Department of Energy October 26, 2017 – Federal Register Recent Federal Regulation Documents

The Federal Energy Regulatory Commission (Commission) proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber SecuritySecurity Management Controls), submitted by the North American Electric Reliability Corporation (NERC). Proposed Reliability Standard CIP-003-7 improves upon the current Commission-approved CIP Reliability Standards by clarifying the obligations pertaining to electronic access control for low impact BES Cyber Systems; adopting mandatory security controls for transient electronic devices (e.g., thumb drives, laptop computers, and other portable devices frequently connected to and disconnected from systems) used at low impact BES Cyber Systems; and requiring responsible entities to have a policy for declaring and responding to CIP Exceptional Circumstances related to low impact BES Cyber Systems. In addition, the Commission proposes to direct NERC to develop certain modifications to the NERC Reliability Standards to provide clear, objective criteria for electronic access controls for low impact BES Cyber Systems; and address the need to mitigate the risk of malicious code that could result from third-party transient electronic devices.