OMB files this
comment in accordance with 5 CFR 1320.11(c) of the Paperwork
Reduction Act and is withholding approval of this collection at
this time. This OMB action is not an approval to conduct or sponsor
an information collection under the Paperwork Reduction Act of
1995. The agency shall examine public comment in response to the
Notice of Proposed Rulemaking and will include in the supporting
statement of the next ICR, to be submitted to OMB at the final rule
stage, a description of how the agency has responded to any public
comments on the ICR. This action has no effect on any current
approvals.
Inventory as of this Action
Requested
Previously Approved
09/30/2018
36 Months From Approved
09/30/2018
1,415
0
1,415
1,214,042
0
1,214,042
0
0
0
In the Notice of Proposed Rulemaking
in Docket RM15-14, the Commission proposes to approve seven
Critical Infrastructure Protection (CIP) Reliability Standards:
CIP-003-6 (Security Management Controls), CIP-004-6 (Personnel and
Training), CIP-006-6 (Physical Security of BES Cyber Systems),
CIP-007-6 (Systems Security Management), CIP-009-6 (Recovery Plans
for BES Cyber Systems), CIP-010-2 (Configuration Change Management
and Vulnerability Assessments), and CIP-011-2 (Information
Protection). NERC submitted the proposed Reliability Standards in
response to the Commission's Order No. 791. The proposed
Reliability Standards address the cyber security of the bulk
electric system and improve upon the current Commission-approved
CIP Reliability Standards. In addition, the Commission proposes to
direct NERC to develop certain modifications to Reliability
Standard CIP-006-6 and to develop requirements addressing supply
chain management.
The proposed Reliability
Standards are designed to mitigate the cybersecurity risks to bulk
electric system facilities, systems, and equipment, which, if
destroyed, degraded, or otherwise rendered unavailable as a result
of a cybersecurity incident, would affect the reliable operation of
the Bulk-Power System. As discussed below, we believe that the
proposed CIP Reliability Standards are just and reasonable and
address the directives in Order No. 791 by: (1) eliminating the
"identify, assess, and correct" language in 17 of the CIP version 5
Standard requirements; (2) providing enhanced security controls for
Low Impact assets; (3) providing controls to address the risks
posed by transient electronic devices (e.g., thumb drives and
laptop computers); and (4) addressing in an equally effective and
efficient manner the need for a NERC Glossary definition for the
term "communication networks." Accordingly, we propose to approve
the proposed CIP Reliability Standards because they improve the
base-line cybersecurity posture of applicable entities compared to
the current Commission-approved CIP Reliability Standards.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
rm15-14 supporting statement Final 9_15_15rev.docx
16 USC 824.pdf
FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection