In accordance with 5 CFR 1320, the information collection revisions are approved. The terms of the previous clearance remain in effect including the expiration date for this collection, which is June 30, 2015.
Inventory as of this Action
Requested
Previously Approved
06/30/2015
36 Months From Approved
06/30/2015
1,475
0
1,501
1,327,231
0
848,730
0
0
5,444
The information collection requirements in the CIP Version 5 standards apply to the following functional entities: balancing authorities, distribution providers, generator operators, generator owners, interchange coordinators (or interchange authorities), reliability coordinators, transmission operators, and transmission owners. Based on the NERC registry, FERC estimates there are 1,475 entities registered for at least one of the functions listed above. The cyber security policy, process, and procedure documentation required by the CIP standards are the principal components of a cyber-security program. The main use for the information generated is to achieve and maintain a cyber-secure operational state, a process which requires vigilant monitoring of activity against documented policies and procedures. Similarly, the applicable compliance enforcement authority (regional entity or NERC) uses the information to measure an entity's compliance with a given requirement. If the information collection requirements did not exist then it would be difficult to monitor and enforce compliance with the standards, which could lead entities to relax their compliance with the requirements. Also, creating and maintaining documentation is integral to the task of performing cyber security, as reflected in the fact that some of the reliability standards' requirements actually require an entity to create a document (as opposed to documenting compliance with a requirement). Without such information collection an entity may fail to perform actions that may affect the reliability and security of the grid.
FERC has issued a final rule which adopts the CIP version 5 Reliability Standards. As discussed previously, these standards are an improvement over the current Version 4 standards. The CIP version 5 standards require new and ongoing paperwork burden.
FERC is averaging the estimated burden hours from the proposed rule across the first three years to create an annual figure to provide to OMB. This annual figure is 779,595 hrs [(418,048 hrs + 1,162,788 hrs + 757,948 hrs)/3 = 779,595 hrs]. After the first three years, entities will have completed implementation of CIP version 5 (a total of 383,543 hours) and will continue with ongoing burden unless other changes are made.
FERC proposes to add the annual hours from the final rule, 779,595 hours, to an adjusted baseline of burden hours under the existing CIP standards. The current burden inventory shows 848,730 hours. FERC is adjusting the existing hours based upon careful review of the assumptions used to generate the previous estimates. FERC is also adjusting the number entities/responses. Further detail is provided in the supporting statement.
FERC does not consider there to be any additional non-labor costs for CIP version 5. The removal of the annual cost burden below is due to a staff review determining that any non-labor hour costs are negligible.
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control number;
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
CIP v5 FR (RM13-5) SuppStmta.docx
Commissioner LaFluer Statement on Reliability Orders (RM13-5).pdf
V3-V5 burden and explanation of adjustment 1-24-14.xlsx
Statutes and Regs for Reliability.doc
FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection