Letter Order Responding to Petition of NERC for Approval of Electric Reliability Standards CIP-004-7 and CIP-011-3

RD21-6 Letter Order 12 7 2021.pdf

FERC-725B4, Mandatory Reliability Standards: Critical Infrastructure Reliability Standards CIP-004-7 and CIP-011-3 (RD21-6-000)

Letter Order Responding to Petition of NERC for Approval of Electric Reliability Standards CIP-004-7 and CIP-011-3

OMB: 1902-0330

Document [pdf]
Download: pdf | pdf
FEDERAL ENERGY REGULATORY COMMISSION
WASHINGTON, DC 20426
OFFICE OF ELECTRIC RELIABILITY
North American Electric Reliability Corporation
Docket No. RD21-6-000
December 7, 2021
North American Electric Reliability Corporation
1325 G Street N.W., Suite 600
Washington, D.C. 20005
Attention:

Lauren A. Perotti, Senior Counsel
North American Electric Reliability Corporation

Reference:

Petition of the North American Electric Reliability Corporation for
Approval of Reliability Standards CIP-004-7 and CIP-011-3

Dear. Ms. Perotti:
On September 15, 2021, the North American Electric Reliability Corporation
(NERC) submitted for approval proposed Reliability Standards CIP-004-7 (Cyber
Security – Personnel & Training) and CIP-011-3 (Cyber Security – Information
Protection), as well as the proposed implementation plan, proposed violation risk factors
and violation severity levels, and a request to retire currently-effective Reliability
Standards CIP-004-6 and CIP-011-2.
NERC states that proposed Reliability Standards CIP-004-7 and CIP-011-3
improve on the currently-effective version of the Reliability Standards by clarifying the
protections required surrounding the use of Bulk Electric System Cyber System
Information (BCSI), which is information about BES Cyber Systems that could be used
to gain unauthorized access or pose a security threat to BES Cyber Systems. NERC
explains that registered entities currently control BCSI by managing access to the
“designated storage location” of BCSI, such as an electronic document or physical file
room, without addressing third-party cloud computing services, which have become an
option for storing BCSI. NERC contends that the revisions in the proposed Reliability
Standards allow registered entities to depend less on the physical storage location of
BCSI and more on the file-level rights and permissions. The proposed Reliability
Standards require an access management program to authorize, verify and revoke
provisioned access to BCSI, as well as a documented process regarding BES Cyber Asset

Docket No. RD21-6-000

-2-

reuse and disposal.
NERC’s filed petition was noticed on September 16, 2021, with interventions,
comments and protests due on or before October 6, 2021. No interventions or comments
were received.
NERC’s uncontested filing is hereby approved pursuant to the relevant authority
delegated to the Director, Office of Electric Reliability under 18 C.F.R. § 375.303 (2021),
effective as of the date of this order.
This action shall not be construed as approving any other application, including
proposed revisions of Electric Reliability Organization or Regional Entity rules or
procedures pursuant to 18 C.F.R. § 375.303(a)(2)(i). Such action shall not be deemed as
recognition of any claimed right or obligation associated therewith and such action is
without prejudice to any findings or orders that have been or may hereafter be made by
the Commission in any proceeding now pending or hereafter instituted by or against the
Electric Reliability Organization or any Regional Entity.
This order constitutes final agency action. Requests for rehearing by the
Commission may be filed within 30 days of the date of issuance of this order, pursuant to
18 C.F.R. § 385.713 (2021).
Sincerely,

Cynthia Pointer, Director, Division of Cyber Security
Office of Electric Reliability


File Typeapplication/pdf
File Title20211207-3062_RD21-6-000 Signature.pdf
Authorjnsed34
File Modified2021-12-09
File Created2021-12-09

© 2024 OMB.report | Privacy Policy