FERC-725B, (Final Rule in RM17-11-000) Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards

ICR 201804-1902-007

OMB: 1902-0248

Federal Form Document

Forms and Documents
Document
Name
Status
Supplementary Document
2018-06-22
Supporting Statement A
2018-05-03
Supplementary Document
2018-05-02
Supplementary Document
2018-05-02
Supplementary Document
2018-05-02
Supplementary Document
2018-05-02
ICR Details
1902-0248 201804-1902-007
Historical Active 201601-1902-001
FERC FERC-725B
FERC-725B, (Final Rule in RM17-11-000) Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards
Revision of a currently approved collection   No
Regular
Approved without change 06/22/2018
Retrieve Notice of Action (NOA) 05/03/2018
In accordance with 5 CFR 1320, the information collection is approved. OMB notes that the additional burden requested in this ICR was developed through a bottom-up process in which NERC entities developed the CIP-003-7 Reliability Standard and associated information collection burden.
  Inventory as of this Action Requested Previously Approved
06/30/2021 36 Months From Approved 03/31/2019
222,882 0 1,415
1,928,744 0 1,569,410
0 0 0

The CIP-003-7 Reliability Standard enhances security controls for low impact BES Cyber Systems by improving electronic access controls and creating security controls for transient electronic assets (TCAs) used at low impact BES Cyber Systems. The NERC Compliance Registry, as of September 2017, identifies approximately 1,320 U.S. entities that are subject to mandatory compliance with Reliability Standards. Of this total, we estimate that 1,100 entities (reliability coordinators, generator operators, generator owners, interchange coordinators or authorities, transmission operators, balancing authorities, transmission owners, and certain distribution providers) would be subject to Reliability Standard CIP-003-7. These entities would be subject to the increased burden related to: • creation of plans to provide security controls for TCAs to mitigate the risk of malicious code being introduced to low impact BES Cyber System; • the ongoing review and updating of the plans and documentation that the planned security controls are implemented for TCAs at low impact BES Cyber System; • modification of plans to provide electronic security controls for low impact BES Cyber Systems; and • the ongoing review and updating of the plans/documentation for methodology regarding how planned security controls are implemented for low impact BES Cyber System. The consequences of not creating or maintaining the documents would prevent: • the implementation and maintenance of electronic access controls for low impact BES Cyber Systems; and • the mitigation of the risk of malicious code being introduced to low impact BES Cyber System from TCAs.

PL: Pub.L. 109 - 58 1211, Title XII, Subtitle A Name of Law: Energy Policy Act of 2005
   US Code: 18 USC 824o Name of Law: Federal Power Act
  
None

1902-AF44 Final or interim final rulemaking 83 FR 17913 04/25/2018

No

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 222,882 1,415 0 221,467 0 0
Annual Time Burden (Hours) 1,928,744 1,569,410 0 359,334 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0
Yes
Miscellaneous Actions
No
The CIP-003-7 Reliability Standard clarifies, consolidates, streamlines, and enhances the previous Reliability Standard (CIP-003-6) and its related reporting requirements that subject affected entities to the increased burden of: • creation of plans to provide security controls for TCAs to mitigate the risk of malicious code being introduced to low impact BES Cyber System; • ongoing review and updating of the plans and documentation that the planned security controls are implemented for TCAs at low impact BES Cyber System; • modification of plans to provide electronic security controls for low impact BES Cyber Systems; and • ongoing review and updating of the plans and documentation that the planned security controls are implemented for low impact BES Cyber System. Other factors that impact the burden are the frequency of: • the entity modifying or updating their security controls for the low impact BES Cyber Systems or TCA used at low impact BES Cyber Systems; • modification of low impact BES Cyber Systems that impact the security controls; and • using TCA at low impact BES Cyber Systems.

$5,723
No
    No
    No
No
No
No
Uncollected
Matthew Dale 202 502-6826 matthew.dale@ferc.gov

  No

On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
05/03/2018


© 2024 OMB.report | Privacy Policy