Newsroom  Site Map  Contact NERC       
Project 2008-06 CIP V5 September 2012

Comment Request:

Please use this form to submit comments on the revisions to outstanding Violation Risk Factors (VRFs) and Violation Severity Levels (VSLs). The electronic comment form must be completed by 8 p.m. ET October 10, 2012.


If you have questions please contact Steven Noess at or 404-446-9691. If you experience any difficulty using the electronic form please contact Monica Benson at


Background Information:

The Project 2008-06 Standard Drafting Team (SDT) is seeking industry feedback on this Version 5 of the CIP Cyber Security Standards and its Implementation Plan for consideration by the SDT in finalizing Version 5 and related documents.  


The SDT has carefully considered several thousand pages of formal comments as well as extensive informal stakeholder feedback from drafts 1 and 2 of Version 5 of the CIP Cyber Security Standards.  There were, understandably, varied perspectives and suggestions, often including divergent views on how to address the same standard or Requirement.  After thorough review of all of the previous feedback, the SDT believes that the set of standards now posted represent significant improvement and incorporation of those viewpoints in such a manner as to reflect the industry’s consensus position.  The SDT encourages stakeholders to read the General Summary Consideration of Comments as it provides a high level overview of the feedback and the efforts the team has made to incorporate stakeholder viewpoints to produce a quality set of consensus standards.


The SDT thanks you for your continued participation and interest in the development of Version 5 of the CIP Cyber Security Standards.  At this stage of the development process, the SDT has considered several very specific alternatives to almost all requirements and proposed definitions.  In each case, the SDT thoroughly considered proposed changes and evaluated them carefully by considering several important variables, such as, but not limited to, whether such changes were in the interest of cybersecurity and reliability, whether they would improve or reduce consensus, whether they had unintended consequences for other types of entities, and whether they were in support of the SDT’s obligation to respond to directives in FERC Order No. 706.



At this point, the SDT believes that the industry has made a significant investment in improving the CIP Version 5 standards, and the drafting team has done its best to be responsive to all inputs, recognizing that it is not possible to adopt every suggestions and also recognizing the considerable diversity of entities and assets to which the standards will apply.  Therefore, in response to the brief questions below, please limit your comments to those topics or issues for which a change would be essential as a condition to change your vote to an affirmative vote.  Also, please refrain from providing duplicates of detailed comments that have already been provided in response to draft 1 and draft 2 (you may simply say “See comments on draft 2.”)




Please note that the official comment form does not retain formatting (even if it appears to transfer formatting when you copy from the unofficial Word version of the form into the official electronic comment form).  If you enter extra carriage returns, bullets, automated numbering, symbols, bolding, italics, or any other formatting, that formatting will not be retained when you submit your comments.



Powered by CHECKBOX® Survey Software - ©2007 Prezza Technologies, Inc.