FERC-725(1A), (Final Rule in RM15-14-002) Revised Critical Infrastructure Protection Reliability Standards

ICR 201607-1902-005

OMB: 1902-0289

Federal Form Document

Forms and Documents
Document
Name
Status
Supporting Statement A
2016-07-29
Supplementary Document
2016-07-29
Supplementary Document
2016-07-27
Supplementary Document
2016-07-27
Supplementary Document
2016-07-26
Supplementary Document
2016-07-26
IC Document Collections
IC ID
Document
Title
Status
222630
New
ICR Details
1902-0289 201607-1902-005
Historical Active
FERC FERC-725(1A)
FERC-725(1A), (Final Rule in RM15-14-002) Revised Critical Infrastructure Protection Reliability Standards
New collection (Request for a new OMB Control Number)   No
Regular
Approved without change 09/22/2016
Retrieve Notice of Action (NOA) 07/29/2016
In accordance with 5 CFR 1320, the information collection is approved for three years. Note that FERC-725(1A) is a temporary information collection no. because FERC-725 is pending OMB review of another unrelated item (under ICR 201604-1902-007). The 1 hour of burden and 1 response are 'placeholders' for FERC-725(1A) because the requirement to develop standards is currently included in the approved inventory for FERC-725. FERC plans to administratively move the requirements and associated burden of FERC-725(1A)) to FERC-725 before the expiration of this approval period.
  Inventory as of this Action Requested Previously Approved
09/30/2019 36 Months From Approved
1 0 0
1 0 0
0 0 0
FERC-725(1A) is a temporary information collection no. because FERC-725 is pending OMB review of another unrelated item (under ICR 201604-1902-007). The 1 hour of burden and 1 response are 'placeholders' for FERC-725(1A) because the requirement to develop standards is currently included in the approved inventory for FERC-725. This Final Rule in Docket RM15-14-002 is RIN 1902-AF07. However it's being submitted as not related to a rulemaking because the proposed rule was submitted under FERC-725. Pursuant to section 215(d)(5) of the Federal Power Act (FPA), the Commission directs NERC to develop a new or modified Reliability Standard for supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations. NERC is directed to develop a forward-looking, objective-based Reliability Standard to provide security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations. The new or modified Reliability Standard should address the following security objectives, (1) software integrity and authenticity; (2) vendor remote access; (3) information system planning; and (4) vendor risk management and procurement controls. In making this directive, the Commission does not require NERC to impose any specific controls nor does the Commission require NERC to propose “one-size-fits-all” requirements. The new or modified Reliability Standard should require responsible entities to meet the four objectives, or some equally efficient and effective set of objectives, while providing flexibility to responsible entities as to how to meet those objectives. The new or modified Reliability Standard is intended to mitigate the risk of a cybersecurity incident affecting the reliable operation of the Bulk-Power System.
US Code: 16 USC 824o(d)(5) Name of Law: Federal Power Act
  
None
Not associated with rulemaking
  81 FR 4177 01/26/2016
81 FR 49878 07/29/2016
Yes
1
IC Title Form No. Form Name
FERC-725(1A)
  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 1 0 0 1 0 0
Annual Time Burden (Hours) 1 0 0 1 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0
Yes
Miscellaneous Actions
No
Our directive in RM15-14-002 does not suggest a new mandate above and beyond FPA section 215 (and current responsibilities already imposed on NERC as the ERO). The Commission’s directive to NERC to address supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations is not intended to “define ‘energy security’ as a new policy mandate” under the CIP Reliability Standards. Instead, our directive is meant to enhance bulk electric system cybersecurity by addressing the gap in the CIP Reliability Standards identified in the NOPR relating to supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations. These mandates are already represented in the current burden in FERC-725. Because FERC-725 is under review at OMB in an unrelated item (in Docket RM15-25), a new temporary information collection number used here, FERC-725(1A), is being assigned placeholder values of 1 respondent and 1 burden hour.
$5,481
No
No
No
No
No
Uncollected
Kevin Ryan 202 502-6840 [email protected]
  No
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
07/29/2016
© 2024 OMB.report | Privacy Policy