Revised Critical Infrastructure Protection Reliability Standards

The Federal Energy Regulatory Commission (Commission) proposes to approve seven critical infrastructure protection (CIP) Reliability Standards: CIP-003-6 (Security Management Controls), CIP-004-6 (Personnel and Training), CIP-006-6 (Physical Security of BES Cyber Systems), CIP-007-6 (Systems Security Management), CIP-009-6 (Recovery Plans for BES Cyber Systems), CIP-010-2 (Configuration Change Management and Vulnerability Assessments), and CIP-011-2 (Information Protection). The North American Electric Reliability Corporation (NERC) submitted the proposed Reliability Standards in response to the Commission's Order No. 791. The proposed Reliability Standards address the cyber security of the bulk electric system and improve upon the current Commission-approved CIP Reliability Standards. In addition, the Commission proposes to direct NERC to develop certain modifications to Reliability Standard CIP-006-6 and to develop requirements addressing supply chain management.