FERC-725B4, Mandatory Reliability Standards: Critical Infrastructure Reliability Standards CIP-004-7 and CIP-011-3 (RD21-6-000)

ICR 202112-1902-001

OMB: 1902-0330

Federal Form Document

Forms and Documents

Document Name	Status
RD21-6 (724B) supporring statement.docx Supporting Statement A	2022-07-13
FERC-725B4 30-day notice published 7 13 2022.pdf Supplementary Document	2022-07-13
18 CFR 39.5.pdf Supplementary Document	2022-07-08
16 U.S.C. 824o.pdf Supplementary Document	2022-07-08
2021-20492.pdf Supplementary Document	2022-07-08
20210916-3065_CNF091621.docx Supplementary Document	2022-07-08
20210915-5199_Petition - BCSI Access Management_packaged (1).pdf Supplementary Document	2022-07-08
RD21-6 Letter Order 12 7 2021.pdf Supplementary Document	2022-07-08
20220707-3059_RD21-6 30-day notice.docx Supplementary Document	2022-07-08
20211221-3023_RD21-6 60-day notice issued 12 21 2021.docx Supplementary Document	2021-12-28
RD21-6 60-day notice published 12 28 2021.pdf Supplementary Document	2021-12-28

IC Document Collections

IC ID	Document Title	Status
250965	CIP-011-3	New
250964	CIP-004-7	New

ICR Details

OMB Control No:	ICR Reference No: 202112-1902-001
Status: Received in OIRA	Previous ICR Reference No:
Agency/Subagency: FERC	Agency Tracking No: 725B4
Title: FERC-725B4, Mandatory Reliability Standards: Critical Infrastructure Reliability Standards CIP-004-7 and CIP-011-3 (RD21-6-000)
Type of Information Collection: New collection (Request for a new OMB Control Number)	Common Form ICR: No
Type of Review Request: Regular	Date Submitted to OIRA: 07/13/2022

	Requested	Previously Approved
Expiration Date	36 Months From Approved
Responses	686	0
Time Burden (Hours)	6,860	0
Cost Burden (Dollars)	0	0

Abstract: On September 15, 2021 the North American Electric Reliability Corporation (NERC) filed a petition requesting approval of Reliability Standards CIP-004-7 (Cyber Security, Personnel and Training) and CIP-011-3 (Cyber Security, Information Protection). NERC described the proposed Reliability Standards as “Addressing Bulk Electric System Cyber System Information Access Management.” The petition was noticed on September 22, 2021, with interventions and comments due by October 6, 2021. The Commission did not receive any interventions or comments. On December 7, 2021, the Designated Letter Order in Docket No. RD21-6-000 approved the proposed Reliability Standards, and found that the modified Reliability Standards enhance security as follows: (1) Reliability Standard CIP-004-7 updates CIP-004 by focusing on controls at the file level (e.g., rights, permissions, privileges) of Bulk Electric System Cyber System Information (BCSI), and reduces the need for access to only a physical, designated storage location for BCSI. (2) Reliability Standard CIP-011-3 clarifies the requirements of protecting and handling BCSI with the goal of providing flexibility for Responsible Entities to use third-party data storage and analysis systems. Specifically, Reliability Standard CIP-011-3 requires Responsible Entities to implement specific controls related to BCSI during storage handling use, and disposal of information when implementing services provided by third parties.

Authorizing Statute(s): None

Citations for New Statutory Requirements: None

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
	Not associated with rulemaking

Federal Register Notices & Comments
60-day Notice:	Federal Register Citation:	Citation Date:
	86 FR 73752	12/28/2021
30-day Notice:	Federal Register Citation:	Citation Date:
	87 FR 41707	07/13/2022
Did the Agency receive public comments on this ICR? No

Number of Information Collection (IC) in this ICR: 2

IC Title	Form No.	Form Name
CIP-004-7
CIP-011-3

ICR Summary of Burden

	Total Request	Change Due to Agency Discretion
Annual Number of Responses	686	686
Annual Time Burden (Hours)	6,860	6,860
Annual Cost Burden (Dollars)	0	0

Burden increases because of Program Change due to Agency Discretion: Yes

Burden Increase Due to: Miscellaneous Actions

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement: This request is for a new control number that at present includes no burdens. All the estimated burdens in this request are thus program changes for the new control number. The total estimated burdens are 686 responses and 6,960 hours.

Annual Cost to Federal Government: $8,279

Does this IC contain surveys, censuses, or employ statistical methods? No

Does this ICR request any personally identifiable information (see OMB Circular No. A-130 for an explanation of this term)? Please consult with your agency's privacy program when making this determination. No

Does this ICR include a form that requires a Privacy Act Statement (see 5 U.S.C. §552a(e)(3))? Please consult with your agency's privacy program when making this determination. No

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? No

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? No

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? No

Is this ICR related to the Pandemic Response? No

Agency Contact: Jean Sonneman 202 785-6577 [email protected]

Common Form ICR: No