This is approved
and the existing expiration date remains the same.
Inventory as of this Action
Requested
Previously Approved
06/30/2026
06/30/2026
06/30/2026
242,567
0
242,567
2,247,984
0
2,247,984
0
0
0
Revisions in RD24-3 NERC states that
proposed Reliability Standard CIP-012-2 improves upon and expands
the protections required by Reliability Standard CIP-012-1 by
requiring responsible entities to mitigate the risk posed by loss
of availability of communication links and Real-time Assessment and
Real-time monitoring data transmitted between Control Centers.
Proposed Reliability Standard CIP-012-2 adds two new provisions to
Requirement R1 that address availability by requiring (1)
protections for the availability of data in transit and (2)
protections to initiate recovery of lost (i.e., unavailable)
communication links. NERC also requests approval of the associated
implementation plan, the associated violation risk factors and
violation severity levels, and retirement of Reliability Standard
CIP-012-1 immediately prior to the effective date of CIP-012-2. The
24-month implementation period is proposed to afford responsible
entities sufficient time to implement the new controls and
coordinate with other responsible entities that own or operate
Control Centers as required in proposed Reliability Standard
CIP-012-2. The information collection in the final rule implements
section 219A of the Federal Power Act (FPA) (16 U.S.C. 824s-1),
which requires the Commission to encourage utilities to: (1) invest
in advanced cybersecurity technology, and (2) participate in
information sharing regarding cybersecurity threats. The final rule
includes information collection activities for voluntary submission
of requests for cybersecurity incentives, and annual informational
filings that would be mandatory for utilities receiving such
incentives. In order to obtain Commission approval, the
cybersecurity measures proposed by a utility must materially
improve cybersecurity through either an investment in advanced
cybersecurity technology or participation in a cybersecurity threat
information sharing program(s); and must not be already mandated by
Critical Infrastructure Protection (CIP) Reliability Standards, or
otherwise mandated by local, state, or Federal law. As previously
approved, the information collection at FERC-725B implements CIP
Reliability Standards that require entities to comply with specific
requirements to safeguard critical cyber assets. Neither the final
rule nor the additional burdens in this information collection
request would affect the previously approved mandatory CIP
Reliability Standards.
US Code:
16
USC 824d Name of Law: Federal Power Act
US Code: 16
USC 824o Name of Law: Federal Power Act
US Code: 16
USC 824s-1 Name of Law: Federal Power Act
US Code: 16 USC 824s-1 Name of Law: Federal
Power Act
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
Non substantive change of titles for CIP-005, 013, 010.docx
CIP-012-2.pdf
RD24-3 One-time Years 1-3