Revised Critical Infrastructure Protection Reliability Standard CIP-003-7-Cyber Security-Security Management Controls
The Federal Energy Regulatory Commission (Commission) proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber SecuritySecurity Management Controls), submitted by the North American Electric Reliability Corporation (NERC). Proposed Reliability Standard CIP-003-7 improves upon the current Commission-approved CIP Reliability Standards by clarifying the obligations pertaining to electronic access control for low impact BES Cyber Systems; adopting mandatory security controls for transient electronic devices (e.g., thumb drives, laptop computers, and other portable devices frequently connected to and disconnected from systems) used at low impact BES Cyber Systems; and requiring responsible entities to have a policy for declaring and responding to CIP Exceptional Circumstances related to low impact BES Cyber Systems. In addition, the Commission proposes to direct NERC to develop certain modifications to the NERC Reliability Standards to provide clear, objective criteria for electronic access controls for low impact BES Cyber Systems; and address the need to mitigate the risk of malicious code that could result from third-party transient electronic devices.
Policy Statement on Establishing License Terms for Hydroelectric Projects
The Federal Energy Regulatory Commission (Commission) is giving notice of a new policy on establishing license terms for hydroelectric projects. In this Policy Statement, the Commission adopts a 40-year default license term for original and new licenses for hydropower projects located at non-federal dams. The Policy Statement also sets forth when the Commission will consider issuing those projects a license with a term for less or more than 40 years.