FERC Issues Order 791 Approving Version 5 of CIP Standards with Directives

On November 22, 2013, FERC conditionally approved version 5 of the Critical Infrastructure Protection Reliability Standards as well as associated definitions, the implementation plan, and the effective dates. Version 5 of the CIP Standards identifies and categorizes all BES Cyber Systems based on whether it has a “Low”, “Medium” or “High” impact on the reliable operation of the Bulk Electric System (“BES”). Entities will be able to transition directly from compliance with the Version 3 standards, which will remain in effect until the effective date of the Version 5 standards. FERC also issued directives concerning: (1) removal of “identify, assess, and correct” language; (2) failure to address security controls or objective criteria for “Low” Impact asset; (3) certain aspects of the “BES Cyber Asset” definition; (4) the removal of “communication networks” from the “Cyber Asset” definition; and (5) other technical issues to be addressed in a future technical conference. FERC also approved 30 of 32 proposed VRFs but directed modification of 2 VRFs and modifications to 8 VSLs.

To view Order 791, click here.