In accordance with 5 CFR 1320, OMB is filing comment and withholding approval at this time. The agency shall examine public comment in response to the proposed rulemaking and include in the supporting statement of the next ICR--to be submitted to OMB at the final rule stage--a description of how the agency has responded to any public comments on the ICR, including comments on maximizing the practical utility of the collection and minimizing the burden.
Inventory as of this Action
Requested
Previously Approved
06/30/2026
36 Months From Approved
06/30/2026
258,552
0
258,552
2,405,177
0
2,405,177
0
0
0
Reliability Standards CIP 003 10, CIP-004-8, CIP-005-8, CIP-006-7.1, CIP-007-7.1, CIP-008-7.1, CIP 009 7.1, CIP-010-5, CIP-011-4.1, and CIP-013-3. According to NERC, the proposed Reliability Standards would allow responsible entities to fully implement virtualization and address risks associated with virtualized environments, such as âside channelâ attacks where virtual systems executing on the same hardware could affect one another. NERC also states that the use of security objectives within the CIP Reliability Standards establishes a framework adaptable to newer technologies. NERC explains that its revisions would: (1) support different security models by adjusting language around perimeter-based models to accommodate other security models; (2) recognize âvirtualization infrastructure and virtual machines through new and revised terms in the NERC Glossary;â (3) broaden âchange management approaches beyond a baseline-only configuration to recognize the dynamic nature of virtualized technologies,â e.g., where such virtualized systems are no longer installed on specific servers; and (4) manage âaccessibility and attack surfaces of a virtualized configuration.â In addition to the changes to facilitate virtualization, the proposed Reliability Standards incorporate clarifications found during the implementation of prior versions of the CIP Standards.
Program Changes represent 400 burden responses for each CIP standard being updated for RM24-8. Making the total 4,000 responses and 230,800 burden hrs. The Change due to Adjustment represents the updated burden for CIP 2-7 which has just an update in burden due to normal fluctuation, updated from 1,492 to 1,673 respondents.
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control number;
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
2016-02-virtualization-implementation-plan_clean_04032024.pdf
RM24-8-000 (Issued).docx
CIP-013-3 One-time 1-3 Years