In accordance with 5 CFR 1320, the information collection revisions are approved.
Inventory as of this Action
Requested
Previously Approved
09/30/2018
36 Months From Approved
09/30/2015
1,415
0
1,475
1,214,042
0
1,327,231
0
0
0
The information collection requirements in the CIP Version 5 standards apply to the following functional entities: balancing authorities, distribution providers, generator operators, generator owners, interchange coordinators (or interchange authorities), reliability coordinators, transmission operators, and transmission owners. Based on the NERC registry, FERC estimates there are 1,475 entities registered for at least one of the functions listed above. The cyber security policy, process, and procedure documentation required by the CIP standards are the principal components of a cyber-security program. The main use for the information generated is to achieve and maintain a cyber-secure operational state, a process which requires vigilant monitoring of activity against documented policies and procedures. Similarly, the applicable compliance enforcement authority (regional entity or NERC) uses the information to measure an entity's compliance with a given requirement. If the information collection requirements did not exist then it would be difficult to monitor and enforce compliance with the standards, which could lead entities to relax their compliance with the requirements. Also, creating and maintaining documentation is integral to the task of performing cyber security, as reflected in the fact that some of the reliability standards' requirements actually require an entity to create a document (as opposed to documenting compliance with a requirement). Without such information collection an entity may fail to perform actions that may affect the reliability and security of the grid.
The decrease in burden is primarily due to a reduction in registered entities (1,475 to 1,415). Also, a large portion of the decrease in burden is due to the removal of CIP Version 4 requirements, specifically requirements related to Group C registered entities (Low "Blackstart"). Regarding CIP standards unaffected by CIP Version 5, the estimated burden has been adjusted to account for a reduction in affected entities .
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control number;
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
FERC-725B supporting statement FINAL.docx
18 CFR 40.pdf
Statutes and Regs for Reliability.doc
FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection