Last updated: October 03, 2024
Status | Standard Number | Standard Title | Purpose | Board Adopted Date | Filing Date of Standard | FERC Orders (Issued Date) | Regulatory Order Effective Date | Effective Date of Standard | Phased-in Implementation | Inactive Date of Standard | Implementation Plan | Public Notes | Project Page | Related Documents | RSAW | Lessons Learned | Compliance Guidance |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Inactive | BAL-001-0 | Real Power Balancing Control Performance | To maintain Interconnection steady-state frequency within defined limits by balancing real power demand and supply in real-time.... See Standard details.. | 2/8/2005 | 4/4/2006 | 3/16/2007 | 6/18/2007 | 6/18/2007 | 8/26/2008 | Replaced with BAL-001-0a (WECC Request for Interpretation of BAL-001-0, Requirement 1) | |||||||
Inactive | BAL-001-0.1a | Real Power Balancing Control Performance | To maintain Interconnection steady-state frequency within defined limits by balancing real power demand and supply in real-time.... See Standard details.. | 10/29/2008 | 2/6/2009 | 5/13/2009 | 5/13/2009 | 5/13/2009 | 3/31/2014 | ||||||||
Inactive | BAL-001-0a | Real Power Balancing Control Performance | To maintain Interconnection steady-state frequency within defined limits by balancing real power demand and supply in real-time.... See Standard details.. | 10/23/2007 | 12/19/2007 | 7/21/2008 | 8/27/2008 | 8/27/2008 | 5/12/2009 | Replaced with BAL-001-0.1a (WECC Request for Interpretation of BAL-001-0, Requirement 1 and Errata change) | |||||||
Inactive | BAL-001-1 | Real Power Balancing Control Performance | To maintain Interconnection steady-state frequency within defined limits by balancing real power demand and supply in real-time.... See Standard details.. | 12/19/2012 | 8/20/2013 | 10/16/2013 | 10/16/2013 | 4/1/2014 | 6/30/2016 | Project 2010-14.1 | |||||||
Mandatory Subject to Enforcement | BAL-001-2 | Real Power Balancing Control Performance | To control Interconnection frequency within defined limits.... See Standard details.. | 8/15/2013 | 4/2/2014 | 4/16/2015 | 6/22/2015 | 7/1/2016 | Implementation Plan | Replaced BAL-001-1 | Project 2010-14.1 | RSAW | |||||
Inactive | BAL-001-TRE-1 | Primary Frequency Response in the ERCOT Region | To maintain Interconnection steady-state frequency within defined limits.... See Standard details.. | 8/15/2013 | 9/18/2013 | 1/16/2014 | 1/16/2014 | 4/1/2014 | 6/30/2020 | Implementation Plan | Refer to the implementation plan for specific compliance dates and timeframes. | Texas RE | RSAW | ||||
Mandatory Subject to Enforcement | BAL-001-TRE-2 | Primary Frequency Response in the ERCOT Region | To maintain Interconnection steady-state frequency within defined limits.... See Standard details.. | 2/6/2020 | 3/11/2020 | 5/19/2020 | 5/19/2020 | 7/1/2020 | Implementation Plan | Texas RE | |||||||
Inactive | BAL-002-0 | Disturbance Control Performance | The purpose of the Disturbance Control Standard (DCS) is to ensure the Balancing Authority is able to utilize its Contingency Reserve to balance resources and demand and return Interconnection frequency within defined limits follo... See Standard details.. | 2/8/2005 | 4/4/2006 | 3/16/2007 | 6/18/2007 | 6/18/2007 | 3/31/2012 | Replaced with BAL-002-1 | |||||||
Inactive | BAL-002-1 | Disturbance Control Performance | The purpose of the Disturbance Control Standard (DCS) is to ensure the Balancing Authority is able to utilize its Contingency Reserve to balance resources and demand and return Interconnection frequency within defined limits follo... See Standard details.. | 8/5/2010 | 9/9/2010 | 1/10/2011 | 1/10/2011 | 4/1/2012 | 12/31/2017 | Implementation Plan | Replaced by BAL-002-2 | Project 2010-12 | RSAW | ||||
Inactive | BAL-002-1a | Disturbance Control Performance | The purpose of the Disturbance Control Standard (DCS) is to ensure the Balancing Authority is able to utilize its Contingency Reserve to balance resources and demand and return Interconnection frequency within defined limits follo... See Standard details.. | 11/7/2012 | 2/12/2013 | 2/17/2017 | Implementation Plan | BAL-002-1a was never approved or amended by FERC; notice of withdrawal filed 2/2/2017 following FERC approval of BAL-002-2. | Project 2010-12 | RSAW | |||||||
Inactive | BAL-002-2 | Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency Event | To ensure the Balancing Authority or Reserve Sharing Group balances resources and demand and returns the Balancing Authority's or Reserve Sharing Group's Area Control Error to defined values (subject to applicable limits) followin... See Standard details.. | 11/5/2015 | 1/29/2016 | 1/19/2017 | 4/3/2017 | 12/31/2017 | Implementation Plan | Replaces BAL-002-1 | Project 2010-14.1 | ||||||
Inactive | BAL-002-2(i) | Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency Event | To ensure the Balancing Authority or Reserve Sharing Group balances resources and demand and returns the Balancing Authority's or Reserve Sharing Group's Area Control Error to defined values (subject to applicable limits) followin... See Standard details.. | 8/10/2017 | 8/14/2017 | 10/2/2017 | 10/2/2017 | 1/1/2018 | 3/31/2019 | Implementation Plan | RSAW | ||||||
Mandatory Subject to Enforcement | BAL-002-3 | Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency Event | To ensure the Balancing Authority or Reserve Sharing Group balances resources and demand and returns the Balancing Authority's or Reserve Sharing Group's Area Control Error to defined values (subject to applicable limits) followin... See Standard details.. | 8/16/2018 | 8/17/2018 | 9/25/2018 | 9/25/2018 | 4/1/2019 | Implementation Plan | Replaces BAL-002-2(i). | Project 2017-06 | RSAW | |||||
Inactive | BAL-002-WECC-1 | Contingency Reserves | Contingency Reserve is required for the reliable operation of the interconnected power system. Adequate generating capacity must be available at all times to maintain scheduled frequency, and avoid loss of firm load following tran... See Standard details.. | 10/29/2008 | 3/25/2009 | 11/26/2010 | Remanded by FERC in an October 21, 2010 Order, effective November 26, 2010. | ||||||||||
Inactive | BAL-002-WECC-2 | Contingency Reserve | To specify the quantity and types of Contingency Reserve required to ensure reliability under normal and abnormal conditions.... See Standard details.. | 11/7/2012 | 4/12/2013 | 11/21/2013 | 1/28/2014 | 10/1/2014 | 1/23/2017 | Implementation Plan | WECC | ||||||
Inactive | BAL-002-WECC-2a | Contingency Reserve | To specify the quantity and types of Contingency Reserve required to ensure reliability under normal and abnormal conditions.... See Standard details.. | 11/2/2016 | 11/9/2016 | 1/24/2017 | 1/24/2017 | 1/24/2017 | 6/27/2021 | Implementation Plan | Replaces BAL-002-WECC-2 | WECC | |||||
Mandatory Subject to Enforcement | BAL-002-WECC-3 | Contingency Reserve | To specify the quantity and types of Contingency Reserve required to ensure reliability under normal and abnormal conditions.... See Standard details.. | 8/15/2019 | 9/6/2019 | 4/15/2021 | 4/15/2021 | 6/28/2021 | Implementation Plan | WECC | |||||||
Inactive | BAL-003-0 | Frequency Response and Bias | This standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details.. | 2/8/2005 | 4/4/2006 | 3/16/2007 | 6/18/2007 | 6/18/2007 | 8/26/2008 | Replaced with BAL-003-0a (Interpretation of BAL-003-0, Requirement 3) | |||||||
Inactive | BAL-003-0.1a | Frequency Response and Bias | This standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details.. | 10/29/2008 | 2/6/2009 | 5/13/2009 | 5/13/2009 | 5/13/2009 | 6/28/2009 | Replaced with BAL-003-0.1b | |||||||
Inactive | BAL-003-0.1b | Frequency Response and Bias | This standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details.. | 10/29/2008 | 2/6/2009 | 5/13/2009 | 5/13/2009 | 6/29/2009 | 3/31/2015 | ||||||||
Inactive | BAL-003-0a | Frequency Response and Bias | This standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details.. | 10/23/2007 | 12/19/2007 | 7/21/2008 | 8/27/2008 | 8/27/2008 | 5/12/2009 | Replaced with BAL-003-0.1a (Errata) | |||||||
Inactive | BAL-003-0b | Frequency Response and Bias | This standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details.. | 2/12/2008 | 7/28/2008 | 5/21/2009 | 6/29/2009 | 6/28/2009 | Replaced with BAL-003-0.1b | ||||||||
Inactive | BAL-003-1 | Frequency Response and Frequency Bias Setting | To require sufficient Frequency Response from the Balancing Authority (BA) to maintain Interconnection Frequency within predefined bounds by arresting frequency deviations and supporting frequency until the frequency is restored t... See Standard details.. | 2/7/2013 | 3/29/2013 | 1/16/2014 | 3/24/2014 | 4/1/2015 | X | 11/12/2015 | Implementation Plan | See the implementation plan for guidance on phased-in enforcement dates. Requirement R1 will never become enforceable.. Disregard the dates for R1 it is non enforceable. | |||||
Inactive | BAL-003-1.1 | Frequency Response and Frequency Bias Setting | To require sufficient Frequency Response from the Balancing Authority (BA) to maintain Interconnection Frequency within predefined bounds by arresting frequency deviations and supporting frequency until the frequency is restored t... See Standard details.. | 2/7/2013 | 8/25/2015 | 11/13/2015 | 11/13/2015 | 11/13/2015 | X | 11/30/2020 | Implementation Plan | Replaces BAL-003-1 | Project 2007-12 | RSAW | |||
Mandatory Subject to Enforcement | BAL-003-2 | Frequency Response and Frequency Bias Setting | To require sufficient Frequency Response from the Balancing Authority (BA) to maintain Interconnection Frequency within predefined bounds by arresting frequency deviations and supporting frequency until the frequency is restored t... See Standard details.. | 11/5/2019 | 12/19/2019 | 7/15/2020 | 7/15/2020 | 12/1/2020 | Implementation Plan | Project 2017-01 | RSAW | ||||||
Inactive | BAL-004-0 | Time Error Correction | The purpose of this standard is to ensure that Time Error Corrections are conducted in a manner that does not adversely affect the reliability of the Interconnection.... See Standard details.. | 2/8/2005 | 4/4/2006 | 3/16/2007 | 6/18/2007 | 6/18/2007 | 4/1/2017 | Implementation Plan | The retirement of BAL-004-0 is contingent upon the retirement of NAESB WEQ-006 Manual Time Error Correction Business Practice Standard. | Time Error Correction | |||||
Inactive | BAL-004-1 | Time Error Correction | The purpose of this standard is to ensure that Time Error Corrections are conducted in a manner that does not adversely affect the reliability of the Interconnection.... See Standard details.. | 3/26/2008 | 8/11/2011 | 8/16/2012 | The NERC BOT withdrew its approval of this standard at its meeting on August 16, 2012. | ||||||||||
Inactive | BAL-004-WECC-01 | Automatic Time Error Correction | To maintain Interconnection frequency within a predefined frequency profile under all conditions (i.e. normal and abnormal), and to ensure that Time Error Corrections are effectively conducted in a manner that does not adversely a... See Standard details.. | 3/26/2008 | 7/29/2008 | 5/21/2009 | 6/29/2009 | 7/1/2009 | 3/31/2014 | WECC | |||||||
Inactive | BAL-004-WECC-02 | Automatic Time Error Correction (ATEC) | To maintain Interconnection frequency and to ensure that Time Error Corrections and Primary Inadvertent Interchange (PII) payback are effectively conducted in a manner that does not adversely affect the reliability of the Intercon... See Standard details.. | 12/19/2012 | 8/20/2013 | 10/16/2013 | 10/16/2013 | 4/1/2014 | 9/30/2018 | Replaces BAL-004-WECC-01 | WECC | ||||||
Mandatory Subject to Enforcement | BAL-004-WECC-3 | Automatic Time Error Correction | To maintain Interconnection frequency and to ensure that Time Error Corrections and Primary Inadvertent Interchange (PII) payback are effectively conducted in a manner that does not adversely affect the reliability of the Intercon... See Standard details.. | 2/8/2018 | 3/8/2018 | 5/30/2018 | 5/30/2018 | 10/1/2018 | Implementation Plan | WECC | |||||||
Inactive | BAL-005-0 | Automatic Generation Control | This standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details.. | 2/8/2005 | 4/4/2006 | 3/16/2007 | 6/18/2007 | 6/18/2007 | 8/26/2008 | Replaced with BAL-005-0b (R.W. Beck Request for Interpretation of BAL-005-0, Requirement 17) | |||||||
Inactive | BAL-005-0.1b | Automatic Generation Control | This standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details.. | 10/29/2008 | 2/6/2009 | 5/13/2009 | 5/13/2009 | 5/13/2009 | 9/12/2012 | Replaced by BAL-005-0.2b (Errata) | |||||||
Inactive | BAL-005-0.2b | Automatic Generation Control | This standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details.. | 3/8/2012 | 6/5/2012 | 9/13/2012 | 9/13/2012 | 9/13/2012 | 12/31/2018 | Implementation Plan | Replaces BAL-005-0.1b | Project 2007-25 | RSAW | ||||
Inactive | BAL-005-0a | Automatic Generation Control | This standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details.. | 5/2/2007 | 12/19/2007 | 4/15/2008 | Withdrawn | ||||||||||
Inactive | BAL-005-0b | Automatic Generation Control | This standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details.. | 2/12/2008 | 4/15/2008 | 7/21/2008 | 8/27/2008 | 8/27/2008 | 5/12/2009 | Replaced with BAL-005-0.1b (Errata) | |||||||
Mandatory Subject to Enforcement | BAL-005-1 | Balancing Authority Control | This standard establishes requirements for acquiring data necessary to calculate Reporting Area Control Error (Reporting ACE). The standard also specifies a minimum periodicity, accuracy, and availability requirement for acquisiti... See Standard details.. | 2/11/2016 | 4/20/2016 | 9/20/2017 | 11/27/2017 | 1/1/2019 | Implementation Plan | BAL-005-1 will replace BAL-005-0.2b and BAL-006-2 | Project 2010-14.2.1 | Technical Rationale BAL-005-1 | RSAW | ||||
Inactive | BAL-006-0 | Inadvertent Interchange | This standard defines a process for monitoring Balancing Authorities to ensure that, over the long term, Balancing Authority Areas do not excessively depend on other Balancing Authority Areas in the Interconnection for meeting the... See Standard details.. | 2/8/2005 | 4/4/2006 | 5/1/2006 | Replaced with BAL-006-1 (BAL-006-0 was never enforceable) | ||||||||||
Inactive | BAL-006-1 | Inadvertent Interchange | This standard defines a process for monitoring Balancing Authorities to ensure that, over the long term, Balancing Authority Areas do not excessively depend on other Balancing Authority Areas in the Interconnection for meeting the... See Standard details.. | 5/2/2006 | 8/28/2006 | 3/16/2007 | 6/18/2007 | 6/18/2007 | 5/12/2009 | Replaced with BAL-006-1.1 (Errata) | |||||||
Inactive | BAL-006-1.1 | Inadvertent Interchange | This standard defines a process for monitoring Balancing Authorities to ensure that, over the long term, Balancing Authority Areas do not excessively depend on other Balancing Authority Areas in the Interconnection for meeting the... See Standard details.. | 10/29/2008 | 2/6/2009 | 5/13/2009 | 5/13/2009 | 5/13/2009 | 3/31/2011 | Replaced with BAL-006-2 | |||||||
Inactive | BAL-006-2 | Inadvertent Interchange | This standard defines a process for monitoring Balancing Authorities to ensure that, over the long term, Balancing Authority Areas do not excessively depend on other Balancing Authority Areas in the Interconnection for meeting the... See Standard details.. | 11/5/2009 | 11/20/2009 | 1/6/2011 | 1/6/2011 | 4/1/2011 | 12/31/2018 | Implementation Plan | Replaces BAL-006-1.1 | Project 2009-18 | RSAW | ||||
Mandatory Subject to Enforcement | BAL-502-RF-03 | Planning Resource Adequacy Analysis, Assessment and Documentation | To establish common criteria, based on “one day in ten year” loss of Load expectation principles, for the analysis, assessment and documentation of Resource Adequacy for Load in the ReliabilityFirst Corporation (RF) region... See Standard details.. | 8/10/2017 | 9/7/2017 | 10/16/2017 | 10/16/2017 | 1/1/2018 | Implementation Plan | Replaces BAL-502-RFC-02 | RF | ||||||
Inactive | BAL-502-RFC-02 | Planning Resource Adequacy Analysis, Assessment and Documentation | To establish common criteria, based on “one day in ten year” loss of Load expectation principles, for the analysis, assessment and documentation of Resource Adequacy for Load in the ReliabilityFirst Corporation (RFC) region... See Standard details.. | 8/5/2009 | 12/14/2009 | 3/17/2011 | 5/23/2011 | 5/23/2011 | 12/31/2017 | Implementation Plan | |||||||
Inactive | BAL-STD-002-0 | Operating Reserves (WECC) | Regional Reliability Standard to address the Operating Reserve requirements of the Western Interconnection.... See Standard details.. | 3/12/2007 | 3/26/2007 | 6/8/2007 | 6/18/2007 | 6/18/2007 | 9/30/2014 | ||||||||
Inactive | CIP-001-0 | Sabotage Reporting | Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.... See Standard details.. | 2/8/2005 | 4/4/2006 | 1/1/2007 | Replaced with CIP-001-1 (CIP-001-0 was never enforceable) | ||||||||||
Inactive | CIP-001-1 | Sabotage Reporting | Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.... See Standard details.. | 11/1/2006 | 11/15/2006 | 3/16/2007 | 6/18/2007 | 6/18/2007 | 2/1/2011 | Replaced with CIP-001-1a (Interpretation of R2) | |||||||
Inactive | CIP-001-1a | Sabotage Reporting | Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.... See Standard details.. | 2/16/2010 | 4/21/2010 | 2/2/2011 | 2/2/2011 | 2/2/2011 | 9/30/2011 | Replaced with CIP-001-2a | |||||||
Inactive | CIP-001-2a | Sabotage Reporting | Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.... See Standard details.. | 2/17/2011 | 6/21/2011 | 8/2/2011 | 8/2/2011 | 10/1/2011 | 12/31/2013 | Replaced with EOP-004-2 | Project 2009-09 | ||||||
Inactive | CIP-002-1 | Cyber Security — Critical Cyber Asset Identification | NERC Standards CIP-002 through CIP-009 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System. These standards recognize the diff... See Standard details.. | 5/2/2006 | 8/28/2006 | 1/18/2008 | 4/7/2008 | 7/1/2008 | 3/31/2010 | Replaced with CIP-002-2 | |||||||
Inactive | CIP-002-2 | Cyber Security — Critical Cyber Asset Identification | Standard CIP-002-2 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details.. | 5/6/2009 | 5/22/2009 | 9/30/2009 | 9/30/2009 | 4/1/2010 | 9/30/2010 | Replaced with CIP-002-3 | |||||||
Inactive | CIP-002-3 | Cyber Security — Critical Cyber Asset Identification | Standard CIP-002-3 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details.. | 12/16/2009 | 12/29/2009 | 3/31/2010 | 3/31/2010 | 10/1/2010 | 6/30/2016 | Implementation Plan | Project 2009-21 | ||||||
Inactive | CIP-002-3a | Cyber Security — Critical Cyber Asset Identification | Standard CIP-002-3 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details.. | 5/9/2012 | 8/1/2012 | 3/21/2013 | FERC remanded the interpretation of R3 in an order issued on 3/21/13 | ||||||||||
Inactive | CIP-002-3b | Cyber Security — Critical Cyber Asset Identification | Standard CIP-002-3 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details.. | 2/7/2013 | 6/30/2016 | Implementation Plan | Project 2009-21 | ||||||||||
Inactive | CIP-002-3(i) | Cyber Security — Critical Cyber Asset Identification | NERC Standards CIP-002-3(i) through CIP-009-3 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System. These standards recogniz... See Standard details.. | 11/13/2014 | 11/13/2014 | Implementation Plan | Version developed but never filed for approval. | Project 2010-05.2 | |||||||||
Inactive | CIP-002-3(i)b | Cyber Security — Critical Cyber Asset Identification | NERC Standards CIP-002-3(i)b through CIP-009-3 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System. These standards recogni... See Standard details.. | 11/13/2014 | 11/13/2014 | Implementation Plan | Version developed but never filed for approval. | Project 2010-05.2 | |||||||||
Inactive | CIP-002-4 | Cyber Security — Critical Cyber Asset Identification | Standard CIP-002-4 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details.. | 1/24/2011 | 2/10/2011 | 4/19/2012 | 6/25/2012 | 10/1/2014 | 2/3/2014 | Implementation Plan | Project 2008-06 | ||||||
Inactive | CIP-002-4a | Cyber Security — Critical Cyber Asset Identification | Standard CIP-002-4 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details.. | 5/9/2012 | 8/1/2012 | 3/21/2013 | Implementation Plan | FERC remanded the interpretation of R3 in an order issued on 3/21/13 | Project 2008-06 | ||||||||
Inactive | CIP-002-5 | Cyber Security — BES Cyber System Categorization | To identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Systems... See Standard details.. | 11/26/2012 | 1/31/2013 | 2/3/2014 | Implementation Plan | Replaced with CIP-002-5.1 (Errata) | Project 2008-06 | ||||||||
Inactive | CIP-002-5.1 | Cyber Security — BES Cyber System Categorization | To identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Systems... See Standard details.. | 9/27/2013 | 9/30/2013 | 11/22/2013 | 2/3/2014 | 7/1/2016 | 12/26/2016 | Implementation Plan | Errata approved by the SC on 9/27/2013 | Project 2008-06 | CIP Version 5 Transition Program | 5/20/2016 | |||
Mandatory Subject to Enforcement | CIP-002-5.1a | Cyber Security — BES Cyber System Categorization | To identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Systems... See Standard details.. | 11/2/2016 | 11/28/2016 | 12/27/2016 | 12/27/2016 | 12/27/2016 | Implementation Plan | CIP-002-5.1a replaced CIP-002-5.1 | Project 2015-INT-01 | RSAW | 2/9/2018 | ||||
Inactive | CIP-002-6 | Cyber Security – BES Cyber System Categorization | To identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Syste... See Standard details.. | 5/14/2020 | 6/12/2020 | 2/4/2021 | Implementation Plan | This standard was withdrawn by NERC per request to FERC on 2/5/21 and will never be effective. It was approved by the NERC BOT on 2/4/21. | Project 2016-02 | ||||||||
Filed and Pending Regulatory Approval | CIP-002-7 | Cyber Security — BES Cyber System Categorization | To identify and categorize BES Cyber Systems (BCS) and their associated BES Cyber Assets (BCA) for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BCS c... See Standard details.. | 5/9/2024 | 7/10/2024 | Implementation Plan | Project 2016-02 | ||||||||||
Inactive | CIP-003-1 | Cyber Security — Security Management Controls | Standard CIP-003 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003 should be read as part of a group of standards numbered Standards CIP-002 th... See Standard details.. | 5/2/2006 | 8/28/2006 | 1/18/2008 | 4/7/2008 | 7/1/2008 | 3/31/2010 | Replaced with CIP-003-2 | |||||||
Filed and Pending Regulatory Approval | CIP-003-10 | Cyber Security — Security Management Controls | To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems (BCS) against compromise that could lead to misoperation or instability in the Bulk E... See Standard details.. | 5/9/2024 | 7/10/2024 | Implementation Plan | Project 2016-02 | ||||||||||
Inactive | CIP-003-2 | Cyber Security — Security Management Controls | Standard CIP-003-2 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-2 should be read as part of a group of standards numbered Standards CIP-00... See Standard details.. | 5/6/2009 | 5/22/2009 | 9/30/2009 | 9/30/2009 | 4/1/2010 | 9/30/2010 | Replaced with CIP-003-3 | |||||||
Inactive | CIP-003-3 | Cyber Security — Security Management Controls | Standard CIP-003-3 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-3 should be read as part of a group of standards numbered Standards CIP-00... See Standard details.. | 12/16/2009 | 12/29/2009 | 3/31/2010 | 3/31/2010 | 10/1/2010 | 6/30/2016 | Project 2009-21 | |||||||
Inactive | CIP-003-3a | Cyber Security — Security Management Controls | Standard CIP-003-3 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-3 should be read as part of a group of standards numbered Standards CIP-00... See Standard details.. | 11/7/2013 | 6/30/2016 | Project 2012-06 | |||||||||||
Inactive | CIP-003-4 | Cyber Security — Security Management Controls | Standard CIP-003-4 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-4 should be read as part of a group of standards numbered Standards CIP-00... See Standard details.. | 1/24/2011 | 2/10/2011 | 4/19/2012 | 6/25/2012 | 10/1/2014 | 2/3/2014 | Implementation Plan | Project 2008-06 | ||||||
Inactive | CIP-003-4a | Cyber Security — Security Management Controls | Standard CIP-003-4 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-4 should be read as part of a group of standards numbered Standards CIP-00... See Standard details.. | 11/7/2013 | 2/3/2014 | Implementation Plan | Project 2008-06 | ||||||||||
Inactive | CIP-003-5 | Cyber Security — Security Management Controls | To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details.. | 11/26/2012 | 1/31/2013 | 11/22/2013 | 2/3/2014 | 6/30/2016 | Implementation Plan | CIP-003-5 will be superseded by CIP-003-6. | Project 2008-06 | ||||||
Inactive | CIP-003-6 | Cyber Security — Security Management Controls | To specify consistent and sustainable security management controls that establish responsibility and accountability to protect Bulk Electric System (BES) Cyber Systems against compromise that could lead to misoperation or instabil... See Standard details.. | 2/12/2015 | 2/13/2015 | 1/21/2016 | 3/31/2016 | 7/1/2016 | X | 12/31/2019 | Implementation Plan | With the approval of CIP-003-7 and its associated Implementation Plan, entities will not be required to implement CIP-003-6, Requirement R2, Attachment 1, Sections 2 and 3. Instead, entities will implement CIP-003-7, Requirement R | Project 2014-02 | RSAW | CIP Version 5 Transition Program | 5/20/2016: Compliance Guidance Updates | |
Inactive | CIP-003-7 | Cyber Security — Security Management Controls | To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electri... See Standard details.. | 2/10/2017 | 3/3/2017 | 4/19/2018 | 6/25/2018 | 1/1/2020 | 3/31/2020 | Implementation Plan | Project 2016-02 | RSAW | |||||
Mandatory Subject to Enforcement | CIP-003-8 | Cyber Security — Security Management Controls | To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electri... See Standard details.. | 5/9/2019 | 5/21/2019 | 7/31/2019 | 7/31/2019 | 4/1/2020 | 3/31/2026 | Implementation Plan | Project 2016-02 | RSAW | |||||
Subject to Future Enforcement | CIP-003-9 | Cyber Security — Security Management Controls | To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electri... See Standard details.. | 11/16/2022 | 12/6/2022 | 3/16/2023 | 4/1/2026 | 4/1/2026 | Implementation Plan | Project 2020-03 | RSAW | ||||||
Inactive | CIP-004-1 | Cyber Security — Personnel & Training | Standard CIP-004 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessment,... See Standard details.. | 5/2/2006 | 8/28/2006 | 1/18/2008 | 4/7/2008 | 7/1/2008 | 3/31/2010 | Replaced with CIP-004-2 | |||||||
Inactive | CIP-004-2 | Cyber Security — Personnel & Training | Standard CIP-004-2 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details.. | 5/6/2009 | 5/22/2009 | 9/30/2009 | 9/30/2009 | 4/1/2010 | 9/30/2010 | Replaced with CIP-004-3 | |||||||
Inactive | CIP-004-3 | Cyber Security — Personnel & Training | Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details.. | 12/16/2009 | 12/29/2009 | 3/31/2010 | 3/31/2010 | 10/1/2010 | 12/11/2012 | Implementation Plan | Replaced with CIP-004-3a (Interpretation) | Project 2010-09 | |||||
Inactive | CIP-004-3a | Cyber Security — Personnel & Training | Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details.. | 5/24/2012 | 8/1/2012 | 12/12/2012 | 12/12/2012 | 12/12/2012 | 6/30/2016 | Implementation Plan | Project 2009-26 | ||||||
Inactive | CIP-004-4 | Cyber Security — Personnel & Training | Standard CIP-004-4 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details.. | 1/24/2011 | 2/10/2011 | 4/19/2012 | 6/25/2012 | 12/11/2012 | Implementation Plan | Replaced with CIP-004-4a (Interpretation) | Project 2008-06 | ||||||
Inactive | CIP-004-4a | Cyber Security — Personnel & Training | Standard CIP-004-4 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details.. | 5/24/2012 | 8/1/2012 | 12/12/2012 | 12/12/2012 | 10/1/2014 | 2/3/2014 | Implementation Plan | Project 2008-06 | ||||||
Inactive | CIP-004-5 | Cyber Security — Personnel & Training | To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, training, and security ... See Standard details.. | 11/26/2012 | 1/31/2013 | 9/30/2013 | Replaced with CIP-004-5.1 (Errata) | ||||||||||
Inactive | CIP-004-5.1 | Cyber Security — Personnel & Training | To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, training, and security ... See Standard details.. | 9/27/2013 | 9/30/2013 | 11/22/2013 | 2/3/2014 | 6/30/2016 | Implementation Plan | CIP-004-5.1 will be superseded by CIP-004-6. | Project 2008-06 | ||||||
Inactive | CIP-004-6 | Cyber Security — Personnel & Training | To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric System (BES) from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, ... See Standard details.. | 2/12/2015 | 2/13/2015 | 1/21/2016 | 3/31/2016 | 7/1/2016 | X | 12/31/2023 | Implementation Plan | Located under Key Resources: CIP V5 Effective Dates | Project 2014-02 | RSAW | CIP Version 5 Transition Program | 5/20/2016 | |
Mandatory Subject to Enforcement | CIP-004-7 | Cyber Security — Personnel & Training | To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric System (BES) from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment,... See Standard details.. | 8/12/2021 | 9/15/2021 | 12/7/2021 | 12/7/2021 | 1/1/2024 | Implementation Plan | A Responsible Entity may elect to comply with the requirements in CIP-004-7 and CIP-011-3 following their approval by the applicable governmental authority, but prior to their Effective Date. In such a case, the Responsible Entity | Project 2019-02 | Technical Rationale CIP-004-7 | RSAW | Implementation Guidance | |||
Filed and Pending Regulatory Approval | CIP-004-8 | Cyber Security — Personnel & Training | To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric System (BES) from individuals accessing BES Cyber Systems (BCS) by requiring an appropriate level of personnel risk assess... See Standard details.. | 5/9/2024 | 7/10/2024 | Implementation Plan | Project 2016-02 | ||||||||||
Inactive | CIP-005-1 | Cyber Security — Electronic Security Perimeter(s) | Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005 should be read as p... See Standard details.. | 5/2/2006 | 8/28/2006 | 1/18/2008 | 4/7/2008 | 7/1/2008 | 3/31/2010 | Replaced with CIP-005-2 | |||||||
Inactive | CIP-005-1a | Cyber Security — Electronic Security Perimeter(s) | Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005 should be read as p... See Standard details.. | 2/16/2010 | 2/1/2011 | Replaced with CIP-005-3a | |||||||||||
Inactive | CIP-005-2 | Cyber Security — Electronic Security Perimeter(s) | Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-2 should be read ... See Standard details.. | 5/6/2009 | 5/22/2009 | 9/30/2009 | 9/30/2009 | 4/1/2010 | 9/30/2010 | Replaced with CIP-005-3 | |||||||
Inactive | CIP-005-2a | Cyber Security — Electronic Security Perimeter(s) | Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-2 should be read ... See Standard details.. | 2/16/2010 | 4/21/2010 | 2/2/2011 | 2/2/2011 | 2/1/2011 | Replaced with CIP-005-3a | ||||||||
Inactive | CIP-005-3 | Cyber Security — Electronic Security Perimeter(s) | Standard CIP-005-3 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-3 should be read ... See Standard details.. | 12/16/2009 | 12/29/2009 | 3/31/2010 | 3/31/2010 | 10/1/2010 | 2/1/2011 | Replaced with CIP-005-3a (Interpretation of CIP-005-3, Section 4.2.2 and Requirement 1.3) | |||||||
Inactive | CIP-005-3a | Cyber Security — Electronic Security Perimeter(s) | Standard CIP-005-3 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-3 should be read ... See Standard details.. | 2/16/2010 | 4/21/2010 | 2/2/2011 | 2/2/2011 | 2/2/2011 | 6/30/2016 | Implementation Plan | Project 2009-12 | ||||||
Inactive | CIP-005-4a | Cyber Security — Electronic Security Perimeter(s) | Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-4a should be rea... See Standard details.. | 1/24/2011 | 4/12/2011 | 4/19/2012 | 6/25/2012 | 10/1/2014 | 2/3/2014 | Implementation Plan | Project 2008-06 | ||||||
Inactive | CIP-005-5 | Cyber Security — Electronic Security Perimeter(s) | To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security Perimeter in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details.. | 11/26/2012 | 1/31/2013 | 11/22/2013 | 2/3/2014 | 7/1/2016 | 9/30/2020 | Implementation Plan | See Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspx | Project 2008-06 | RSAW | CIP Version 5 Transition Program | 5/20/2016: Compliance Guidance Updates | ||
Inactive | CIP-005-6 | Cyber Security — Electronic Security Perimeter(s) | To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security Perimeter in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details.. | 8/10/2017 | 9/26/2017 | 10/18/2018 | 12/26/2018 | 10/1/2020 | 9/30/2022 | Implementation Plan | Project 2016-03 | RSAW | |||||
Mandatory Subject to Enforcement | CIP-005-7 | Cyber Security — Electronic Security Perimeter(s) | To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security Perimeter in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details.. | 11/5/2020 | 12/14/2020 | 3/18/2021 | 3/18/2021 | 10/1/2022 | Implementation Plan | Project 2019-03 | Technical Rationale CIP-005-7 | RSAW | |||||
Filed and Pending Regulatory Approval | CIP-005-8 | Cyber Security — Electronic Security Perimeter(s) | To protect BES Cyber Systems (BCS) against compromise by permitting only known and controlled communication to reduce the likelihood of misoperation or instability in the Bulk Electric System (BES).... See Standard details.. | 5/9/2024 | 7/10/2024 | Implementation Plan | Project 2016-02 | ||||||||||
Inactive | CIP-006-1 | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006 should be read as part of a group of standards numbered Standards CIP-002 throu... See Standard details.. | 5/2/2006 | 8/28/2006 | 1/18/2008 | 4/7/2008 | 7/1/2008 | 3/31/2010 | Implementation Plan | Replaced with CIP-006-2 | ||||||
Inactive | CIP-006-1a | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006 should be read as part of a group of standards numbered Standards CIP-002 throu... See Standard details.. | 2/12/2008 | 12/22/2009 | Implementation Plan | Replaced with CIP-006-1b and included as part of CIP-006-2b filing; inactive as of the date CIP-006-2b was filed | ||||||||||
Inactive | CIP-006-1b | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006 should be read as part of a group of standards numbered Standards CIP-002 throu... See Standard details.. | 8/5/2009 | 12/22/2009 | Implementation Plan | Replaced with CIP-006-2b and included as part of CIP-006-2b filing; inactive as of the date CIP-006-2b was filed | ||||||||||
Inactive | CIP-006-1c | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006 should be read as part of a group of standards numbered Standards CIP-002 throu... See Standard details.. | 2/16/2010 | 4/20/2010 | Implementation Plan | Replaced with CIP-006-2c (filed as CIP-006-2c because CIP-006-1 was inactive as of the filing date and the interpretation equally applied to CIP-006-2; inactive as of the date CIP-006-2c was filed) | ||||||||||
Inactive | CIP-006-2 | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-2 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-2 should be read as part of a group of standards numbered Standards CIP-002-2... See Standard details.. | 5/6/2009 | 5/22/2009 | 9/30/2009 | 9/30/2009 | 4/1/2010 | 7/14/2010 | Implementation Plan | Replaced with CIP-006-2c | ||||||
Inactive | CIP-006-2a | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-2 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-2 should be read as part of a group of standards numbered Standards CIP-002-2... See Standard details.. | 5/6/2009 | 4/20/2010 | 7/15/2010 | 7/15/2010 | 7/15/2010 | 9/30/2010 | Implementation Plan | Replaced with CIP-006-3a | ||||||
Inactive | CIP-006-2b | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-2 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-2 should be read as part of a group of standards numbered Standards CIP-002-2... See Standard details.. | 8/5/2009 | 12/22/2009 | 5/19/2011 | 7/14/2010 | Implementation Plan | Replaced with CIP-006-2c | ||||||||
Inactive | CIP-006-2c | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-2 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-2 should be read as part of a group of standards numbered Standards CIP-002-2... See Standard details.. | 2/16/2010 | 4/20/2010 | 7/15/2010 | 7/15/2010 | 9/30/2010 | Implementation Plan | Replaced with CIP-006-3c | |||||||
Inactive | CIP-006-3 | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-3 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be read as part of a group of standards numbered Standards CIP-002-3... See Standard details.. | 12/16/2009 | 12/29/2009 | 3/31/2010 | 3/31/2010 | 9/30/2010 | Implementation Plan | Replaced with CIP-006-3c | |||||||
Inactive | CIP-006-3a | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-3 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be read as part of a group of standards numbered Standards CIP-002-3... See Standard details.. | 12/16/2009 | 4/20/2010 | 7/15/2010 | 7/15/2010 | 10/1/2010 | 5/18/2011 | Implementation Plan | Replaced with CIP-006-3c | ||||||
Inactive | CIP-006-3c | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-3 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be read as part of a group of standards numbered Standards CIP-002-3... See Standard details.. | 2/16/2010 | 12/22/2009 | 5/19/2011 | 5/19/2011 | 5/19/2011 | 6/30/2016 | Implementation Plan | Project 2008-06 | ||||||
Inactive | CIP-006-3d | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-3 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be read as part of a group of standards numbered Standards CIP-002-3... See Standard details.. | 2/9/2012 | 5/23/2012 | 3/21/2013 | Implementation Plan | FERC remanded the interpretation of R1.1 in an order issued on 3/21/13 | Project 2009-21 | ||||||||
Inactive | CIP-006-4c | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-4c is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-4c should be read as part of a group of standards numbered Standards CIP-002... See Standard details.. | 1/24/2011 | 4/12/2011 | 4/19/2012 | 6/25/2012 | 10/1/2014 | 2/3/2014 | Implementation Plan | Project 2008-06 | ||||||
Inactive | CIP-006-4d | Cyber Security — Physical Security of Critical Cyber Assets | Standard CIP-006-4c is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-4c should be read as part of a group of standards numbered Standards CIP-002... See Standard details.. | 2/9/2012 | 5/23/2012 | 3/21/2013 | Implementation Plan | FERC remanded the interpretation of R1.1 in an order issued on 3/21/13 | Project 2008-06 | ||||||||
Inactive | CIP-006-5 | Cyber Security — Physical Security of BES Cyber Systems | To manage physical access to BES Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details.. | 11/26/2012 | 1/31/2013 | 11/22/2013 | 2/3/2014 | 6/30/2016 | Implementation Plan | Project 2008-06 | |||||||
Mandatory Subject to Enforcement | CIP-006-6 | Cyber Security — Physical Security of BES Cyber Systems | To manage physical access to Bulk Electric System (BES) Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details.. | 11/13/2014 | 2/13/2015 | 1/21/2016 | 3/31/2016 | 7/1/2016 | X | Implementation Plan | See Implementation Plan for Compliance dates. See also CIP V5 Effective Dates here under Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspx | Project 2014-02 | RSAW | CIP Version 5 Transition Program | 5/20/2016: Compliance Guidance Updates | ||
Filed and Pending Regulatory Approval | CIP-006-7 | Cyber Security — Physical Security of BES Cyber Systems | To manage physical access to Bulk Electric System (BES) Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems (BCS) against compromise that could lead to misoperation or instability in the... See Standard details.. | 5/9/2024 | 7/10/2024 | Implementation Plan | Project 2016-02 | ||||||||||
Inactive | CIP-007-1 | Cyber Security — Systems Security Management | Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the non-critical Cyber Assets within the Electronic Security... See Standard details.. | 5/2/2006 | 8/28/2006 | 1/18/2008 | 4/7/2008 | 7/1/2008 | 3/31/2010 | Replaced with CIP-007-2 | |||||||
Inactive | CIP-007-2 | Cyber Security — Systems Security Management | Standard CIP-007-2 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details.. | 5/6/2009 | 5/22/2009 | 9/30/2009 | 9/30/2009 | 3/31/2010 | Replaced with CIP-007-2a (Interpretation of a term used in R2) | ||||||||
Inactive | CIP-007-2a | Cyber Security — Systems Security Management | Standard CIP-007-2 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details.. | 11/5/2009 | 11/17/2009 | 3/18/2010 | 3/18/2010 | 4/1/2010 | 9/30/2010 | Replaced with CIP-007-3a | |||||||
Pending Regulatory Filing | CIP-007-3 | Cyber Security — Systems Security Management | Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electro... See Standard details.. | 12/16/2009 | This version is not used in the United States. | ||||||||||||
Inactive | CIP-007-3a | Cyber Security — Systems Security Management | Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details.. | 12/16/2009 | 12/29/2009 | 3/31/2010 | 3/31/2010 | 10/1/2010 | 6/30/2016 | Implementation Plan | The version number was updated from CIP-007-3 to CIP-007-3a to incorporate the approved interpretation that should have previously been appended. | Project 2009-21 | |||||
Inactive | CIP-007-3b | Cyber Security — Systems Security Management | Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details.. | 11/7/2013 | 6/30/2016 | Implementation Plan | Project 2009-21 | ||||||||||
Inactive | CIP-007-4a | Cyber Security — Systems Security Management | Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details.. | 1/24/2011 | 2/10/2011 | 4/19/2012 | 6/25/2012 | 10/1/2014 | 2/3/2014 | Implementation Plan | The version number was updated from CIP-007-4 to CIP-007-4a to incorporate the approved interpretation that should have previously been appended. | Project 2008-06 | |||||
Inactive | CIP-007-4b | Cyber Security — Systems Security Management | Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details.. | 11/7/2013 | 2/3/2014 | Implementation Plan | Project 2008-06 | ||||||||||
Inactive | CIP-007-5 | Cyber Security — System Security Management | To manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details.. | 11/26/2012 | 1/31/2013 | 11/22/2013 | 2/3/2014 | 6/30/2016 | Implementation Plan | Project 2008-06 | |||||||
Mandatory Subject to Enforcement | CIP-007-6 | Cyber Security — System Security Management | To manage system security by specifying select technical, operational, and procedural requirements in support of protecting Bulk Electric System (BES) Cyber Systems against compromise that could lead to misoperation or instability... See Standard details.. | 2/12/2015 | 2/13/2015 | 1/21/2016 | 3/31/2016 | 7/1/2016 | X | Implementation Plan | See Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspx | Project 2014-02 | RSAW | CIP Version 5 Transition Program | 5/20/2016: Compliance Guidance Updates | ||
Filed and Pending Regulatory Approval | CIP-007-7 | Cyber Security — System Security Management | To manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES Cyber Systems (BCS) against compromise that could lead to misoperation or instability in the Bulk Elec... See Standard details.. | 5/9/2024 | 7/10/2024 | Implementation Plan | Project 2016-02 | ||||||||||
Inactive | CIP-008-1 | Cyber Security — Incident Reporting and Response Planning | Standard CIP-008 ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008 should be read as part of a group of standards numbered Standards ... See Standard details.. | 5/2/2006 | 8/28/2006 | 1/18/2008 | 4/7/2008 | 7/1/2008 | 3/31/2010 | Replaced with CIP-008-2 | |||||||
Inactive | CIP-008-2 | Cyber Security — Incident Reporting and Response Planning | Standard CIP-008-2 ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008-2 should be read as part of a group of standards numbered Standa... See Standard details.. | 5/6/2009 | 5/22/2009 | 9/30/2009 | 9/30/2009 | 4/1/2010 | 9/30/2010 | Replaced with CIP-008-3 | |||||||
Inactive | CIP-008-3 | Cyber Security — Incident Reporting and Response Planning | Standard CIP-008-3 ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008-23 should be read as part of a group of standards numbered Stand... See Standard details.. | 12/16/2009 | 12/29/2009 | 3/31/2010 | 3/31/2010 | 10/1/2010 | 6/30/2016 | Implementation Plan | Project 2009-21 | ||||||
Inactive | CIP-008-4 | Cyber Security — Incident Reporting and Response Planning | Standard CIP-008-4 ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008-4 should be read as part of a group of standards numbered Standa... See Standard details.. | 1/24/2011 | 2/10/2011 | 4/19/2012 | 6/25/2012 | 10/1/2014 | 2/3/2014 | ||||||||
Inactive | CIP-008-5 | Cyber Security — Incident Reporting and Response Planning | To mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements.... See Standard details.. | 11/26/2012 | 1/31/2013 | 11/22/2013 | 2/3/2014 | 7/1/2016 | X | 12/31/2020 | Implementation Plan | See Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspx | Project 2008-06 | RSAW | CIP Version 5 Transition Program | 5/20/2016: Compliance Guidance Updates | |
Mandatory Subject to Enforcement | CIP-008-6 | Cyber Security — Incident Reporting and Response Planning | To mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements.... See Standard details.. | 2/7/2019 | 3/7/2019 | 6/20/2019 | 6/20/2019 | 1/1/2021 | Implementation Plan | Project 2018-02 | Technical Rationale CIP-008-6 | RSAW | |||||
Filed and Pending Regulatory Approval | CIP-008-7 | Cyber Security — Incident Reporting and Response Planning | To mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements. ... See Standard details.. | 5/9/2024 | 7/10/2024 | Implementation Plan | Project 2016-02 | ||||||||||
Inactive | CIP-009-1 | Cyber Security — Recovery Plans for Critical Cyber Assets | Standard CIP-009 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009 should be read ... See Standard details.. | 5/2/2006 | 8/28/2006 | 1/18/2008 | 4/7/2008 | 7/1/2008 | 3/31/2010 | Replaced with CIP-009-2 | |||||||
Inactive | CIP-009-2 | Cyber Security — Recovery Plans for Critical Cyber Assets | Standard CIP-009-2 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009-2 should be r... See Standard details.. | 5/6/2009 | 5/22/2009 | 9/30/2009 | 9/30/2009 | 4/1/2010 | 9/30/2010 | Replaced with CIP-009-3 | |||||||
Inactive | CIP-009-3 | Cyber Security — Recovery Plans for Critical Cyber Assets | Standard CIP-009-3 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009-3 should be r... See Standard details.. | 12/16/2009 | 12/29/2009 | 3/31/2010 | 3/31/2010 | 10/1/2010 | 6/30/2016 | Implementation Plan | Project 2009-21 | ||||||
Inactive | CIP-009-4 | Cyber Security — Recovery Plans for Critical Cyber Assets | Standard CIP-009-4 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009-4 should be r... See Standard details.. | 1/24/2011 | 2/10/2011 | 4/19/2012 | 6/25/2012 | 10/1/2014 | 2/3/2014 | ||||||||
Inactive | CIP-009-5 | Cyber Security — Recovery Plans for BES Cyber Systems | To recover reliability functions performed by BES Cyber Systems by specifying recovery plan requirements in support of the continued stability, operability, and reliability of the BES.... See Standard details.. | 11/26/2012 | 1/31/2013 | 11/22/2013 | 2/3/2014 | 6/30/2016 | Implementation Plan | Project 2008-06 | |||||||
Mandatory Subject to Enforcement | CIP-009-6 | Cyber Security — Recovery Plans for BES Cyber Systems | To recover reliability functions performed by BES Cyber Systems by specifying recovery plan requirements in support of the continued stability, operability, and reliability of the BES.... See Standard details.. | 11/13/2014 | 2/13/2015 | 1/21/2016 | 3/31/2016 | 7/1/2016 | X | Implementation Plan | Located under Key Resources: CIP V5 Effective Dates | Project 2014-02 | RSAW | CIP Version 5 Transition Program | 5/20/2016: Compliance Guidance Updates | ||
Filed and Pending Regulatory Approval | CIP-009-7 | Cyber Security — Recovery Plans for BES Cyber Systems | To recover reliability functions performed by BES Cyber Systems (BCS) by specifying recovery plan requirements in support of the continued stability, operability, and reliability of the Bulk Electric System (BES). ... See Standard details.. | 5/9/2024 | 7/10/2024 | Implementation Plan | Project 2016-02 | ||||||||||
Inactive | CIP-010-1 | Cyber Security — Configuration Change Management and Vulnerability Assessments | To prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to ... See Standard details.. | 11/26/2012 | 1/31/2013 | 11/22/2013 | 2/3/2014 | 6/30/2016 | Implementation Plan | Project 2008-06 | |||||||
Inactive | CIP-010-2 | Cyber Security — Configuration Change Management and Vulnerability Assessments | To prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to ... See Standard details.. | 2/12/2015 | 2/13/2015 | 1/21/2016 | 3/31/2016 | 7/1/2016 | 9/30/2020 | Implementation Plan | See Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspx | Project 2014-02 | RSAW | CIP Version 5 Transition Program | 5/20/2016: Compliance Guidance Updates | ||
Inactive | CIP-010-3 | Cyber Security — Configuration Change Management and Vulnerability Assessments | To prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to ... See Standard details.. | 8/10/2017 | 9/26/2017 | 10/18/2018 | 12/26/2018 | 10/1/2020 | 9/30/2022 | Implementation Plan | Project 2016-03 | RSAW | 2/8/2018 | ||||
Mandatory Subject to Enforcement | CIP-010-4 | Cyber Security — Configuration Change Management and Vulnerability Assessments | To prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to ... See Standard details.. | 11/5/2020 | 12/14/2020 | 3/18/2021 | 3/18/2021 | 10/1/2022 | Implementation Plan | Project 2019-03 | Technical Rationale CIP-010-4 | RSAW | 3/25/2021:Compliance Guidance Updates | ||||
Filed and Pending Regulatory Approval | CIP-010-5 | Cyber Security — Configuration Change Management and Vulnerability Assessments | To prevent and detect unauthorized changes to BES Cyber Systems (BCS) by specifying configuration change management and vulnerability assessment requirements in support of protecting BCS from compromise that could lead to misopera... See Standard details.. | 5/9/2024 |