Related Files
Status
The 10-day final ballot concluded 8 p.m. Eastern, Friday, October 16, 2020 for the following:
*CIP-005-7 – Cyber Security - Electronic Security Perimeter(s)
*CIP-010-4 – Cyber Security - Configuration Change Management and Vulnerability Assessments
*CIP-013-2 – Cyber Security - Supply Chain Risk Management
*Implementation Plan
The voting results can be accessed via the link below. The standards will be submitted to the Board of Trustees for
adoption then filed with the appropriate regulatory authorities.
Background
This
project will address the directives issued by FERC in Order No. 850 to modify
the Supply Chain Standards. FERC directed NERC to submit modifications to
address EACMSs, specifically those systems that provide electronic access
control to high and medium impact BES Cyber Systems. FERC directed NERC to
submit the modified Reliability Standard including the directed revisions for
approval within 24 months from the effective date of Order No. 850. In
addition, NERC also recommends revising the Supply Chain Standards to address
Physical Access Control Systems (PACS) that provide physical access control
(excluding alarming and logging) to high and medium impact BES Cyber
Systems. The modifications to address PACS do not have a regulatory
deadline, but will be addressed by this project.
Standard(s) Affected – CIP-005-6 - Cyber Security - Electronic Security Perimeter(s) | CIP-010-3 - Cyber Security - Configuration Change Management and
Vulnerability Assessments | CIP-013-1 - Cyber Security - Supply Chain Risk Management.
Purpose/Industry Need
This project will address the directives issued by
FERC in Order No. 850. This project will also address NERC staff recommendation
from the Supply Chain Report.
Subscribe to this project's
observer distribution list
Select "NERC Email Distribution
Lists" from the "Service" drop-down menu and specify “Project
2019-03 Cyber Security Supply Chain Risks Observer List” in the Description
Box.