Information Collection Request

FERC-725B, (Final Rule in RM17-11-000) Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards

ICR 201804-1902-007 · OMB 1902-0248 · Historical Active

⚠️ Notice: This information collection may be outdated. More recent filings for OMB 1902-0248 can be found here:

Forms and Documents

Document	Type	Status	Availability
RM17-11-000 Final Rule Burden Estimate Justification.docx	Supplementary Document	Uploaded 2018-06-22	Available
RM17-11 Final Rule supporting statement.docx	Supporting Statement A	Uploaded 2018-05-03	Available
NERC Petition for Reliability Standard CIP-003-7.pdf	Supplementary Document	Uploaded 2018-05-02	Repair queued
Reliability Standard CIP-003-7.pdf	Supplementary Document	Uploaded 2018-05-02	Available
18 CFR 40.pdf	Supplementary Document	Uploaded 2018-05-02	Repair queued
16 USC 824(o).pdf	Supplementary Document	Uploaded 2018-05-02	Repair queued

IC Document Collections

IC ID	Collection	Status
231302	(RM17-11 Final Rule) Reliability Standard CIP-003-7 (ongoing)	New
231300	(RM17-11 Final Rule) Reliability Standard CIP-003-7 (one-time averaged Years 1-3)	New
181478	FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection	Unchanged

ICR Details

OMB Control No: 1902-0248	ICR Reference No: 201804-1902-007
Status: Historical Active	Previous ICR Reference No: 201601-1902-001
Agency/Subagency: FERC	Agency Tracking No: FERC-725B
Title: FERC-725B, (Final Rule in RM17-11-000) Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards
Type of Information Collection: Revision of a currently approved collection	Common Form ICR: No
Type of Review Request: Regular
OIRA Conclusion Action: Approved without change	Conclusion Date: 06/22/2018
Retrieve Notice of Action (NOA)	Date Received in OIRA: 05/03/2018
Terms of Clearance: In accordance with 5 CFR 1320, the information collection is approved. OMB notes that the additional burden requested in this ICR was developed through a bottom-up process in which NERC entities developed the CIP-003-7 Reliability Standard and associated information collection burden.

	Inventory as of this Action	Requested	Previously Approved
Expiration Date	06/30/2021	36 Months From Approved	03/31/2019
Responses	222,882	0	1,415
Time Burden (Hours)	1,928,744	0	1,569,410
Cost Burden (Dollars)	0	0	0

Abstract: The CIP-003-7 Reliability Standard enhances security controls for low impact BES Cyber Systems by improving electronic access controls and creating security controls for transient electronic assets (TCAs) used at low impact BES Cyber Systems. The NERC Compliance Registry, as of September 2017, identifies approximately 1,320 U.S. entities that are subject to mandatory compliance with Reliability Standards. Of this total, we estimate that 1,100 entities (reliability coordinators, generator operators, generator owners, interchange coordinators or authorities, transmission operators, balancing authorities, transmission owners, and certain distribution providers) would be subject to Reliability Standard CIP-003-7. These entities would be subject to the increased burden related to: â¢ creation of plans to provide security controls for TCAs to mitigate the risk of malicious code being introduced to low impact BES Cyber System; â¢ the ongoing review and updating of the plans and documentation that the planned security controls are implemented for TCAs at low impact BES Cyber System; â¢ modification of plans to provide electronic security controls for low impact BES Cyber Systems; and â¢ the ongoing review and updating of the plans/documentation for methodology regarding how planned security controls are implemented for low impact BES Cyber System. The consequences of not creating or maintaining the documents would prevent: â¢ the implementation and maintenance of electronic access controls for low impact BES Cyber Systems; and â¢ the mitigation of the risk of malicious code being introduced to low impact BES Cyber System from TCAs.

Authorizing Statute(s): PL: Pub.L. 109 - 58 1211, Title XII, Subtitle A Name of Law: Energy Policy Act of 2005
US Code: 18 USC 824o Name of Law: Federal Power Act

Citations for New Statutory Requirements: None

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
1902-AF44	Final or interim final rulemaking	83 FR 17913	04/25/2018

Federal Register Notices & Comments
Did the Agency receive public comments on this ICR? No

Number of Information Collection (IC) in this ICR: 3

IC Title	Form No.	Form Name
(RM17-11 Final Rule) Reliability Standard CIP-003-7 (one-time averaged Years 1-3)
(RM17-11 Final Rule) Reliability Standard CIP-003-7 (ongoing)
FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection

ICR Summary of Burden

	Total Approved	Previously Approved	Change Due to Agency Discretion
Annual Number of Responses	222,882	1,415	221,467
Annual Time Burden (Hours)	1,928,744	1,569,410	359,334
Annual Cost Burden (Dollars)	0	0	0

Burden increases because of Program Change due to Agency Discretion: Yes

Burden Increase Due to: Miscellaneous Actions

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement: The CIP-003-7 Reliability Standard clarifies, consolidates, streamlines, and enhances the previous Reliability Standard (CIP-003-6) and its related reporting requirements that subject affected entities to the increased burden of: â¢ creation of plans to provide security controls for TCAs to mitigate the risk of malicious code being introduced to low impact BES Cyber System; â¢ ongoing review and updating of the plans and documentation that the planned security controls are implemented for TCAs at low impact BES Cyber System; â¢ modification of plans to provide electronic security controls for low impact BES Cyber Systems; and â¢ ongoing review and updating of the plans and documentation that the planned security controls are implemented for low impact BES Cyber System. Other factors that impact the burden are the frequency of: â¢ the entity modifying or updating their security controls for the low impact BES Cyber Systems or TCA used at low impact BES Cyber Systems; â¢ modification of low impact BES Cyber Systems that impact the security controls; and â¢ using TCA at low impact BES Cyber Systems.

Annual Cost to Federal Government: $5,723

Does this IC contain surveys, censuses, or employ statistical methods? No

Does this ICR request any personally identifiable information (see OMB Circular No. A-130 for an explanation of this term)? Please consult with your agency's privacy program when making this determination. No

Does this ICR include a form that requires a Privacy Act Statement (see 5 U.S.C. §552a(e)(3))? Please consult with your agency's privacy program when making this determination. No

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? No

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? No

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? No

Is this ICR related to the Pandemic Response? Uncollected

Agency Contact: Matthew Dale 202 502-6826 [email protected]

Common Form ICR: No