| Insights | Blog

NERC Submits Comments in Response to CIP-003-7 NOPR

On December 22, 2017, in Docket No. RM17-11-000, NERC submitted comments in response to the Notice of Proposed Rulemaking (NOPR) proposing to approve Reliability Standard CIP-003-7 (Cyber Security – Security Management Controls). In the NOPR, the Commission proposed to direct NERC to modify Reliability Standard CIP-003-7 to (1) provide clear, objective criteria for electronic access controls for low impact BES Cyber Systems; and (2) address the need to mitigate the risk of malicious code that could result from third-party transient electronic devices. NERC’s comments address these directives. In particular, NERC notes that the proposed directives may not be necessary to address potential security gaps or improve the cyber security posture of responsible entities. Despite this belief, NERC does not oppose further evaluation of ways to improve the requirements in Reliability Standard CIP-003-7 through its standard development process, consistent with the Commission’s proposed directives.

To view NERC’s comments, click here