← Energy + Nuclear Federal Register rules

Revised Critical Infrastructure Protection Reliability Standard CIP-003-7-Cyber Security-Security Management Controls

electric-grid · Federal Energy Regulatory Commission · Published 2018-04-25 · Effective 2018-06-25 · 83 FR 17913

Document

Document number
2018-08610
Federal Register citation
83 FR 17913
CFR reference
18 CFR 40
Type
Rule
Action
Final rule.
Category
electric-grid
Sub-agency
Federal Energy Regulatory Commission
Publication date
2018-04-25
Effective date
2018-06-25
Energy docket
Docket No. RM17-11-000

Abstract

The Federal Energy Regulatory Commission (Commission) approves Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber Security--Security Management Controls), submitted by the North American Electric Reliability Corporation (NERC). Reliability Standard CIP-003-7 clarifies the obligations pertaining to electronic access control for low impact BES Cyber Systems; requires mandatory security controls for transient electronic devices (e.g., thumb drives, laptop computers, and other portable devices frequently connected to and disconnected from systems) used at low impact BES Cyber Systems; and requires responsible entities to have a policy for declaring and responding to CIP Exceptional Circumstances related to low impact BES Cyber Systems. In addition, the Commission directs NERC to develop modifications to the CIP Reliability Standards to mitigate the risk of malicious code that could result from third-party transient electronic devices.

Source

Authoritative
Federal Register document
Machine
JSON-LD · Markdown