e m b e r 16, 2009

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

A. Introduction
1.

Title:

Cyber Security — Systems Security Management

Number:

CIP-007-4

Applicability:
4.1. Within the text of Standard CIP-007-4, “Responsible Entity” shall mean:
4.1.1

Reliability Coordinator.

4.1.2

Balancing Authority.

4.1.3

Interchange Authority.

4.1.4

Transmission Service Provider.

4.1.5

Transmission Owner.

4.1.6

Transmission Operator.

4.1.7

Generator Owner.

4.1.8

Generator Operator.

4.1.9

Load Serving Entity.

4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-007-4:

4.2.1

Facilities regulated by the Canadian Nuclear Safety Commission.

4.2.2

Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.

4.2.3

In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54

4.2.4

Responsible Entities that, in compliance with Standard CIP-002-4, identify that
they have no Critical Cyber Assets.

B. Requirements
R1.

Test Procedures — The Responsible Entity shall ensure that new Cyber Assets and significant
changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely
affect existing cyber security controls. For purposes of Standard CIP-007-4, a significant
change shall, at a minimum, include implementation of security patches, cumulative service
packs, vendor releases, and version upgrades of operating systems, applications, database
platforms, or other third-party software or firmware.
1

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R2.

R3.

R4.

R5.

R1.1.

The Responsible Entity shall create, implement, and maintain cyber security test
procedures in a manner that minimizes adverse effects on the production system or its
operation.

R1.2.

The Responsible Entity shall document that testing is performed in a manner that
reflects the production environment.

R1.3.

The Responsible Entity shall document test results.

The Responsible Entity shall enable only those ports and services required for normal
and emergency operations.

R2.2.

The Responsible Entity shall disable other ports and services, including those used for
testing purposes, prior to production use of all Cyber Assets inside the Electronic
Security Perimeter(s).

R2.3.

In the case where unused ports and services cannot be disabled due to technical
limitations, the Responsible Entity shall document compensating measure(s) applied
to mitigate risk exposure.

The Responsible Entity shall document the assessment of security patches and
security upgrades for applicability within thirty calendar days of availability of the
patches or upgrades.

R3.2.

R4.2.

The Responsible Entity shall document and implement a process for the update of
anti-virus and malware prevention “signatures.” The process must address testing and
installing the signatures.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R5.3.

R6.

R6.2.

The security monitoring controls shall issue automated or manual alerts for detected
Cyber Security Incidents.

R6.3.

The Responsible Entity shall maintain logs of system events related to cyber security,
where technically feasible, to support incident response as required in Standard CIP008-4.

R6.4.

The Responsible Entity shall retain all logs specified in Requirement R6 for ninety
calendar days.

R6.5.

The Responsible Entity shall review logs of system events related to cyber security
and maintain records documenting review of logs.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R7.

R8.

R9.

Prior to the disposal of such assets, the Responsible Entity shall destroy or erase the
data storage media to prevent unauthorized retrieval of sensitive cyber security or
reliability data.

R7.2.

Prior to redeployment of such assets, the Responsible Entity shall, at a minimum,
erase the data storage media to prevent unauthorized retrieval of sensitive cyber
security or reliability data.

R7.3.

The Responsible Entity shall maintain records that such assets were disposed of or
redeployed in accordance with documented procedures. (Retired)

R8.3.
R8.4.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Enforcement Authority
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1

For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement Authority.

1.2.2

For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the Compliance
Enforcement Authority.

1.2.3

For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other applicable
governmental authorities shall serve as the Compliance Enforcement Authority.

1.2.4

For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance Enforcement
Authority.

1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
1.4.1

The Responsible Entity shall keep all documentation and records from the previous full calendar year unless directed by its Compliance
Enforcement Authority to retain specific evidence for a longer period of time as part of an investigation.

1.4.2

The Responsible Entity shall retain security–related system event logs for ninety calendar days, unless longer retention is required
pursuant to Standard CIP-008-4 Requirement R2.

1.4.3

The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all requested and
submitted subsequent audit records.

1.5. Additional Compliance Information.
2.

Violation Severity Levels

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

Requirement
R1.

VRF
MEDIUM

Lower VSL
N/A

Moderate VSL
The Responsible Entity did
create, implement and maintain
the test procedures as required in
R1.1, but did not document
that testing is performed as
required in R1.2.

High VSL

Severe VSL

The Responsible Entity did not create, implement and
maintain the test procedures as required in R1.1.

The Responsible Entity did not create, implement and maintain
the test procedures as required in R1.1,
AND
The Responsible Entity did not document that testing was
performed as required in R1.2

AND

The Responsible Entity did not
document the test results as
required in R1.3.

The Responsible Entity did not document the test results as
required in R1.3.

R1.1.

MEDIUM

N/A

R1.2.

LOWER

N/A

R1.3.

LOWER

N/A

R2.

MEDIUM

N/A

The Responsible Entity
established (implemented) but
did not document a process to
ensure that only those ports and
services required for normal and
emergency operations are
enabled.

The Responsible Entity documented but did not establish
(implement) a process to ensure that only those ports and
services required for normal and emergency operations are
enabled.

The Responsible Entity did not establish (implement) nor
document a process to ensure that only those ports and services
required for normal and emergency operations are enabled.

R2.1.

MEDIUM

The Responsible Entity
enabled ports and
services not required for
normal and emergency
operations on at least
one but less than 5% of
the Cyber Assets inside
the Electronic Security
Perimeter(s).

The Responsible Entity enabled
ports and services not required
for normal and emergency
operations on 5% or more but
less than 10% of the Cyber
Assets inside the Electronic
Security Perimeter(s).

The Responsible Entity enabled ports and services not
required for normal and emergency operations on 10% or
more but less than 15% of the Cyber Assets inside the
Electronic Security Perimeter(s).

The Responsible Entity enabled ports and services not required
for normal and emergency operations on 15% or more of the
Cyber Assets inside the Electronic Security Perimeter(s).

R2.2.

MEDIUM

The Responsible Entity
did not disable other
ports and services,
including those used for

The Responsible Entity did not
disable other ports and services,
including those used for testing
purposes, prior to production use

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

testing purposes, prior
to production use for at
least one but less than
5% of the Cyber Assets
inside the Electronic
Security Perimeter(s).

for 5% or more but less than
10% of the Cyber Assets inside
the Electronic Security
Perimeter(s).

R2.3.

MEDIUM

N/A

For cases where unused ports and services cannot be disabled
due to technical limitations, the Responsible Entity did not
document compensating measure(s) applied to mitigate risk
exposure.

R3.

LOWER

tracking, evaluating,
testing, and installing
applicable cyber
security software
patches for all Cyber
Assets within the
Electronic Security
Perimeter(s).
R3.1.

LOWER

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R3.2.

LOWER

N/A

R4.

MEDIUM

The Responsible Entity, as
technically feasible, did not use
anti-virus software and other
malicious software (“malware”)
prevention tools, nor
implemented compensating
measures, on at least 5% but less
than 10% of Cyber Assets within
the Electronic Security
Perimeter(s).

The Responsible Entity, as technically feasible, did not use
anti-virus software and other malicious software
(“malware”) prevention tools, nor implemented
compensating measures, on at least 10% but less than 15%
of Cyber Assets within the Electronic Security Perimeter(s).

R4.1.

MEDIUM

N/A

R4.2.

MEDIUM

R5.

LOWER

N/A

The Responsible Entity
implemented but did not
document technical and
procedural controls that enforce
access authentication of, and
accountability for, all user
activity.

The Responsible Entity documented but did not implement
technical and procedural controls that enforce access
authentication of, and accountability for, all user activity.

The Responsible Entity did not document nor implement
technical and procedural controls that enforce access
authentication of, and accountability for, all user activity.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R5.1.

MEDIUM

N/A

R5.1.1.

LOWER

At least one user
account but less than
1% of user accounts
implemented by the
Responsible Entity,
were not approved by
designated personnel.

One (1) % or more of user
accounts but less than 3% of
user accounts implemented by
the Responsible Entity were not
approved by designated
personnel.

Three (3) % or more of user accounts but less than 5% of
user accounts implemented by the Responsible Entity were
not approved by designated personnel.

Five (5) % or more of user accounts implemented by the
Responsible Entity were not approved by designated personnel.

R5.1.2.

LOWER

N/A

The Responsible Entity generated logs with insufficient
detail to create historical audit trails of individual user
account access activity.

The Responsible Entity did not generate logs of individual user
account access activity.

R5.1.3.

MEDIUM

N/A

The Responsible Entity did not review, at least annually, user
accounts to verify access privileges are in accordance with
Standard CIP-003-4 Requirement R5 and Standard CIP-004-4
Requirement R4.

R5.2.

LOWER

N/A

R5.2.1.

MEDIUM

N/A

For accounts that must remain enabled, the Responsible Entity
did not change passwords prior to putting any system into
service.

R5.2.2.

LOWER

N/A

The Responsible Entity did not identify all individuals with
access to shared accounts.

R5.2.3.

MEDIUM

N/A

Where such accounts must be
shared, the Responsible Entity
has a policy for managing the
use of such accounts, but is
missing 1 of the following 3
items:

Where such accounts must be shared, the Responsible Entity
has a policy for managing the use of such accounts, but is
missing 2 of the following 3 items:

a) limits access to only those
with authorization,
b) has an audit trail of the
account use (automated or

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

manual),
c) has specified steps for
securing the account in the event
of personnel changes (for
example, change in assignment
or termination).
R5.3.

LOWER

The Responsible Entity
requires and uses
passwords as technically
feasible, but only
addresses 2 of the
requirements in R5.3.1,
R5.3.2., R5.3.3.

The Responsible Entity requires
and uses passwords as
technically feasible but only
addresses 1 of the requirements
in R5.3.1, R5.3.2., R5.3.3.

The Responsible Entity requires but does not use passwords
as required in R5.3.1, R5.3.2., R5.3.3 and did not
demonstrate why it is not technically feasible.

The Responsible Entity does not require nor use passwords as
required in R5.3.1, R5.3.2., R5.3.3 and did not demonstrate why
it is not technically feasible.

R5.3.1.

LOWER

N/A

R5.3.2.

LOWER

N/A

R5.3.3.

MEDIUM

N/A

R6.

LOWER

The Responsible Entity, as
technically feasible, did not
implement automated tools or
organizational process controls
to monitor system events that are
related to cyber security for 5%
or more but less than 10% of
Cyber Assets inside the
Electronic Security Perimeter(s).

The Responsible Entity did not implement automated tools or
organizational process controls, as technically feasible, to
monitor system events that are related to cyber security for 15%
or more of Cyber Assets inside the Electronic Security
Perimeter(s).

R6.1.

MEDIUM

N/A

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

R6.2.

MEDIUM

N/A

The Responsible entity's security monitoring controls do not
issue automated or manual alerts for detected Cyber Security
Incidents.

R6.3.

MEDIUM

N/A

The Responsible Entity did not maintain logs of system events
related to cyber security, where technically feasible, to support
incident response as required in Standard CIP-008-4.

R6.4.

LOWER

The Responsible Entity
retained the logs
specified in
Requirement R6, for at
least 60 days, but less
than 90 days.

The Responsible Entity retained
the logs specified in
Requirement R6, for at least 30
days, but less than 60 days.

The Responsible Entity retained the logs specified in
Requirement R6, for at least one day, but less than 30 days.

The Responsible Entity did not retain any logs specified in
Requirement R6.

R6.5.

LOWER

N/A

The Responsible Entity did not review logs of system events
related to cyber security nor maintain records documenting
review of logs.

R7.

LOWER

(Retired)

Formatted: Font color: Red

R7.1.

LOWER

N/A

R7.2.

LOWER

N/A

R7.3.

LOWER

N/A

(Retired)

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

LOWER

The Responsible Entity
performed at least
annually a Vulnerability
Assessment that
included 95% or more
but less than 100% of
Cyber Assets within the
Electronic Security
Perimeter.

The Responsible Entity
performed at least annually a
Vulnerability Assessment that
included 90% or more but less
than 95% of Cyber Assets within
the Electronic Security
Perimeter.

The Responsible Entity performed at least annually a
Vulnerability Assessment that included more than 85% but
less than 90% of Cyber Assets within the Electronic Security
Perimeter.

R8.1.

LOWER

N/A

R8.2.

MEDIUM

N/A

R8.3.

MEDIUM

N/A

R8.4.

MEDIUM

N/A

LOWER

N/A

The Responsible Entity did not review and update the
documentation specified in Standard CIP-007-4 at least
annually.

OR
The Responsible Entity did not document changes resulting
from modifications to the systems or controls within thirty
calendar days of the change being completed.

S ta n d a rd CIP –007–4 — Cyb e r S e c u rity — S ys te m s S e c u rity Ma n a g e m e n t

E. Regional Variances
None identified.
Version History
Version

Date

Action

Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing compliance
elements of standards.
Removal of reasonable business judgment and
acceptance of risk.
Revised the Purpose of this standard to clarify that
Standard CIP-007-2 requires Responsible Entities to
define methods, processes, and procedures for
securing Cyber Assets and other (non-Critical)
Assets within an Electronic Security Perimeter.
Replaced the RRO with the RE as a responsible
entity.
Rewording of Effective Date.
R9 changed ninety (90) days to thirty (30) days
Changed compliance monitor to Compliance
Enforcement Authority.

Updated version numbers from -2 to -3

12/16/09

Approved by the NERC Board of Trustees

Board
approved
01/24/2011

Update version number from “3” to “4”

4/19/12

FERC Order issued approving CIP-007-4 (approval
becomes effective June 25, 2012)

Change Tracking

Update to conform to
changes to CIP-002-4
(Project 2008-06)

Added approved VRF/VSL table to section D.2.
3, 4

TBD

R7.3 and associated elements retired as part of the
Paragraph 81 project (Project 2013-02)

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

A. Introduction
1.

Title:

Disturbance Reporting

Number:

EOP-004-1

Applicability
4.1. Reliability Coordinators.
4.2. Balancing Authorities.
4.3. Transmission Operators.
4.4. Generator Operators.
4.5. Load Serving Entities.
4.6. Regional Reliability Organizations.

Effective Date:

January 1, 2007

B. Requirements
R1.

Each Regional Reliability Organization shall establish and maintain a Regional
reporting procedure to facilitate preparation of preliminary and final disturbance
reports. (Retired)

R2.

A Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator or Load Serving Entity shall promptly analyze Bulk Electric System
disturbances on its system or facilities.

R3.

R3.2.

Applicable reporting forms are provided in Attachments 1-EOP-004 and 2EOP-004.

R3.3.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 1 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

R4.

R5.

C. Measures
M1. The Regional Reliability Organization shall have and provide upon request as

evidence, its current regional reporting procedure that is used to facilitate preparation
of preliminary and final disturbance reports. (Requirement 1) (Retired)
M2. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator

Page 2 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

D. Compliance
1.

Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility

Each Regional Reliability Organization shall have its current, in-force, regional
reporting procedure as evidence of compliance. (Measure 1) (Retired)
Each Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator, and/or Load Serving Entity that is either involved in a Bulk
Electric System disturbance or has a reportable incident shall keep data related to
the incident for a year from the event or for the duration of any regional
investigation, whichever is longer. (Measures 2 through 4)
If an entity is found non-compliant the entity shall keep information related to the
noncompliance until found compliant or for two years plus the current year,
whichever is longer.
Evidence used as part of a triggered investigation shall be retained by the entity
being investigated for one year from the date that the investigation is closed, as
determined by the Compliance Monitor,
The Compliance Monitor shall keep the last periodic audit report and all requested
and submitted subsequent compliance records.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 3 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

1.4. Additional Compliance Information

See Attachments:
- EOP-004 Disturbance Reporting Form
- Table 1 EOP-004
Levels of Non-Compliance for a Regional Reliability Organization

2.1. Level 1: Not applicable.
2.2. Level 2: Not applicable.
2.3. Level 3: Not applicable.
2.4. Level 4: No current procedure to facilitate preparation of preliminary and final

disturbance reports as specified in R1. (Retired)
Levels of Non-Compliance for a Reliability Coordinator, Balancing Authority,
Transmission Operator, Generator Operator, and Load- Serving Entity:

3.1. Level 1: There shall be a level one non-compliance if any of the following

conditions exist:
3.1.1

Failed to prepare and deliver the NERC Interconnection Reliability
Operating Limit and Preliminary Disturbance Reports to NERC within 24
hours of its recognition as specified in Requirement 3.1

3.1.2

Failed to provide disturbance information verbally as time permitted,
when system conditions precluded the preparation of a report in 24 hours
as specified in R3.3

3.1.3

Failed to prepare a final report within 60 days as specified in R3.4

3.2. Level 2: Not applicable.
3.3. Level 3: Not applicable
3.4. Level 4: Not applicable.
E. Regional Differences

None identified.
Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

May 23, 2005

Fixed reference to attachments 1-EOP004-0 and 2-EOP-004-0, Changed chart
title 1-FAC-004-0 to 1-EOP-004-0,
Fixed title of Table 1 to read 1-EOP004-0, and fixed font.

Errata

July 6, 2005

Fixed email in Attachment 1-EOP-004-0 Errata
from [email protected] to
[email protected].

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 4 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

July 26, 2005

Fixed Header on page 8 to read EOP004-0

Errata

August 8, 2005

Removed “Proposed” from Effective
Date

Errata

November 1,
2006

Adopted by Board of Trustees

Revised

TBD

R1 and associated elements retired as
part of the Paragraph 81 project (Project
2013-02)

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 5 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

2.
3.

The loss of a bulk power transmission component that significantly affects the integrity of
interconnected system operations. Generally, a disturbance report will be required if the
event results in actions such as:
a.
Modification of operating procedures.
b.
Modification of equipment (e.g. control systems or special protection systems) to
prevent reoccurrence of the event.
c.
Identification of valuable lessons learned.
d.
Identification of non-compliance with NERC standards or policies.
e.
Identification of a disturbance that is beyond recognized criteria, i.e. three-phase fault
with breaker failure, etc.
f.
Frequency or voltage going below the under-frequency or under-voltage load shed
points.
The occurrence of an interconnected system separation or system islanding or both.
Loss of generation by a Generator Operator, Balancing Authority, or Load-Serving Entity
 2,000 MW or more in the Eastern Interconnection or Western Interconnection and 1,000
MW or more in the ERCOT Interconnection.
Equipment failures/system operational actions which result in the loss of firm system
demands for more than 15 minutes, as described below:
a.
Entities with a previous year recorded peak demand of more than 3,000 MW are
required to report all such losses of firm demands totaling more than 300 MW.
b.
All other entities are required to report all such losses of firm demands totaling more
than 200 MW or 50% of the total customers being supplied immediately prior to the
incident, whichever is less.
Firm load shedding of 100 MW or more to maintain the continuity of the bulk electric
system.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 6 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

7.
8.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 7 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

Yes

FIRM

INTERRUPTIBLE

Demand tripped (MW):
Number of affected Customers:

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 8 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

Demand lost (MW-Minutes):
11. Restoration time.

INITIAL

FINAL

Transmission:
Generation:
Demand:

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 9 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

Attachment 2-EOP-004
U.S. Department of Energy Disturbance Reporting Requirements
Introduction
The U.S. Department of Energy (DOE), under its relevant authorities, has established mandatory
reporting requirements for electric emergency incidents and disturbances in the United States.
DOE collects this information from the electric power industry on Form EIA-417 to meet its
overall national security and Federal Energy Management Agency’s Federal Response Plan
(FRP) responsibilities. DOE will use the data from this form to obtain current information
regarding emergency situations on U.S. electric energy supply systems. DOE’s Energy
Information Administration (EIA) will use the data for reporting on electric power emergency
incidents and disturbances in monthly EIA reports. In addition, the data may be used to develop
legislative recommendations, reports to the Congress and as a basis for DOE investigations
following severe, prolonged, or repeated electric power reliability problems.
Every Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator
or Load Serving Entity must use this form to submit mandatory reports of electric power system
incidents or disturbances to the DOE Operations Center, which operates on a 24-hour basis,
seven days a week. All other entities operating electric systems have filing responsibilities to
provide information to the Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator or Load Serving Entity when necessary for their reporting obligations and to
file form EIA-417 in cases where these entities will not be involved. EIA requests that it be
notified of those that plan to file jointly and of those electric entities that want to file separately.
Special reporting provisions exist for those electric utilities located within the United States, but
for whom Reliability Coordinator oversight responsibilities are handled by electrical systems
located across an international border. A foreign utility handling U.S. Balancing Authority
responsibilities, may wish to file this information voluntarily to the DOE. Any U.S.-based utility
in this international situation needs to inform DOE that these filings will come from a foreignbased electric system or file the required reports themselves.
Form EIA-417 must be submitted to the DOE Operations Center if any one of the following
applies (see Table 1-EOP-004-0 — Summary of NERC and DOE Reporting Requirements for
Major Electric System Emergencies):
1. Uncontrolled loss of 300 MW or more of firm system load for more than 15 minutes from a
2.
3.
4.
5.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 10 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

6. Actual or suspected cyber or communications attacks that could impact electric power system

system.
The initial DOE Emergency Incident and Disturbance Report (form EIA-417 – Schedule 1) shall
be submitted to the DOE Operations Center within 60 minutes of the time of the system
disruption. Complete information may not be available at the time of the disruption. However,
provide as much information as is known or suspected at the time of the initial filing. If the
incident is having a critical impact on operations, a telephone notification to the DOE Operations
Center (202-586-8100) is acceptable, pending submission of the completed form EIA-417.
Electronic submission via an on-line web-based form is the preferred method of notification.
However, electronic submission by facsimile or email is acceptable.
An updated form EIA-417 (Schedule 1 and 2) is due within 48 hours of the event to provide
complete disruption information. Electronic submission via facsimile or email is the preferred
method of notification. Detailed DOE Incident and Disturbance reporting requirements can be
found at: ftp://ftp.eia.doe.gov/pub/electricity/eiafor417.doc.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 11 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

Table 1-EOP-004-0
Summary of NERC and DOE Reporting Requirements for Major Electric System
Emergencies
Incident
Report
Incident
Threshold
Time
No.
Required
EIA – SchUncontrolled loss
1 hour
1
of Firm System
≥ 300 MW – 15 minutes or more
48
1
EIA – SchLoad
hour
2
EIA – Sch1 hour
≥ 100 MW under emergency
1
Load Shedding
48
2
operational policy
EIA – Schhour
2
EIA – Sch1 hour
Voltage
1
3% or more – applied system-wide
48
3
EIA – SchReductions
hour
2
EIA – Sch1 hour
1
Emergency conditions to reduce
Public Appeals
48
4
EIA – Schdemand
hour
2
EIA – SchPhysical sabotage,
1 hour
On physical security systems –
1
terrorism or
48
5
suspected or real
EIA – Schvandalism
hour
2
EIA – SchCyber sabotage,
1 hour
If the attempt is believed to have or
1
terrorism or
48
6
did happen
EIA – Schvandalism
hour
2
EIA – Sch1 hour
Fuel supply
Fuel inventory or hydro storage levels 1
48
7
EIA – Schemergencies
≤ 50% of normal
hour
2
EIA – Sch1 hour
Loss of electric
1
≥
50,000
for
1
hour
or
more
48
8
service
EIA – Schhour
2
Complete
EIA – SchIf isolated or interconnected electrical
1 hour
operation failure
1
48
systems suffer total electrical system
9
of electrical
EIA – Schcollapse
hour
system
2
All DOE EIA-417 Schedule 1 reports are to be filed within 60-minutes after the start of an
incident or disturbance
All DOE EIA-417 Schedule 2 reports are to be filed within 48-hours after the start of an
incident or disturbance

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 12 of 13

S ta n d a rd EOP -004-1 — Dis tu rb a n c e Re p o rtin g

All entities required to file a DOE EIA-417 report (Schedule 1 & 2) shall send a copy of these
reports to NERC simultaneously, but no later than 24 hours after the start of the incident or
disturbance.
Incident
Report
Incident
Threshold
Time
No.
Required
NERC
24
Loss of major
Significantly affects integrity of
Prelim
hour
1
system component
interconnected system operations
Final
60 day
report
Interconnected
NERC
Total system shutdown
24
system separation
Prelim
Partial shutdown, separation, or
hour
2
or system
Final
islanding
60 day
islanding
report
NERC
24
≥ 2,000 – Eastern Interconnection
Prelim
Loss of generation
≥ 2,000 – Western Interconnection
hour
3
Final
≥ 1,000 – ERCOT Interconnection
60 day
report
Entities with peak demand ≥3,000:
NERC
24
loss ≥300 MW
Prelim
Loss of firm load
hour
4
All others ≥200MW or 50% of total
Final
≥15-minutes
60 day
demand
report
NERC
24
Firm load
≥100 MW to maintain continuity of
Prelim
hour
5
shedding
bulk system
Final
60 day
report
• Voltage excursions ≥10%
System operation
NERC
24
• Major damage to system
or operation
Prelim
hour
6
components
actions resulting
Final
60 day
•
Failure,
degradation,
or
in:
report
misoperation of SPS
NERC
72
Prelim
IROL violation
Reliability standard TOP-007.
hour
7
Final
60 day
report
NERC
Due to nature of disturbance &
24
As requested by
Prelim
usefulness to industry (lessons
hour
8
ORS Chairman
Final
learned)
60 day
report
All NERC Operating Security Limit and Preliminary Disturbance reports will be filed within 24
hours after the start of the incident. If an entity must file a DOE EIA-417 report on an incident,
which requires a NERC Preliminary report, the Entity may use the DOE EIA-417 form for both
DOE and NERC reports.
Any entity reporting a DOE or NERC incident or disturbance has the responsibility to also
notify its Regional Reliability Organization.

Adopted by Board of Trustees: November 1, 2006
Effective Date: January 1, 2007

Page 13 of 13

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

A. Introduction
1.

Title:

System Restoration from Blackstart Resources

Number:

EOP-005-2

Strategies for system restoration that are coordinated with the Reliability
Coordinator’s high level strategy for restoring the Interconnection.

R1.2.

R1.3.

Procedures for restoring interconnections with other Transmission Operators
under the direction of the Reliability Coordinator.

R1.4.

R1.5.

Identification of Cranking Paths and initial switching requirements between
each Blackstart Resource and the unit(s) to be started.

R1.6.

Identification of acceptable operating voltage and frequency limits during
restoration.

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

R1.7.

Operating Processes to reestablish connections within the Transmission
Operator’s System for areas that have been restored and are prepared for
reconnection.

R1.8.

R1.9.

Operating Processes for transferring authority back to the Balancing Authority
in accordance with the Reliability Coordinator’s criteria.

Each Transmission Operator shall submit its revised restoration plan to its
Reliability Coordinator for approval within the same 90 calendar day period.

The capability of Blackstart Resources to meet the Real and Reactive Power
requirements of the Cranking Paths and the dynamic capability to supply initial
Loads.

R6.2.

The location and magnitude of Loads required to control voltages and
frequency within acceptable operating limits.

R6.3.

The capability of generating resources required to control voltages and
frequency within acceptable operating limits.

R7. Following a Disturbance in which one or more areas of the BES shuts down and the
use of Blackstart Resources is required to restore the shut down area to service, each

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

The frequency of testing such that each Blackstart Resource is tested at least
once every three calendar years.

R9.2.

R9.3.

The minimum duration of each of the required tests.

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

Compliance Monitoring Process
1.1. Compliance Enforcement Authority

Regional Entity.
1.2. Compliance Monitoring Period and Reset Time Frame

Not applicable.
1.3. Compliance Monitoring and Enforcement Processes:

Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention

S ta n d a rd EOP -005-2 — S ys te m Re s tora tio n fro m Bla c ks ta rt Re s o u rce s

The Compliance Enforcement Authority shall keep the last audit records and all
requested and submitted subsequent audit records.
1.5. Additional Compliance Information

None.
2.

Violation Severity Levels

E. Regional Variances
None.
Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

August 8, 2005

Removed “Proposed” from
Effective Date

Errata

May 2, 2007

Approved by Board of
Trustees

Revised

TBD

Revisions pursuant to
Project 2006-03

Updated testing requirements
Incorporated Attachment 1 into the
requirements
Updated Measures and Compliance to
match new Requirements

August 5, 2009

Adopted by Board of
Trustees

Revised

March 17, 2011

Order issued by FERC
approving EOP-005-2
(approval effective
5/23/11)

TBD

R3.1 and associated
elements retired as part of
the Paragraph 81 project
(Project 2013-02)

Standard FAC-002-1 — Coordination of Plans for New Facilities
A.

Introduction
1.

Title:
Facilities

Coordination of Plans For New Generation, Transmission, and End-User

Number:

FAC-002-1

Purpose: To avoid adverse impacts on reliability, Generator Owners and Transmission
Owners and electricity end-users must meet facility connection and performance requirements.

Applicability:

4.1.

Generator Owner

4.2.

Transmission Owner

4.3.

Distribution Provider

4.4.

Load-Serving Entity

4.5.

Transmission Planner

4.6.

Planning Authority

Evaluation of the reliability impact of the new facilities and their connections on the
interconnected transmission systems.

1.2.

Ensurance of compliance with NERC Reliability Standards and applicable Regional,
subregional, Power Pool, and individual system planning criteria and facility
connection requirements.

1.3.

1.4.

1.5.

Documentation that the assessment included study assumptions, system performance,
alternatives considered, and jointly coordinated recommendations.

Adopted by Board of Trustees: August 5, 2010

1 of 3

Compliance
1.

Compliance Monitoring Process
1.1.

Compliance Enforcement Authority
Regional Entity.

1.2.

Compliance Monitoring Period and Reset Timeframe
Not applicable.

1.3.

Compliance Monitoring and Enforcement Processes:
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints

2.
E.

1.4.

Data Retention
Evidence of the assessment of the reliability impacts of new facilities and their
connections on the interconnected transmission systems: Three years.

1.5.

Additional Compliance Information
None

Violation Severity Levels (no changes)

Regional Differences
1.

None identified.

Version History
Version

Date

Action

Change Tracking

April 1, 2005

Effective Date

New

January 13, 2006

Removed duplication of “Regional Reliability
Organizations(s).

Errata

TBD

Modified to address Order No. 693 Directives
contained in paragraph 693.

Revised.

Adopted by Board of Trustees: August 5, 2010

2 of 3

Standard FAC-002-1 — Coordination of Plans for New Facilities

TBD

R2 and associated elements retired as part of
the Paragraph 81 project (Project 2013-02)

Adopted by Board of Trustees: August 5, 2010

3 of 3

Standard FAC-008-1 — Facility Ratings Methodology

A. Introduction
1.

Title:

Facility Ratings Methodology

Number:

FAC-008-1

Purpose:
To ensure that Facility Ratings used in the reliable planning and operation of the
Bulk Electric System (BES) are determined based on an established methodology or
methodologies.

Applicability
4.1. Transmission Owner
4.2. Generator Owner

Effective Date:

August 7, 2006

B. Requirements
R1.

A statement that a Facility Rating shall equal the most limiting applicable Equipment
Rating of the individual equipment that comprises that Facility.

R1.2.

R1.3.

R2.

The Transmission Owner and Generator Owner shall each make its Facility Ratings
Methodology available for inspection and technical review by those Reliability Coordinators,
Transmission Operators, Transmission Planners, and Planning Authorities that have
responsibility for the area in which the associated Facilities are located, within 15 business
days of receipt of a request. (Retired)

R3.

Ad o p te d b y Bo a rd o f Tru s te e s : Fe b rua ry 7, 2006
Effe c tive Da te : Au g u s t 7, 2006

1 of 4

Standard FAC-008-1 — Facility Ratings Methodology

Facility Ratings Methodology and, if no change will be made to that Facility Ratings
Methodology, the reason why. (Retired)
C. Measures
M1. The Transmission Owner and Generator Owner shall each have a documented Facility Ratings
Methodology that includes all of the items identified in FAC-008 Requirement 1.1 through
FAC-008 Requirement 1.3.5.
M2. The Transmission Owner and Generator Owner shall each have evidence it made its Facility
Ratings Methodology available for inspection within 15 business days of a request as follows:
(Retired)
M2.1

The Reliability Coordinator shall have access to the Facility Ratings Methodologies
used for Rating Facilities in its Reliability Coordinator Area. (Retired)

M2.2

The Transmission Operator shall have access to the Facility Ratings Methodologies
used for Rating Facilities in its portion of the Reliability Coordinator Area. (Retired)

M2.3

The Transmission Planner shall have access to the Facility Ratings Methodologies
used for Rating Facilities in its Transmission Planning Area. (Retired)

M2.4

The Planning Authority shall have access to the Facility Ratings Methodologies used
for Rating Facilities in its Planning Authority Area. (Retired)

Ad o p te d b y Bo a rd o f Tru s te e s : Fe b rua ry 7, 2006
Effe c tive Da te : Au g u s t 7, 2006

2 of 4

Standard FAC-008-1 — Facility Ratings Methodology

1.4.1

Facility Ratings Methodology

1.4.2

Superseded portions of its Facility Ratings Methodology that had been replaced,
changed or revised within the past 12 months

1.4.3

Levels of Non-Compliance
2.1. Level 1:
exists:

There shall be a level one non-compliance if any of the following conditions

2.1.1

2.1.2

The Facility Ratings Methodology does not address one of the required
equipment types identified in FAC-008 R1.2.1.

2.1.3

No evidence of responses to a Reliability Coordinator’s, Transmission Operator,
Transmission Planner, or Planning Authority’s comments on the Facility Ratings
Methodology. (Retired)

Formatted: Strikethrough

E. Regional Differences
None Identified.
Version History
Version
1

Date

Action

Change Tracking

01/01/05

01/20/05

Ad o p te d b y Bo a rd o f Tru s te e s : Fe b rua ry 7, 2006
Effe c tive Da te : Au g u s t 7, 2006

3 of 4

Standard FAC-008-1 — Facility Ratings Methodology

Frame” and “twelve” to “12” in item
D, 1.2.
1

TBD

R2 and R3 and associated elements retired
as part of the Paragraph 81 project (Project
2013-02)