In accordance
with 5 CFR 1320, the information collection revisions are
approved.
Inventory as of this Action
Requested
Previously Approved
09/30/2018
36 Months From Approved
09/30/2015
1,415
0
1,475
1,214,042
0
1,327,231
0
0
0
The information collection
requirements in the CIP Version 5 standards apply to the following
functional entities: balancing authorities, distribution providers,
generator operators, generator owners, interchange coordinators (or
interchange authorities), reliability coordinators, transmission
operators, and transmission owners. Based on the NERC registry,
FERC estimates there are 1,475 entities registered for at least one
of the functions listed above. The cyber security policy, process,
and procedure documentation required by the CIP standards are the
principal components of a cyber-security program. The main use for
the information generated is to achieve and maintain a cyber-secure
operational state, a process which requires vigilant monitoring of
activity against documented policies and procedures. Similarly, the
applicable compliance enforcement authority (regional entity or
NERC) uses the information to measure an entity's compliance with a
given requirement. If the information collection requirements did
not exist then it would be difficult to monitor and enforce
compliance with the standards, which could lead entities to relax
their compliance with the requirements. Also, creating and
maintaining documentation is integral to the task of performing
cyber security, as reflected in the fact that some of the
reliability standards' requirements actually require an entity to
create a document (as opposed to documenting compliance with a
requirement). Without such information collection an entity may
fail to perform actions that may affect the reliability and
security of the grid.
The decrease in burden is
primarily due to a reduction in registered entities (1,475 to
1,415). Also, a large portion of the decrease in burden is due to
the removal of CIP Version 4 requirements, specifically
requirements related to Group C registered entities (Low
"Blackstart"). Regarding CIP standards unaffected by CIP Version 5,
the estimated burden has been adjusted to account for a reduction
in affected entities .
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
FERC-725B supporting statement FINAL.docx
18 CFR 40.pdf
Statutes and Regs for Reliability.doc
FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection