# Revised Critical Infrastructure Protection Reliability Standard CIP-003-7-Cyber Security-Security Management Controls
> **Federal Energy Regulatory Commission** · Final rule. · Published 2018-04-25 · Effective 2018-06-25 · 83 FR 17913
## Document
- **Document number:** 2018-08610
- **Category:** electric-grid
- **Sub-agency:** Federal Energy Regulatory Commission
- **Federal Register citation:** 83 FR 17913
- **CFR reference:** 18 CFR 40
- **Publication date:** 2018-04-25
- **Effective date:** 2018-06-25
- **Energy docket:** Docket No. RM17-11-000
## Abstract

The Federal Energy Regulatory Commission (Commission) approves Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber Security--Security Management Controls), submitted by the North American Electric Reliability Corporation (NERC). Reliability Standard CIP-003-7 clarifies the obligations pertaining to electronic access control for low impact BES Cyber Systems; requires mandatory security controls for transient electronic devices (e.g., thumb drives, laptop computers, and other portable devices frequently connected to and disconnected from systems) used at low impact BES Cyber Systems; and requires responsible entities to have a policy for declaring and responding to CIP Exceptional Circumstances related to low impact BES Cyber Systems. In addition, the Commission directs NERC to develop modifications to the CIP Reliability Standards to mitigate the risk of malicious code that could result from third-party transient electronic devices.

## Source
- [Federal Register document](https://www.federalregister.gov/documents/2018/04/25/2018-08610/revised-critical-infrastructure-protection-reliability-standard-cip-003-7-cyber-security-security)
---
*AI Analytics · CC0 1.0*