agenda standards committee conference call highlights and minutes/sc...• corey sellers, southern...

Agenda Standards Committee Conference Call October 19, 2016 | 1:00 p.m. to 4:00 p.m. Eastern Dial-in: 1-866-740-1260 | Access Code: 5153394 | Security/Passcode: 101916 Click here for: Webinar Access Introduction and Chair’s Remarks NERC Antitrust Compliance Guidelines and Public Announcement* Agenda Items

1. Review Agenda ― (Approve) (B. Murphy) (1 minute) 2. Consent Agenda ― (Approve) (B. Murphy) (1 minute)

a. September 14, 2016, Standards Committee Meeting Minutes* ― (Approve)

b. Project 2013-03 Geomagnetic Disturbance Mitigation Additional Standards Drafting Team Nomination Solicitation* ― (Authorize)

c. Project 2016-02 Standards Drafting Team Chair* ― (Appoint) 3. Upcoming Standards Projects or Issues― (Update)

a. Three-Month Outlook* (S. Noess; B. Murphy) (10 minutes)

4. Projects Under Development ― (Review) a. Project Tracking Spreadsheet (B. Hampton; S. Noess) (15 minutes)

b. Projected Posting Schedule (S. Noess) (5 minutes)

5. Project 2016-03 Standards Authorization Request Cyber Security Supply Chain Management* ― (Authorize) (M. Olson) (10 minutes)

6. Project 2016-02 Modifications to CIP Standards – TCA* ― (Authorize) (S. Cavote) (10 minutes) 7. Request for Interpretation of PRC-002-2 Requirement R5 for Hydro Quebec* ― (Reject) (S.

Noess) (10 minutes)

8. Request for Interpretation of PRC-002-2 Requirement R10 for Hydro Quebec* ― (Reject) (S. Noess) (10 minutes)

9. Drafting Team Reference Manual* ― (Approve) (P. Heidrich) (5 minutes)

https://cc.readytalk.com/r/i42q5moyuth1&eomhttp://www.nerc.com/comm/SC/_layouts/xlviewer.aspx?id=/comm/SC/Project%20Management%20and%20Oversight%20Subcommittee%20DL/Project%20Tracking%20Spreadsheet.xlsx&Source=http%3A%2F%2Fwww%2Eqa%2Enerc%2Ecom%2Fcomm%2FSC%2FProject%2520Management%2520and%2520Oversihttp://www.nerc.com/pa/Stand/Documents/Projected_Posting_Schedule.pdf

Agenda - Standards Committee Meeting | October 19, 2016 2

10. NERC Guidelines and Technical Basis Section of a Standard* ― (Information) (S. Noess) (5 minutes)

11. Subcommittee Reports and Updates a. Project Management and Oversight Subcommittee ― (Update) (B. Hampton) (10 minutes)

b. Process Subcommittee* ― (Update) (P. Heidrich) (5 minutes)

c. Functional Model Advisory Group* ― (Endorse) (P. Heidrich) (5 minutes)

12. Legal Update a. Upcoming Standards Filings* ― (Review) (L. Perotti) (5 minutes)

13. Informational Items ― (Enclosed) a. Directive to Change Violation Risk Factors (VRFs) in IRO-018-1 and TOP-001-1*

b. Standards Committee Expectations*

c. 2016 Meeting Dates and Locations*

d. 2016 Standards Committee Roster*

e. Highlights of Parliamentary Procedure*

14. Adjourn

*Background materials included.

Antitrust Compliance Guidelines I. General It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant and employee who may in any way affect NERC’s compliance with the antitrust laws to carry out this commitment. Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another. The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations. In some instances, the NERC policy contained in these guidelines is stricter than the applicable antitrust laws. Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC’s antitrust compliance policy is implicated in any situation should consult NERC’s General Counsel immediately. II. Prohibited Activities Participants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (e.g., at NERC meetings, conference calls and in informal discussions):

• Discussions involving pricing information, especially margin (profit) and internal cost information and participants’ expectations as to their future prices or internal costs.

• Discussions of a participant’s marketing strategies.

• Discussions regarding how customers and geographical areas are to be divided among competitors.

• Discussions concerning the exclusion of competitors from markets.

• Discussions concerning boycotting or group refusals to deal with competitors, vendors or suppliers.

NERC Antitrust Compliance Guidelines 2

• Any other matters that do not clearly fall within these guidelines should be reviewed with NERC’s General Counsel before being discussed.

III. Activities That Are Permitted From time to time decisions or actions of NERC (including those of its committees and subgroups) may have a negative impact on particular entities and thus in that sense adversely impact competition. Decisions and actions by NERC (including its committees and subgroups) should only be undertaken for the purpose of promoting and maintaining the reliability and adequacy of the bulk power system. If you do not have a legitimate purpose consistent with this objective for discussing a matter, please refrain from discussing the matter during NERC meetings and in other NERC-related communications. You should also ensure that NERC procedures, including those set forth in NERC’s Certificate of Incorporation, Bylaws, and Rules of Procedure are followed in conducting NERC business. In addition, all discussions in NERC meetings and other NERC-related communications should be within the scope of the mandate for or assignment to the particular NERC committee or subgroup, as well as within the scope of the published agenda for the meeting. No decisions should be made nor any actions taken in NERC activities for the purpose of giving an industry participant or group of participants a competitive advantage over other participants. In particular, decisions with respect to setting, revising, or assessing compliance with NERC reliability standards should not be influenced by anti-competitive motivations. Subject to the foregoing restrictions, participants in NERC activities may discuss:

• Reliability matters relating to the bulk power system, including operation and planning matters such as establishing or revising reliability standards, special operating procedures, operating transfer capabilities, and plans for new facilities.

• Matters relating to the impact of reliability standards for the bulk power system on electricity markets, and the impact of electricity market operations on the reliability of the bulk power system.

• Proposed filings or other communications with state or federal regulatory authorities or other governmental entities.

Matters relating to the internal governance, management and operation of NERC, such as nominations for vacant committee positions, budgeting and assessments, and employment matters; and procedural matters such as planning and scheduling meetings.

Public Announcements

Conference call: Participants are reminded that this conference call is public. The access number was posted on the NERC website and widely distributed. Speakers on the call should keep in mind that the listening audience may include members of the press and representatives of various governmental authorities, in addition to the expected participation by industry stakeholders.

Meeting Minutes Standards Committee Meeting September 14, 2016 | 8:00 a.m. to 2:00 p.m. Pacific Brian Murphy, chair, called to order a duly noticed meeting of the Standards Committee (SC or the Committee) on September 14, 2016, at 8:00 a.m. Pacific, and a quorum was declared present. The SC member attendance and proxy sheet is attached hereto as Attachment 1. NERC Antitrust Compliance Guidelines and Public Announcement Committee Secretary Jordan Mallory called attention to the NERC Antitrust Compliance Guidelines and the public meeting notice. Any questions will be directed to NERC’s General Counsel, Charles Berardesco. Introduction and Chair’s Remarks B. Murphy welcomed the Committee and thanked PG&E for hosting the SC meeting at their facilities. B. Murphy welcomed the committee’s newest member Alexander Vedvik of Public Service Commission of Wisconsin and also welcomed NERC Board of Trustees (Board) member David Goulding. Steve Noess announced that Ryan Stewart and Stephen Crutchfield have transferred to another department and named the following staff changes to the Standards department, which is effective Friday, September 16, 2016:

• Soo Jin Kim, Manager of Standards Development

• Mat Bunch, Standards Developer D. Goulding congratulated the SC on how far the committee has come. D. Goulding spoke about the importance on understanding culture and that standards are a vehicle for moving people into a culture that promotes reliability. D. Goulding also expressed how training the next generation is important, and having the right culture prepares one to deal with anything on the system. Review Agenda The Committee approved the agenda by unanimous consent.

Consent Agenda The Committee approved the July 20, 2016, Standards Committee Meeting Minutes by unanimous consent.

Agenda Item 2a Standards Committee October 19, 2016

Minutes - Standards Committee Meeting | September 14, 2016 2

Upcoming Standards Projects or Issues Three-Month Outlook S. Noess reviewed the Three-Month Outlook. Projects Under Development Project Tracking Spreadsheet B. Hampton reviewed the Project Tracking Spreadsheet and informed the Committee that the NERC standards developers will be working with the respective Project Management and Oversight Subcommittee (PMOS) representative to update the annual project schedules accordingly. B. Hampton noted that COM-001 will be removed from the spreadsheet due to passing final ballot. Guy Zito thanked PMOS for taking the time to update the project tracking spreadsheet to make reviewing the spreadsheet easier for the Committee.

Projected Posting Schedule S. Noess reviewed the Projected Posting Schedule. Project 2016-03 Cyber Security Supply Chain Management B. Hampton made the motion to accept the action item as written; Frank McElvain seconded. The motion was as follows:

Appoint a drafting team for Project 2016-03 Cyber Security Supply Chain Management (Supply Chain standard drafting team (SDT)) to draft the Standards Authorization Request and new or revised standard(s), as follows:

1. Appoint candidates 1 through 11 on the attached recommendation to form the SDT

2. Appoint candidate 10 and candidate 8 on the attached recommendation to serve as chair and vice-chair, respectively

B. Hampton spoke briefly in support of the motion, noting the recommended SDT covers the Regions and appropriate functional entities needed for this project. Chris Gowder made a friendly amendment to add Candidate Number Eight and expressed that there are many large entities represented and the addition of this small entity would provide value to the team. B. Hampton accepted the friendly amendment; however, F. McElvain rejected the friendly amendment. Barry Lawson, then moved to amend the motion; C. Gowder seconded. The amended was as follows: Add Candidate Number Eight to the Supply Chain SDT.

Discussion was held around the lack of biography information regarding Candidate Number Eight provided. B. Murphy brought the amended motion to a vote.

http://www.nerc.com/comm/SC/_layouts/xlviewer.aspx?id=/comm/SC/Project%20Management%20and%20Oversight%20Subcommittee%20DL/Project%20Tracking%20Spreadsheet.xlsx&Source=http%3A%2F%2Fwww%2Eqa%2Enerc%2Ecom%2Fcomm%2FSC%2FProject%2520Management%2520and%2520Oversihttp://www.nerc.com/pa/Stand/Documents/Projected_Posting_Schedule.pdf


The Committee rejected the amendment with Robert Blohm abstaining and the following members voting no: S. Bodkin, L. Lee, B. Li, S. Miller, C. Norrish, W. Sipperly, B. Hampton, F. McElvain, D. Kiguel, R. Blohm, M. Harris, S. Rueckert, G. Zito, and Alexander Vedvik.

C. Yeung noted that Candidate Number four should have Southwest Power Pool (SPP) as a part of his/her Region. B. Murphy brought the original motion to a vote.

The Committee approved the motion to appoint the following SDT members with no objections or abstentions:

• Christina Alston, Georgia Transmission Corp.

• James W. Chuber, Duke Energy

• Norm Dang, IESO of Ontario

• Chris Evans, Southwest Power Pool

• Brian Gatus, Southern California Edison Company

• David Bryan Gayle, Dominion Resources Services, Inc.

• Thruston J. Griffin, CPS Energy

• JoAnn Murphy, PJM Interconnection, L.L.C.

• Skip Peeples, Salt River Project

• Corey Sellers, Southern Company

• Jason Witt, East Kentucky Power Cooperative

Project 2015-10 Single Points of Failure S. Rueckert made the motion to accept the action item as written; G. Zito seconded. The motion was as follows:

Appoint a standard drafting team (SDT) for Project 2015-10 Single Points of Failure as follows:

1. Appoint candidates 1 through 10 on the attached recommendation to form the SDT; and

2. Appoint candidate 9 and candidate 2 on the attached recommendation to serve as chair and vice chair, respectively.


S. Rueckert spoke briefly in support of the motion, noting the recommended SDT are all qualified for this project. B. Murphy brought the motion to a vote.

The Committee approved the motion with no objections or abstentions.

• Jonathan Hayes, SPP

• Delyn Kilpack, Louisville Gas Electric & Kentucky Utilities

• Chris Colson, Western Area Power Administration

• Bill Harm, PJM

• Baj Agrawal, Arizona Public Service Company

• Liqin Jiang, Duke Energy

• Rich Kowalski, ISO New England

• Prabhu Gnanam, ERCOT

• Manuela Dobrescu Dobritoiu, Hydro-Quebec

• Ruth Kloecher, ITC Holdings

Project 2016-04 Modifications to PRC-025 B. Li made the motion to accept the action item as written; B. Hampton seconded. The motion was as follows:

Authorize posting the Standards Authorization Request (SAR) for a 30-day formal comment period and authorize solicitation of nominations to form a 2016-04 Modifications to Reliability Standard PRC-025-1 SAR drafting team, which will be no less than 20 days.

B. Li spoke briefly in support of the motion. However, questioned the purpose of the North American Generator Forum endorsement. Scott Barfield-McGinnis explained that the endorsement is regarding the content of the SAR. G. Zito mentioned that the SAR supports addressing an issue that has been identified in instances of generators with long lead lines. B. Lawson inquired whether the potential changes could impact obligations under PRC-025 for other entities not affected by the issue G. Zito noted. S. Noess indicated the SAR is addressing a specific issue and does not foresee it impacting beyond those affected by the issue.


B. Murphy brought the motion to a vote.

The Committee approved the motion with no objections or abstentions. 2017-2019 Reliability Standards Development Plan and Grading G. Zito provided an overview of the grading process and explained which standards are currently eligible. S. Noess explained that the standards grading information will be used as a starting point for the Enhanced Periodic Review (EPR) teams. The first standards to move forward in 2016 for the EPR are VAR and PER. A question was asked regarding the attachment located in the Reliability Standards Development Plan (RSDP). It was explained that the RSDP is more of a summary format instead of detailed information, and the attachment contains a link to the more detailed information on the grading project. B. Murphy noted that the group is working on bringing the grading enhancements and recommended changes before the SC for approval. B. Murphy also thanked M. Bunch for all his work on the project and appreciated that he turned the documents into something the group could easily work with. Additional input was provided that the survey created a lot of work for some entities and to be mindful with the types of survey questions posed in the future. The motion was as follows:

Endorse the 2017-2019 RSDP with an additional statement added to the RSDP that the grades provided by the standing review team and industry stakeholders will be a consideration when determining the prioritization of the Enhanced Periodic Reviews.

G. Zito accepted the motion and B. Li seconded. G. Zito briefly spoke in support of the motion. B. Murphy brought the motion to a vote.


Standards Committee Charter Revision D. Kiguel made the motion; McElvain seconded. The motion was as follows:

Approve the Standards Committee (SC) Charter edits to Section 4.


The intent with these updates is to begin to more fully include Mexico in standards activities. The revised charter will be presented to the NERC Board at the same time as a series of corresponding changes to the Rules of Procedure (ROP). D. Kiguel briefly spoke to the motion, noting that it will be good to have Mexican presence at the SC meetings. Concern was raised of possible conflict of the changes with the current ROP, and it was explained that this should not become an issue because of the coordination to present both changes to the NERC Board at the same time, with recommendation that the charter changes will not become effective until the corresponding ROP changes are effective. Additionally, there was discussion questioning why the Canadian and Mexican terms were limited to one year each. It was explained that this term is specified in Appendix 3B to the ROP, Procedures for the Election of Members of the Standards Committee. It was explained that a one-year term was chosen so as to not interfere with the regular annual election of SC members. B. Murphy brought the amended motion to a vote:


Standards Committee Annual Accomplishments B. Li made the motion to accept the action item as written; G. Zito seconded. The motion was as follows: Endorse the following:

1. The Standards Committee Executive Committee (SCEC) using the following metrics and self-evaluation process to assess the SC’s 2016 accomplishments:

• Was a project schedule presented? (task 1) – yes/no

• Did the PMOS and NERC staff work together to present for SC endorsement a prioritization and timing of 2016 EPRs? (task 2) – yes/no

• With the assistance of NERC staff, the leadership of the Operating Committee, Planning Committee, and the Critical Infrastructure Protection Committee, did the SC develop a Standard metric approach for the NERC Board endorsement? (task 3) – yes/no

• Did the NERC staff and the Standards Committee Process Subcommittee consider revisions to the NERC Standard Processes Manual section 11 consistent with the Compliance Guidance Policy Paper? (task 4) – yes/no


• Did the SC conduct a review of its 2016-2018 Strategic Work Plan? (task 5) – yes/no

• Did the SCEC evaluate the need for additional reforms or enhancements to the SC Charter? (task 5) – yes/no; and

2. The SCEC plans on presenting the results of answers to the above questions to the SC in its December 2016 meeting for the SC’s endorsement.

B. Li spoke briefly in support of the motion, noting that the action page does not list those bullets as being in the 2016 strategic plan and suggested that be added. B. Murphy brought the motion to a vote.

The Committee approved the motion with no objections or abstentions. 2017 Standards Committee Meeting Dates and Locations Discussion was held weighing the pros and cons for Option 1 (hold PMOS meeting the morning of and prior to the SC meeting) and Option 2 (same as 2016 schedule). B. Li made the motion to adopt Option 1; L. Lee seconded. B. Li briefly spoke in support of his motion, noting that this will allow more time for the two subcommittees to meet separately and possibly attend the other. B. Li also requested that once the meeting dates are set to provide the Committee members with the information as soon as possible. L. Lee mentioned that she liked Option 1 so SC members have the option to attend the PMOS meetings. Clarity was provided that the March 15, 2017 and September 7, 2017, SC meeting will be held during local time zone based on the meeting location. B. Murphy brought the motion to a vote.

The Committee approved the motion with F. McElvain voting no and there were no abstentions.

Request for Interpretation of CIP-006 for Cleco Corporation S. Noess provided an overview and explained that this Request for Interpretation (RFI) focuses on compliance approaches and that there are different mechanisms to address this concern like pursuing the compliance guidance process endorsed by the NERC Board. F. McElvain moved the motion as written; G. Zito seconded. The action item was as follows: Reject the RFI of CIP-006-6 Requirement R1 submitted by Cleco

Corporation (Cleco).


Discussion was held on whether the RFI was regarding compliance or applicability. B. Murphy brought the motion to a vote.

The Committee approved the motion with no objections and B. Lawson, A. Vedvik and S. Miller abstained.

Request for Interpretation of BAL-001-2 for Orlando Utilities Commission (OUC) C. Gowder made the motion to accept the RFI of BAL-001-2; S. Bodkin seconded. The action item was as follows:

Accept the RFI of BAL-001-2 submitted by OUC.

C. Gowder spoke in support of the motion, noting that the standard needs to be reopened for calculation corrections. S. Noess explained that if the standard needs to be reopened for corrections then an RFI is not the correct avenue, as an RFI cannot change a requirement. Discussion was held regarding the process from when an RFI is submitted to be rejected/accepted and the timeliness of RFI turn around once it is submitted. B. Murphy brought the motion to a vote:

The Committee rejected the motion with the following abstaining: B. Lawson, A. Vedvik, and S. Miller.

S. Rueckert accepted the motion as written; G. Zito seconded. The action item was as follows:

Reject the Request for Interpretation (RFI) of BAL-001-2 submitted by Orlando Utilities Commission (OUC).

S. Bodkin made a friendly amendment to reject the Request for Interpretation (RFI) of BAL-001-2 submitted by OUC including a statement that a SAR may be the appropriate method in addressing the issues proposed in the RFI. S. Rueckert and G. Zito accepted the friendly amendment. Conversation was held concerning the rejection reasoning of the standard being plain on its face and the issue already being addressed in the record, and if this was the correct rationale for rejection.


B. Lawson made a friendly amendment to reject the RFI of BAL-001-2 submitted by OUC, on the basis that the issue presented in the RFI has been addressed in the record, and to include a statement in the rejection that a SAR may be the appropriate method in addressing the issues proposed in the RFI. S. Rueckert and G. Zito accepted the friendly amendment. B. Li calls the question. S. Bodkin withdraws his friendly amendment. A. Vedvik states S. Bodkin’s friendly amendment. S. Rueckert and G. Zito accepted the friendly amendment. B. Murphy brought the motion to a vote:

The Committee approved the motion with F. McElvain, S. Miller, and A. Gallo voting no and there were no abstentions.

Revisions to the NERC Standard Processes Manual Section 6 B. Li made the motion to adopt the action item as written; G. Zito seconded. The motion was as follows:

Endorse the Standards Committee Process Subcommittee’s (SCPS) proposed revisions to Section 6 Process for Conducting Field Tests of the Standard Processes Manual (SPM).

B. Li briefly spoke to the motion. It was noted that additional redlines appeared in the definition of Reliability Standard in section 2.0, and that these changes were proposed by NERC Legal staff to reflect the currently-in-effect ROP definition of Reliability Standard. It was clarified that section 6 is the only section being voted on for the purpose of this motion.

It was noted that there was extensive outreach completed with the technical committees and those committees are assisting from the technical aspect whereas the SC can focus on the process. B. Murphy brought the motion to a vote.

The Committee approved the motion with A. Gallo and S. Miller voting no, and F. McElvain, A. Vedvik, and M. Harris abstaining.

Project 2015-04 Alignment of Terms B. Hampton made the motion to accept the action item as written; F. McElvain seconded. The motion was as follows:


Endorse (1) the SCEC reviewing the Phase II Recommendations of the Alignment of Terms drafting team and the comments of the PMOS liaisons on those recommendations, and (2) after the review, presenting a proposal by the SCEC to the SC on how to proceed with the recommendations by the December 2016 SC meeting.

B. Murphy brought the motion to a vote.


Subcommittee Reports and Updates

Project Management and Oversight Subcommittee B. Hampton provided the PMOS update and explained that there will no longer be an annual calendar moving forward. B. Hampton let the Committee know that each PMOS liaison will be working with the respective NERC Standards Developers to ensure timelines for each project are accurate and up to date. Process Subcommittee P. Heidrich provided the update for SCPS by reviewing the work plan. A couple of highlights are that the group is diligently working on Sections 7 and 11 of the SPM and the SAR submittal form is moving along nicely. The goal is to have these documents submitted for endorsement fourth quarter 2016. Additionally, there were four sets of comments received for the drafting team reference manual, which will require some substantial edits to the document. Functional Model Advisory Group P. Heidrich provided the update for the Functional Model Advisory Group. A 45-day comment period concluded on September 7, 2016 for the Reliability Functional Model and Reliability Functional Model Technical Document and there will be a three day meeting (when and where) scheduled to review and respond to comments. There was discussion around if the SC needs to be more involved with reviewing the comments. It was mentioned that G. Zito and B. Li are involved and happy to cover as SC representatives. In addition, B. Murphy and M. D’Antuono will work closely with G. Zito and B. Li to propose a process for SC review of the Functional Model Advisory Group workproduct. Further discussion was held around the purpose of the Functional Model and that is to provide guidance on process, not technical content.

Legal Update L. Perotti provided an overview on past and upcoming legal filings. No discussion was held.


Informational Items No discussion was had on the informational items.

Adjourn B. Murphy thanked the Committee members and adjourned the meeting at 12:12 p.m. Pacific time.

Attachment I

Segment and Term Representative Organization Proxy Present (Member or

Proxy)

Chair 2016‐17

Brian Murphy Senior Attorney

NextEra Energy, Inc. Yes

Vice‐Chair 2016‐17

Michelle D’Antuono Manager, Energy

Occidental Energy Ventures, LLC

Yes

Segment 1‐2015‐16 Lou Oberski Managing Director, NERC Compliance Policy

Dominion Resources Services, Inc.

Sean Bodkin

Yes

Segment 1‐2016‐17 Laura Lee Manager of ERO Support and Event Analysis, System Operations

Duke Energy Yes

Segment 2‐2015‐16 Charles Yeung Executive Director Interregional Affairs

Southwest Power Pool Yes

Segment 2‐2016‐17 Ben Li Consultant

Independent Electric System Operator

Yes

Segment 3‐2015‐16 John Bussman

Manager, Reliability Compliance Associated Electric Cooperative, Inc.

Yes

Segment 3‐2016‐17 Scott Miller

Manager Regulatory Policy MEAG Power

Yes

Segment 4‐2015‐16 Barry Lawson Associate Director, Power Delivery and Reliability

National Rural Electric Cooperative Association

Yes

Segment 4‐2016‐17 Chris Gowder Regulatory Compliance Specialist

Florida Municipal Power Agency

Yes

Segment 5‐2015‐16 Colt Norrish

Compliance Director PacifiCorp

Yes

Segment 5‐2016‐17 Randy Crissman Vice President – Technical Compliance

New York Power Authority Wayne Sipperly

Yes

Standards Committee Attendance – September 14, 2016

Segment and Term Representative Organization Proxy Present (Member or

Proxy)

Segment 6‐2015‐16 Brenda Hampton Director, NERC& TREAffairs

Energy Future Holdings – Luminant Energy Company LLC

Yes

Segment 6‐2016‐17 Andrew Gallo Director, Reliability Compliance

City of Austin dba Austin Energy

Yes

Segment 7‐2015‐16 Marion Lucas APGI Chief Compliance Officer, President & Director

Alcoa Power Marketing LLC Yes

Segment 7‐2016‐17 Frank McElvain Senior Manager, Consulting

Siemens Power Technologies International

Yes

Segment 8‐2015‐16 David Kiguel Independent Yes

Segment 8‐2016‐17 Robert Blohm, Managing Director

Keen Resources Ltd. Yes

Segment 9‐2015‐16 Mark Harris Electrical Engineer

Public Utilities Commission of Nevada

Yes

Segment 9‐2016‐17 Alexander Vedvik Public Service Commission of Wisconsin

Yes

Segment 10‐2015‐16 Steven Rueckert Director of Standards

Western Electricity Coordinating Council

Yes

Segment 10‐2016‐17 Guy Zito Assistant Vice President of Standards

Northeast Power Coordinating Council

Yes

Standards Committee Attendance – September 14, 2016

Agenda Item 2b Standards Committee October 19, 2016

Project 2013-03 Geomagnetic Disturbance Mitigation Additional Drafting Team

Nominations Actions Authorize posting to solicit nominations for additional standard drafting team (SDT) members to respond to directives from Federal Energy Regulatory Commission (FERC) Order No. 830.

Background On September 22, 2016, FERC issued Order No. 830 approving Reliability Standard TPL-007-1 − Transmission System Planned Performance for Geomagnetic Disturbance Events. In the order, FERC directed NERC to develop certain modifications to the Standard, including:

• Modify the benchmark GMD event definition used for GMD Vulnerability Assessments;

• Make related modifications to requirements pertaining to transformer thermal impact assessments;

• Require collection of GMD-related data, and for NERC to make it publicly available; and

• Require deadlines for Corrective Action Plans (CAPs) and GMD mitigating actions. FERC established a deadline of 18 months from the effective date of Order No. 830 for completing the revisions, which is May 2018. The appointed SDT members of the Project 2013-03 SDT (roster attached) are all well qualified to continue participating in the development of revisions. However, two SDT members, Randy Horton and Ken Fleischer, are no longer with their registered entities, and their situations may not allow them to continue participating fully as SDT members. Additionally, Emanuel Bernabeu is now employed at the same entity as the SDT chair. NERC staff requests authorization to solicit nominations for additional SDT members in order to maintain a diverse and well qualified team.

http://www.nerc.com/filingsorders/us/FERCOrdersRules/E-4.pdf

Standard Drafting Team Roster Project 2013-03 Geomagnetic Disturbance Mitigation

Name Entity

Chair Frank Koza PJM Interconnection

Vice Chair Randy Horton Electric Power Research Institute

Members Donald Atkinson Georgia Transmission Corporation

Emanuel Bernabeu PJM Interconnection

Kenneth Fleischer Fleischer Consultants, LLC

Luis Marti Hydro One Networks

Antti Pulkkinen NASA Goddard Space Flight Center

Qun Qiu American Electric Power

NERC Staff Mark Olson – Senior Standards Developer North American Electric Reliability Corporation

Agenda Item 2c Standards Committee October 19, 2016

Project 2016-02 Modifications to CIP Standards

Action Appoint Christine Hasha and David Revill as standard drafting team (SDT) co-chairs for the Project 2016-02 Modifications to CIP Standards. Background Due to a recent job change, Chair Margaret Powell has resigned as a member of the SDT effective November 30, 2016. As a result, the current vice chairs have agreed to serve as SDT co-chairs. Neither SDT leadership nor NERC staff see a need to solicit for an additional SDT member(s) at this time.

Three-Month Outlook

Brian Murphy, SC Chair, NextEra Energy Resources, LLCSteven Noess, Director of Standards Development, NERCStandards Committee October 6, 2016

Agenda Item 3aStandards CommitteeOctober 19, 2016

RELIABILITY | ACCOUNTABILITY2

• October Project 2013-03 Geomagnetic Disturbance Mitigation

• November None

• December None

Authorize Nomination Solicitations


• October None

• November None

• December Project 2013-03 Geomagnetic Disturbance Mitigation SAR for Modifications to PRC-025-1 (Project 2016-04)

Authorize Team Appointments


• October Project 2016-03 Cyber Security Supply Chain Management

• November None

• December Project 2013-03 Geomagnetic Disturbance Mitigation

Authorize SAR Postings


• October None

• November None

• December Project 2015-10 Single Points of Failure (TPL-001-4) Project 2015-09 System Operating Limits (FAC-010, FAC-011, FAC-014) Project 2016-02 Modifications to CIP Standards (CIP-003-7(i))

Authorize Initial Postings


• September Order Approving Reliability Standards IRO-018-1 and TOP-010-1 Order No. 830 Approving Reliability Standard TPL-007-1 Notice of Proposed Rulemaking to Approve Reliability Standards BAL-005-1

and FAC-001-3

• October None

FERC Orders and NOPRs

Agenda Item 5 Standards Committee October 19, 2016

Project 2016-03 Cyber Security Supply Chain Management

Standards Authorization Request (SAR) Actions Authorize posting the SAR developed by the Project 2016-03 SAR and standards drafting team (SDT) to meet the directives from Federal Energy Regulatory Commission (FERC) Order No. 829 for 30-day informal comment period.

Background On July 21, 2016, FERC issued Order No. 829 directing NERC to develop a new or modified Reliability Standard that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services associated with Bulk Electric System (BES) operations as follows:

"[The Commission directs] NERC to develop a forward-looking, objective-based Reliability Standard to require each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations. The new or modified Reliability Standard should address the following security objectives, [discussed in detail in the Order]: (1) software integrity and authenticity; (2) vendor remote access; (3) information system planning; and (4) vendor risk management and procurement controls."

The Commission established a filing deadline of one year from the effective date of Order No. 829, which is September 27, 2017. The SDT developed the attached SAR to specifically address the directives in Order No. 829 and is requesting to post for 30-day informal comment period as specified in the Standard Processes Manual. The SDT will review all comments and consider whether changes to the SAR are needed to address the directives in Order No. 829. The SDT anticipates completing this review prior to the Standards Committee's December meeting, at which time the SAR will be provided to the Standards Committee for acceptance.

http://www.nerc.com/FilingsOrders/us/FERCOrdersRules/Order_SupplyChain_20160721_RM15-14.pdf

Standards Authorization Request Form NERC welcomes suggestions to improve the reliability of the bulk power system through improved Reliability Standards. Please use this form to submit your request to propose a new or a revision to a NERC’s Reliability Standard.

Request to propose a new or a revision to a Reliability Standard

Title of Proposed Standard(s): Cyber Security - Supply Chain Controls

Date Submitted: September 28, 2016

SAR Requester Information

Name: Corey Sellers

Organization: Southern Company / Chair, SAR and Standards Drafting Team

Telephone: 205-257-7531 E-mail: [email protected]

SAR Type (Check as many as applicable)

New Standard

Revision to existing Standard

Withdrawal of existing Standard

Urgent Action

SAR Information

Purpose (Describe what the Standard action will achieve in support of Bulk Electric System reliability.):

The goal of this project is to establish forward-looking, objective-driven new or modified Reliability Standard(s) requiring entities to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and computing and networking services that impact Bulk Electric System (BES) operations. The project will address the Federal Energy Regulatory Commission (FERC) directives contained in Order No. 829. Industry Need (What is the industry problem this request is trying to solve?):

On July 21, 2016, FERC issued Order No. 829 directing NERC to develop a forward-looking, objective-driven new or modified Reliability Standard(s) that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services associated with BES operations. The supply chains for information and communications technology and industrial control systems present risks to the BES by providing potential opportunities for the introduction of

When completed, email this form to:

[email protected]


mailto:[email protected]

Project 2016-03 Cyber Security Supply Chain Management September 28, 2016 2

SAR Information

cybersecurity vulnerabilities. The new or modified Reliability Standard(s) is intended to reduce the risk of a cybersecurity incident affecting the reliable operation of the bulk power system. Brief Description (Provide a paragraph that describes the scope of this Standard action.)

The standards drafting team (SDT) shall develop new or modified Critical Infrastructure Protection (CIP) Standard(s) to require applicable entities to develop and implement a plan that includes security controls for supply chain management of industrial control system hardware, software, and computing and networking services that impact BES operations as described in Order No. 829. The work will include development of an Implementation Plan, Violation Risk Factors, Violation Severity Levels, and supporting documents, within the 12-month deadline established by FERC in Order No. 829. Detailed Description (Provide a description of the proposed project with sufficient details for the standard drafting team to execute the SAR. Also provide a justification for the development or revision of the Standard, including an assessment of the reliability and market interface impacts of implementing or not implementing the Standard action.)

The SDT shall address each of the Order No. 829 directives. The Reliability Standard(s) developed or revised in the project will require applicable entities to develop and implement a plan that addresses, at a minimum, the following four specific objectives as they relate to supply chain cybersecurity of the BES (Order No. 829 at P 45):

1. Software integrity and authenticity;

2. Vendor remote access;

3. Information system planning; and

4. Vendor risk management and procurement controls.

The plan may apply different controls based on the criticality of different assets (Order No. 829 at P 44). Requirements developed by the SDT will be aimed at the protection of aspects of the supply chain that are within the control of responsible entities (Order No. 829 at P 10). The new or modified Reliability Standard will also require periodic reassessment of the applicable entity’s selected controls by the applicable entity's CIP Senior Manager at least every 15 months (Order No. 829 at P 46). In addressing Objective 1 (Software integrity and authenticity), the SDT shall develop requirement(s) for applicable entities to address verification of: (1) the identity of the software publisher for all software and patches that are intended for use on BES Cyber Systems; and (2) the integrity of the software and patches before they are installed in the BES Cyber System. (Order No. 829 at P 48) In addressing Objective 2 (Vendor remote access), the SDT shall develop requirement(s) for applicable entities to address logging and controlling all third-party (i.e., vendor) initiated remote access sessions.


SAR Information

The objective covers both user-initiated and machine-to-machine vendor remote access. Additionally, applicable entities' controls must provide for rapidly disabling remote access sessions to mitigate a security event, if necessary. (Order No. 829 at P 51 and 52) In addressing Objective 3 (Information system planning), the SDT shall develop requirement(s) that address the applicable entities' CIP Senior Manager (or delegate) identification and documentation of risks for consideration by the applicable entity in proposed information system planning. (Order No. 829 at P 56) In addressing Objective 4 (Vendor risk management and procurement controls), the SDT shall develop requirement(s) for applicable entities to address the provision and verification of the following security concepts, at a minimum, in future contracts for industrial control system hardware, software, and computing and networking services associated with BES operations. (Order No. 829 at P 59)

• Vendor security event notification processes;

• Vendor personnel termination notification for employees with access to remote and onsite systems;

• Product/services vulnerability disclosures, such as accounts that are able to bypass authentication or the presence of hardcoded passwords;

• Coordinated incident response activities; and

• Other related aspects of procurement that the SDT determines should be addressed for supply chain cyber security risk management as stated in Order No. 829.

The SDT may, as an alternative, propose an equally efficient and effective means to meet the objectives in Order No. 829.

Reliability Functions

The Standard will Apply to the Following Functions (Check each one that applies.)

Regional Reliability Organization

Conducts the regional activities related to planning and operations, and coordinates activities of Responsible Entities to secure the reliability of the Bulk Electric System within the region and adjacent regions.

Reliability Coordinator Responsible for the real-time operating reliability of its Reliability Coordinator Area in coordination with its neighboring Reliability Coordinator’s wide area view.


Reliability Functions

Balancing Authority Integrates resource plans ahead of time, and maintains load-interchange-resource balance within a Balancing Authority Area and supports Interconnection frequency in real time.

Interchange Authority Ensures communication of interchange transactions for reliability evaluation purposes and coordinates implementation of valid and balanced interchange schedules between Balancing Authority Areas.

Planning Coordinator Assesses the longer-term reliability of its Planning Coordinator Area.

Resource Planner Develops a >one year plan for the resource adequacy of its specific loads within a Planning Coordinator area.

Transmission Planner Develops a >one year plan for the reliability of the interconnected Bulk Electric System within its portion of the Planning Coordinator area.

Transmission Service Provider

Administers the transmission tariff and provides transmission services under applicable transmission service agreements (e.g., the pro forma tariff).

Transmission Owner Owns and maintains transmission facilities.

Transmission Operator

Ensures the real-time operating reliability of the transmission assets within a Transmission Operator Area.

Distribution Provider Delivers electrical energy to the End-use customer.

Generator Owner Owns and maintains generation facilities.

Generator Operator Operates generation unit(s) to provide real and Reactive Power.

Purchasing-Selling Entity

Purchases or sells energy, capacity, and necessary reliability-related services as required.

Market Operator Interface point for reliability functions with commercial functions.

Load-Serving Entity Secures energy and transmission service (and reliability-related services) to serve the End-use Customer.


Reliability and Market Interface Principles

Applicable Reliability Principles (Check all that apply).

1. Interconnected bulk power systems shall be planned and operated in a coordinated manner to perform reliably under normal and abnormal conditions as defined in the NERC Standards.

2. The frequency and voltage of interconnected bulk power systems shall be controlled within defined limits through the balancing of real and Reactive Power supply and demand.

3. Information necessary for the planning and operation of interconnected bulk power systems

shall be made available to those entities responsible for planning and operating the systems reliably.

4. Plans for emergency operation and system restoration of interconnected bulk power systems shall be developed, coordinated, maintained and implemented.

5. Facilities for communication, monitoring and control shall be provided, used and maintained for the reliability of interconnected bulk power systems.

6. Personnel responsible for planning and operating interconnected bulk power systems shall be trained, qualified, and have the responsibility and authority to implement actions.

7. The security of the interconnected bulk power systems shall be assessed, monitored and maintained on a wide area basis.

8. Bulk power systems shall be protected from malicious physical or cyber attacks.

Does the proposed Standard comply with all of the following Market Interface Principles?

Enter

(yes/no)

1. A Reliability Standard shall not give any market participant an unfair competitive advantage.

YES

2. A Reliability Standard shall neither mandate nor prohibit any specific market structure.

YES

3. A Reliability Standard shall not preclude market solutions to achieving compliance with that Standard.

YES

4. A Reliability Standard shall not require the public disclosure of commercially sensitive information. All market participants shall have equal opportunity to access commercially non-sensitive information that is required for compliance with Reliability Standards.

YES

Related Standards

Standard No. Explanation

CIP-002-5 Cyber Security - BES Cyber System Categorization. Specifies categorization of BES Cyber Systems and BES Cyber Assets to support appropriate protection against compromises that could lead to misoperation or instability in the BES.


Related Standards

CIP-003-6 Cyber Security - Security Management Controls. Establishes responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in BES

CIP-004-6 Cyber Security - Personnel & Training

CIP-005-5 Cyber Security - Electronic Security Perimeter(s)

CIP-007-6 Cyber Security - System Security Management

CIP-010-2 Cyber Security - Configuration Change Management and Vulnerability Assessments

CIP-011-2 Cyber Security - Information Protection

Related SARs

SAR ID Explanation

Regional Variances

Region Explanation

FRCC

MRO

NPCC

RF

SERC

SPP RE

Texas RE

WECC


Project 2016-02 Modifications to CIP Standards Action Authorize the initial posting of (1) proposed Reliability Standard CIP-003-7(i), (2) the proposed revised definition of Transient Cyber Asset (TCA) to be incorporated into the NERC Glossary of Terms Used in NERC Reliability Standards (NERC Glossary), (3) the Violation Risk Factors (VRFs) and Violation Severity Levels (VSLs), and (4) the associated Implementation Plan for a 45-day formal comment period with initial ballots and nonbinding polls during the last 10 days of the comment period. The existing CIP-003-7 ballot pool will be used, with notice to stakeholders that anyone not currently in the pool may join during the first 30 days of the 45-day formal comment period. Background On January 21, 2016, the Federal Energy Regulatory Commission (FERC or Commission) issued Order No. 822, approving revisions to the cybersecurity Critical Infrastructure Protection (CIP) standards and directing NERC to develop certain modifications to requirements in the CIP standards and the definition of Low Impact External Routable Connectivity (LERC). Specifically, the Commission directed the following:

• Develop modifications to the CIP Reliability Standards to provide mandatory protection for transient devices used at Low Impact BES Cyber Systems based on the risk posed to bulk electric system reliability.

• Develop modifications to the CIP Reliability Standards to require responsible entities to implement controls to protect, at a minimum, communication links and sensitive bulk electric system data communicated between bulk electric system Control Centers in a manner that is appropriately tailored to address the risks posed to the bulk electric system by the assets being protected (i.e., high, medium, or low impact).

• Develop a modification to provide the needed clarity, within one year of the effective date of this Final Rule, to the LERC definition consistent with the commentary in the Guidelines and Technical Basis section of CIP-003-6.

On March 9, 2016, the NERC Standards Committee (SC) authorized the Standards Authorization Request (SAR) to be posted for a 30-day informal comment period from March 23 – April 21, 2016. Based on the comments received, the 2016-02 Modifications to CIP standards drafting team (SDT) made minor revisions to the SAR which was posted for an additional 30-day informal comment period June 1-30, 2016. The SC accepted the SAR on July 20, 2016. The SC authorized the initial posting of CIP-003-7 to address LERC on the July 2016 SC call. In response to the directive to provide mandatory protection for transient devices used at Low Impact BES Cyber Systems, the SDT is proposing additional revisions to Attachment 1 of CIP-003-6 to mitigate the risk of malware propagation to the Bulk Electric System (BES) through low impact BES Cyber Systems. Attachment 1 contains and outlines the required sections of a

http://www.nerc.com/FilingsOrders/us/FERCOrdersRules/Order%20Approving%20Revised%20CIP%20Reliability%20Standards.pdf


Responsible Entity’s cyber security plan(s) for its low impact BES Cyber Systems per Requirement R2. Under CIP-003-6, cyber security plan(s) are required to address four subject matter areas: (1) cyber security awareness; (2) physical security controls; (3) electronic access controls; and (4) Cyber Security Incident response. The SDT is proposing to expand Attachment 1 to include a fifth area: “Transient Cyber Asset and Removable Media Malicious Code Mitigation Plan(s)”. Requiring the Responsible Entity to develop and implement these plans will provide higher assurance against the propagation of malware from transient devices. As proposed, Section 5 of Attachment 1 of CIP-003-7(i) mandates that entities have malware protection on TCAs (both entity and vendor-managed) and for Removable Media. The SDT asserts that it is necessary to distinguish between the specific protections for: (i) TCAs managed by the Responsible Entity, (ii) TCAs managed by a party other than the Responsible Entity (e.g. vendors or contractors), and (iii) Removable Media. Additionally, the SDT revised the definition of a TCA to ensure the applicability of security controls and provide additional clarity. Posting approach/Redlines included Both CIP-003-7 (LERC) and CIP-003-7(i) (LERC and TCA) will be posted for comment and ballot concurrently. Thus, stakeholders will be asked to vote twice, once for CIP-003-7 and once for CIP-003-7(i). The primary purpose of posting and balloting concurrently is to ensure that NERC can meet its March 31, 2017 deadline for addressing the LERC directive. There is no deadline for the TCA directive. The language the SC is authorizing for posting is only the TCA language, as the SC previously authorized the initial posting of CIP-003-7 to address LERC on the July 2016 SC call. As stated in the action item, the ballot pool will be opened for stakeholders to opt in, so that those stakeholders that did not have an interest in LERC, but do for TCA, will have the ability to vote on TCA. Without this approach, there would need to be a new ballot pool formed for only CIP-007(i), which would likely be confusing and inefficient. Quality Review The Quality Review (QR) for this posting was performed October 9 - 11, 2016 by Brian Murphy (NextEra Energy Resources), Michelle D’Antuono (Occidental Energy Ventures), Margaret Powell, David Revill, and Christine Hasha (SDT leadership), Howard Gugel, Darrel Richardson, and Monica Bales (NERC Standards staff), Shamai Elstein (NERC Legal staff), and Scott Mix (NERC Compliance staff). The QR team reviewed the documents and provided feedback to the SDT. The SDT considered the feedback, made appropriate modifications to the draft documents, and approved submitting the final documents to the SC for authorization to post.

CIP-003-7(i) - Cyber Security — Security Management Controls

Draft 1 of CIP-003-7(i) July 2016 Page 1 of 53

Standard Development Timeline

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft This draft of CIP-003-7 is addressing the directive issued by the Federal Energy Regulatory Commission (Commission) in paragraph 73 of Order No. 822 which reads:

[T]he Commission concludes that a modification to the Low Impact External Routable Connectivity definition to reflect the commentary in the Guidelines and Technical Basis section of CIP-003-6 is necessary to provide needed clarity to the definition and eliminate ambiguity surrounding the term “direct” as it is used in the proposed definition. Therefore, pursuant to section 215(d)(5) of the FPA, we direct NERC to develop a modification to provide the needed clarity, within one year of the effective date of this Final Rule approving revisions to the cybersecurity Critical Infrastructure Protection (CIP) standards.

Previously, the Guidelines and Technical Basis had approximately 10 pages of explanation and numerous reference models to describe different forms of direct vs. indirect access that could be used to determine whether Low Impact External Routable Connectivity existed and thus whether a Low Impact BES Cyber System Electronic Access Point (LEAP) was required. In this revision, the term Low Impact External Routable Connectivity has been changed to Low Impact External Routable Communication (LERC) and simplified so that it is an attribute of a BES asset concerning whether there is routable protocol communications across the asset boundary without regard to 'direct vs. indirect' access that may occur. This greatly simplifies and clarifies the definition of LERC. It removes the dependency between the electronic access controls that may be in place and having those controls determine whether LERC exists or not. For those BES assets that have LERC, the standard drafting team (SDT) changed the requirement from requiring a LEAP to requiring electronic access controls to “permit only necessary electronic access to low impact BES Cyber Systems” (revised Attachment 1, Section 3.1) within the BES asset and expanded the Guidelines and Technical Basis with numerous examples of electronic access controls. Given the modified definition of LERC and the proposed modifications in Reliability CIP-003-7, there is no longer a need for the NERC Glossary term Low Impact BES Cyber System Electronic Access Point (LEAP). Consequently, NERC is proposing that term for retirement.

In summary, the CIP SDT revised CIP-003-7, Attachments 1 and 2, Sections 2 and 3 and the associated High VSL for Requirement R2. Non-substantive errata changes were also made within the standard, including changing “ES-ISAC” to “E-ISAC”.


http://www.nerc.com/FilingsOrders/us/FERCOrdersRules/Order%20Approving%20Revised%20CIP%20Reliability%20Standards.pdf



Completed Actions Date

Standard Authorization Request (SAR) approved July 20, 2016

Draft 1 of CIP-003-7 posted for formal comment and initial ballot July 21 – September 6, 2016

Anticipated Actions Date

10-day final ballot October, 2016

NERC Board of Trustees (Board) adoption November, 2016



A. Introduction 1. Title: Cyber Security — Security Management Controls 2. Number: CIP-003-7(i) 3. Purpose: To specify consistent and sustainable security management controls that

establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electric System (BES).

4. Applicability: 4.1. Functional Entities: For the purpose of the requirements contained herein, the

following list of functional entities will be collectively referred to as “Responsible Entities.” For requirements in this standard where a specific functional entity or subset of functional entities are the applicable entity or entities, the functional entity or entities are specified explicitly.

4.1.1 Balancing Authority 4.1.2 Distribution Provider that owns one or more of the following Facilities,

systems, and equipment for the protection or restoration of the BES:

4.1.2.1 Each underfrequency Load shedding (UFLS) or undervoltage Load shedding (UVLS) system that:

4.1.2.1.1 is part of a Load shedding program that is subject to one or more requirements in a NERC or Regional Reliability Standard; and

4.1.2.1.2 performs automatic Load shedding under a common control system owned by the Responsible Entity, without human operator initiation, of 300 MW or more.

4.1.2.2 Each Special Protection System (SPS) or Remedial Action Scheme (RAS) where the SPS or RAS is subject to one or more requirements in a NERC or Regional Reliability Standard.

4.1.2.3 Each Protection System (excluding UFLS and UVLS) that applies to Transmission where the Protection System is subject to one or more requirements in a NERC or Regional Reliability Standard.

4.1.2.4 Each Cranking Path and group of Elements meeting the initial switching requirements from a Blackstart Resource up to and including the first interconnection point of the starting station service of the next generation unit(s) to be started.

4.1.3 Generator Operator 4.1.4 Generator Owner



4.1.5 Interchange Coordinator or Interchange Authority 4.1.6 Reliability Coordinator 4.1.7 Transmission Operator 4.1.8 Transmission Owner

4.2. Facilities: For the purpose of the requirements contained herein, the following Facilities, systems, and equipment owned by each Responsible Entity in 4.1 above are those to which these requirements are applicable. For requirements in this standard where a specific type of Facilities, system, or equipment or subset of Facilities, systems, and equipment are applicable, these are specified explicitly.

4.2.1 Distribution Provider: One or more of the following Facilities, systems and equipment owned by the Distribution Provider for the protection or restoration of the BES:

4.2.1.1 Each UFLS or UVLS System that: 4.2.1.1.1 is part of a Load shedding program that is subject to

one or more requirements in a NERC or Regional Reliability Standard; and

4.2.1.1.2 performs automatic Load shedding under a common control system owned by the Responsible Entity, without human operator initiation, of 300 MW or more.

4.2.1.2 Each SPS or RAS where the SPS or RAS is subject to one or more requirements in a NERC or Regional Reliability Standard.

4.2.1.3 Each Protection System (excluding UFLS and UVLS) that applies to Transmission where the Protection System is subject to one or more requirements in a NERC or Regional Reliability Standard.

4.2.1.4 Each Cranking Path and group of Elements meeting the initial switching requirements from a Blackstart Resource up to and including the first interconnection point of the starting station service of the next generation unit(s) to be started.

4.2.2 Responsible Entities listed in 4.1 other than Distribution Providers: All BES Facilities.

4.2.3 Exemptions: The following are exempt from Standard CIP-003-7(i): 4.2.3.1 Cyber Assets at Facilities regulated by the Canadian Nuclear Safety

Commission.



4.2.3.2 Cyber Assets associated with communication networks and data communication links between discrete Electronic Security Perimeters (ESPs).

4.2.3.3 The systems, structures, and components that are regulated by the Nuclear Regulatory Commission under a cyber security plan pursuant to 10 C.F.R. Section 73.54.

4.2.3.4 For Distribution Providers, the systems and equipment that are not included in section 4.2.1 above.

5. Effective Dates: See Implementation Plan for CIP-003-7(i).

6. Background: Standard CIP-003 exists as part of a suite of CIP Standards related to cyber security, which require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems.

The term policy refers to one or a collection of written documents that are used to communicate the Responsible Entities’ management goals, objectives and expectations for how the Responsible Entity will protect its BES Cyber Systems. The use of policies also establishes an overall governance foundation for creating a culture of security and compliance with laws, regulations, and standards.

The term documented processes refers to a set of required instructions specific to the Responsible Entity and to achieve a specific outcome. This term does not imply any naming or approval structure beyond what is stated in the requirements. An entity should include as much as it believes necessary in its documented processes, but it must address the applicable requirements.

The terms program and plan are sometimes used in place of documented processes where it makes sense and is commonly understood. For example, documented processes describing a response are typically referred to as plans (i.e., incident response plans and recovery plans). Likewise, a security plan can describe an approach involving multiple procedures to address a broad subject matter.

Similarly, the term program may refer to the organization’s overall implementation of its policies, plans, and procedures involving a subject matter. Examples in the standards include the personnel risk assessment program and the personnel training program. The full implementation of the CIP Cyber Security Reliability Standards could also be referred to as a program. However, the terms program and plan do not imply any additional requirements beyond what is stated in the standards.

Responsible Entities can implement common controls that meet requirements for multiple high, medium, and low impact BES Cyber Systems. For example, a single



cyber security awareness program could meet the requirements across multiple BES Cyber Systems.

Measures provide examples of evidence to show documentation and implementation of the requirement. These measures serve to provide guidance to entities in acceptable records of compliance and should not be viewed as an all-inclusive list.

Throughout the standards, unless otherwise stated, bulleted items in the requirements and measures are items that are linked with an “or,” and numbered items are items that are linked with an “and.”

Many references in the Applicability section use a threshold of 300 MW for UFLS and UVLS. This particular threshold of 300 MW for UVLS and UFLS was provided in Version 1 of the CIP Cyber Security Standards. The threshold remains at 300 MW since it is specifically addressing UVLS and UFLS, which are last ditch efforts to save the BES. A review of UFLS tolerances defined within Regional Reliability Standards for UFLS program requirements to date indicates that the historical value of 300 MW represents an adequate and reasonable threshold value for allowable UFLS operational tolerances.



B. Requirements and Measures R1. Each Responsible Entity shall review and obtain CIP Senior Manager approval at least

once every 15 calendar months for one or more documented cyber security policies that collectively address the following topics: [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

1.1 For its high impact and medium impact BES Cyber Systems, if any: 1.1.1. Personnel and training (CIP-004); 1.1.2. Electronic Security Perimeters (CIP-005) including Interactive Remote

Access;

1.1.3. Physical security of BES Cyber Systems (CIP-006); 1.1.4. System security management (CIP-007); 1.1.5. Incident reporting and response planning (CIP-008); 1.1.6. Recovery plans for BES Cyber Systems (CIP-009); 1.1.7. Configuration change management and vulnerability assessments (CIP-

010);

1.1.8. Information protection (CIP-011); and 1.1.9. Declaring and responding to CIP Exceptional Circumstances.

1.2 For its assets identified in CIP-002 containing low impact BES Cyber Systems, if any:

1.2.1. Cyber security awareness; 1.2.2. Physical security controls; 1.2.3. Electronic access controls for Low Impact External Routable

Communication (LERC) and Dial-up Connectivity; and

1.2.4. Cyber Security Incident response M1. Examples of evidence may include, but are not limited to, policy documents; revision

history, records of review, or workflow evidence from a document management system that indicate review of each cyber security policy at least once every 15 calendar months; and documented approval by the CIP Senior Manager for each cyber security policy.

R2. Each Responsible Entity with at least one asset identified in CIP-002 containing low impact BES Cyber Systems shall implement one or more documented cyber security plan(s) for its low impact BES Cyber Systems that include the sections in Attachment 1. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]

Note: An inventory, list, or discrete identification of low impact BES Cyber Systems or their BES Cyber Assets is not required. Lists of authorized users are not required.



M2. Evidence shall include each of the documented cyber security plan(s) that collectively include each of the sections in Attachment 1 and additional evidence to demonstrate implementation of the cyber security plan(s). Additional examples of evidence per section are located in Attachment 2.

R3. Each Responsible Entity shall identify a CIP Senior Manager by name and document any change within 30 calendar days of the change. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

M3. An example of evidence may include, but is not limited to, a dated and approved document from a high level official designating the name of the individual identified as the CIP Senior Manager.

R4. The Responsible Entity shall implement a documented process to delegate authority, unless no delegations are used. Where allowed by the CIP Standards, the CIP Senior Manager may delegate authority for specific actions to a delegate or delegates. These delegations shall be documented, including the name or title of the delegate, the specific actions delegated, and the date of the delegation; approved by the CIP Senior Manager; and updated within 30 days of any change to the delegation. Delegation changes do not need to be reinstated with a change to the delegator. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]

M4. An example of evidence may include, but is not limited to, a dated document, approved by the CIP Senior Manager, listing individuals (by name or title) who are delegated the authority to approve or authorize specifically identified items.



C. Compliance 1. Compliance Monitoring Process

1.1. Compliance Enforcement Authority: As defined in the NERC Rules of Procedure, “Compliance Enforcement Authority” (CEA) means NERC or the Regional Entity in their respective roles of monitoring and enforcing compliance with the NERC Reliability Standards.

1.2. Evidence Retention: The following evidence retention periods identify the period of time an entity is required to retain specific evidence to demonstrate compliance. For instances where the evidence retention period specified below is shorter than the time since the last audit, the CEA may ask an entity to provide other evidence to show that it was compliant for the full time period since the last audit.

The Responsible Entity shall keep data or evidence to show compliance as identified below unless directed by its CEA to retain specific evidence for a longer period of time as part of an investigation:

• Each Responsible Entity shall retain evidence of each requirement in this standard for three calendar years.

• If a Responsible Entity is found non-compliant, it shall keep information related to the non-compliance until mitigation is complete and approved or for the time specified above, whichever is longer.

• The CEA shall keep the last audit records and all requested and submitted subsequent audit records.

1.3. Compliance Monitoring and Assessment Processes: Compliance Audits

Self-Certifications

Spot Checking

Compliance Investigations

Self-Reporting

Complaints

1.4. Additional Compliance Information: None.



2. Table of Compliance Elements

R # Time Horizon VRF Violation Severity Levels (CIP-003-7)

Lower VSL Moderate VSL High VSL Severe VSL

R1 Operations Planning

Medium The Responsible Entity documented and implemented one or more cyber security policies for its high impact and medium impact BES Cyber Systems, but did not address one of the nine topics required by R1. (R1.1)

OR

The Responsible Entity did not complete its review of the one or more documented cyber security policies for its high impact and medium impact BES Cyber Systems as required by R1 within 15 calendar months but did

The Responsible Entity documented and implemented one or more cyber security policies for its high impact and medium impact BES Cyber Systems, but did not address two of the nine topics required by R1. (R1.1)

OR

The Responsible Entity did not complete its review of the one or more documented cyber security policies for its high impact and medium impact BES Cyber Systems as required by R1 within 16 calendar months but did

The Responsible Entity documented and implemented one or more cyber security policies for its high impact and medium impact BES Cyber Systems, but did not address three of the nine topics required by R1. (R1.1)

OR

The Responsible Entity did not complete its review of the one or more documented cyber security policies for its high impact and medium impact BES Cyber Systems as required by R1 within 17 calendar months but did complete this review in less than or equal to 18

The Responsible Entity documented and implemented one or more cyber security policies for its high impact and medium impact BES Cyber Systems, but did not address four or more of the nine topics required by R1. (R1.1)

OR

The Responsible Entity did not have any documented cyber security policies for its high impact and medium impact BES Cyber Systems as required by R1. (R1.1)

OR





complete this review in less than or equal to 16 calendar months of the previous review. (R1.1)

OR

The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its high impact and medium impact BES Cyber Systems as required by R1 by the CIP Senior Manager within 15 calendar months but did complete this approval in less than or equal to 16 calendar months of the previous approval. (R1.1)

complete this review in less than or equal to 17 calendar months of the previous review. (R1.1)

OR

The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its high impact and medium impact BES Cyber Systems as required by R1 by the CIP Senior Manager within 16 calendar months but did complete this approval in less than or equal to 17 calendar months of the previous approval. (R1.1)

calendar months of the previous review. (R1.1)

OR

The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its high impact and medium impact BES Cyber Systems as required by R1 by the CIP Senior Manager within 17 calendar months but did complete this approval in less than or equal to 18 calendar months of the previous approval. (R1)

OR

The Responsible Entity documented one or more cyber security policies for its assets identified in CIP-002 containing low impact

The Responsible Entity did not complete its review of the one or more documented cyber security policies as required by R1 within 18 calendar months of the previous review. (R1)

OR

The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its high impact and medium impact BES Cyber Systems as required by R1 by the CIP Senior Manager within 18 calendar months of the previous approval. (R1.1)





OR

The Responsible Entity documented one or more cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems, but did not address one of the four topics required by R1. (R1.2)

OR

The Responsible Entity did not complete its review of the one or more documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by Requirement R1 within 15 calendar

OR

The Responsible Entity documented one or more cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems, but did not address two of the four topics required by R1. (R1.2)

OR

The Responsible Entity did not complete its review of the one or more documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by Requirement R1 within 16 calendar

BES Cyber Systems, but did not address three of the four topics required by R1. (R1.2)

OR

The Responsible Entity did not complete its review of the one or more documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by R1 within 17 calendar months but did complete this review in less than or equal to 18 calendar months of the previous review. (R1.2)

OR

The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its

OR

The Responsible Entity documented one or more cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems, but did not address any of the four topics required by R1. (R1.2)

OR

The Responsible Entity did not have any documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by R1. (R1.2)

OR





months but did complete this review in less than or equal to 16 calendar months of the previous review. (R1.2)

OR

The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by Requirement R1 by the CIP Senior Manager within 15 calendar months but did complete this approval in less than or equal to 16 calendar months of

months but did complete this review in less than or equal to 17 calendar months of the previous review. (R1.2)

OR

The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by Requirement R1 by the CIP Senior Manager within 16 calendar months but did complete this approval in less than or equal to 17

assets identified in CIP-002 containing low impact BES Cyber Systems as required by Requirement R1 by the CIP Senior Manager within 17 calendar months but did complete this approval in less than or equal to 18 calendar months of the previous approval. (R1.2)

The Responsible Entity did not complete its approval of the one or more documented cyber security policies for its assets identified in CIP-002 containing low impact BES Cyber Systems as required by Requirement R1 by the CIP Senior Manager within 18 calendar months of the previous approval. (R1.2)





the previous approval. (R1.2)

calendar months of the previous approval. (R1.2)

R2 Operations Planning

Lower The Responsible Entity documented its cyber security plan(s) for its assets containing low impact BES Cyber Systems, but failed to document cyber security awareness according to Requirement R2, Attachment 1, Section 1. (R2)

OR

The Responsible Entity documented its cyber security plan(s) for its assets containing low impact BES Cyber Systems, but failed to document one or more Cyber Security

The Responsible Entity documented its cyber security plan(s) for its assets containing low impact BES Cyber Systems, but failed to reinforce cyber security practices at least once every 15 calendar months according to Requirement R2, Attachment 1, Section 1. (R2)

OR

The Responsible Entity documented one or more incident response plans within its cyber security plan(s) for its assets containing

The Responsible Entity documented one or more Cyber Security Incident response plans within its cyber security plan(s) for its assets containing low impact BES Cyber Systems, but failed to test each Cyber Security Incident response plan(s) at least once every 36 calendar months according to Requirement R2, Attachment 1, Section 4. (R2)

OR

The Responsible Entity documented the determination of whether an identified Cyber Security Incident is a Reportable Cyber

The Responsible Entity failed to document and implement one or more cyber security plan(s) for its assets containing low impact BES Cyber Systems according to Requirement R2, Attachment 1. (R2).





Incident response plans according to Requirement R2, Attachment 1, Section 4. (R2)

OR

The Responsible Entity documented one or more Cyber Security Incident response plans within its cyber security plan(s) for its assets containing low impact BES Cyber Systems, but failed to update each Cyber Security Incident response plan(s) within 180 days according to Requirement R2, Attachment 1, Section 4. (R2)

OR

low impact BES Cyber Systems, but failed to include the process for identification, classification, and response to Cyber Security Incidents according to Requirement R2, Attachment 1, Section 4. (R2)

OR

The Responsible Entity documented its cyber security plan(s) for its assets containing low impact BES Cyber Systems, but failed to document the determination of whether an identified Cyber Security Incident is a Reportable Cyber Security Incident and

Security Incident, but failed to notify the Electricity Information Sharing and Analysis Center (E-ISAC) according to Requirement R2, Attachment 1, Section 4. (R2)

OR

The Responsible Entity documented electronic access controls for its assets containing low impact BES Cyber Systems, but failed to implement the electronic access controls according to Requirement R2, Attachment 1, Section 3. (R2)

OR

The Responsible Entity documented the physical access controls for its





The Responsible Entity documented its plan(s) for Transient Cyber Assets and Removable Media, but failed to manage its Transient Cyber Asset(s) according to Requirement R2, Attachment 1, Section 5.1. (R2)

OR

The Responsible Entity documented its plan(s) for Transient Cyber Assets and Removable Media, but failed to document the Removable Media sections according to Requirement R2, Attachment 1, Section 5.3. (R2)

subsequent notification to the Electricity Information Sharing and Analysis Center (E-ISAC) according to Requirement R2, Attachment 1, Section 4. (R2)

OR

The Responsible Entity documented its cyber security plan(s) for its assets containing low impact BES Cyber Systems, but failed to document physical security controls according to Requirement R2, Attachment 1, Section 2. (R2)

OR

The Responsible Entity documented

assets containing low impact BES Cyber Systems, but failed to implement the physical security controls according to Requirement R2, Attachment 1, Section 2. (R2)

OR

The Responsible Entity documented its plan(s) for Transient Cyber Assets and Removable Media, but failed to implement mitigation for the introduction of malicious code for Transient Cyber Assets managed by the Responsible Entity according to Requirement R2, Attachment 1, Section 5.1. (R2)

OR

CIP-003-