...
NERC

NERC Standards Database

Last updated: October 03, 2024

StatusStandard NumberStandard TitlePurposeBoard Adopted DateFiling Date of StandardFERC Orders (Issued Date)Regulatory Order Effective DateEffective Date of StandardPhased-in ImplementationInactive Date of StandardImplementation PlanPublic NotesProject PageRelated Documents RSAW Lessons LearnedCompliance Guidance
InactiveBAL-001-0Real Power Balancing Control PerformanceTo maintain Interconnection steady-state frequency within defined limits by balancing real power demand and supply in real-time.... See Standard details..2/8/20054/4/20063/16/20076/18/20076/18/20078/26/2008Replaced with BAL-001-0a (WECC Request for Interpretation of BAL-001-0, Requirement 1)
InactiveBAL-001-0.1aReal Power Balancing Control PerformanceTo maintain Interconnection steady-state frequency within defined limits by balancing real power demand and supply in real-time.... See Standard details..10/29/20082/6/20095/13/20095/13/20095/13/20093/31/2014
InactiveBAL-001-0aReal Power Balancing Control PerformanceTo maintain Interconnection steady-state frequency within defined limits by balancing real power demand and supply in real-time.... See Standard details..10/23/200712/19/20077/21/20088/27/20088/27/20085/12/2009Replaced with BAL-001-0.1a (WECC Request for Interpretation of BAL-001-0, Requirement 1 and Errata change)
InactiveBAL-001-1Real Power Balancing Control PerformanceTo maintain Interconnection steady-state frequency within defined limits by balancing real power demand and supply in real-time.... See Standard details..12/19/20128/20/201310/16/201310/16/20134/1/20146/30/2016Project 2010-14.1
Mandatory Subject to EnforcementBAL-001-2Real Power Balancing Control PerformanceTo control Interconnection frequency within defined limits.... See Standard details..8/15/20134/2/20144/16/20156/22/20157/1/2016Implementation PlanReplaced BAL-001-1Project 2010-14.1RSAW
InactiveBAL-001-TRE-1Primary Frequency Response in the ERCOT RegionTo maintain Interconnection steady-state frequency within defined limits.... See Standard details..8/15/20139/18/20131/16/20141/16/20144/1/20146/30/2020Implementation PlanRefer to the implementation plan for specific compliance dates and timeframes.Texas RERSAW
Mandatory Subject to EnforcementBAL-001-TRE-2Primary Frequency Response in the ERCOT RegionTo maintain Interconnection steady-state frequency within defined limits.... See Standard details..2/6/20203/11/20205/19/20205/19/20207/1/2020Implementation PlanTexas RE
InactiveBAL-002-0Disturbance Control PerformanceThe purpose of the Disturbance Control Standard (DCS) is to ensure the Balancing Authority is able to utilize its Contingency Reserve to balance resources and demand and return Interconnection frequency within defined limits follo... See Standard details..2/8/20054/4/20063/16/20076/18/20076/18/20073/31/2012Replaced with BAL-002-1
InactiveBAL-002-1Disturbance Control PerformanceThe purpose of the Disturbance Control Standard (DCS) is to ensure the Balancing Authority is able to utilize its Contingency Reserve to balance resources and demand and return Interconnection frequency within defined limits follo... See Standard details..8/5/20109/9/20101/10/20111/10/20114/1/201212/31/2017Implementation PlanReplaced by BAL-002-2Project 2010-12RSAW
InactiveBAL-002-1aDisturbance Control PerformanceThe purpose of the Disturbance Control Standard (DCS) is to ensure the Balancing Authority is able to utilize its Contingency Reserve to balance resources and demand and return Interconnection frequency within defined limits follo... See Standard details..11/7/20122/12/20132/17/2017Implementation PlanBAL-002-1a was never approved or amended by FERC; notice of withdrawal filed 2/2/2017 following FERC approval of BAL-002-2.Project 2010-12RSAW
InactiveBAL-002-2Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency EventTo ensure the Balancing Authority or Reserve Sharing Group balances resources and demand and returns the Balancing Authority's or Reserve Sharing Group's Area Control Error to defined values (subject to applicable limits) followin... See Standard details..11/5/20151/29/20161/19/20174/3/201712/31/2017Implementation PlanReplaces BAL-002-1Project 2010-14.1
InactiveBAL-002-2(i)Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency EventTo ensure the Balancing Authority or Reserve Sharing Group balances resources and demand and returns the Balancing Authority's or Reserve Sharing Group's Area Control Error to defined values (subject to applicable limits) followin... See Standard details..8/10/20178/14/201710/2/201710/2/20171/1/20183/31/2019Implementation PlanRSAW
Mandatory Subject to EnforcementBAL-002-3Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency EventTo ensure the Balancing Authority or Reserve Sharing Group balances resources and demand and returns the Balancing Authority's or Reserve Sharing Group's Area Control Error to defined values (subject to applicable limits) followin... See Standard details..8/16/20188/17/20189/25/20189/25/20184/1/2019Implementation PlanReplaces BAL-002-2(i).Project 2017-06RSAW
InactiveBAL-002-WECC-1Contingency ReservesContingency Reserve is required for the reliable operation of the interconnected power system. Adequate generating capacity must be available at all times to maintain scheduled frequency, and avoid loss of firm load following tran... See Standard details..10/29/20083/25/200911/26/2010Remanded by FERC in an October 21, 2010 Order, effective November 26, 2010.
InactiveBAL-002-WECC-2Contingency ReserveTo specify the quantity and types of Contingency Reserve required to ensure reliability under normal and abnormal conditions.... See Standard details..11/7/20124/12/201311/21/20131/28/201410/1/20141/23/2017Implementation PlanWECC
InactiveBAL-002-WECC-2aContingency ReserveTo specify the quantity and types of Contingency Reserve required to ensure reliability under normal and abnormal conditions.... See Standard details..11/2/201611/9/20161/24/20171/24/20171/24/20176/27/2021Implementation PlanReplaces BAL-002-WECC-2WECC
Mandatory Subject to EnforcementBAL-002-WECC-3Contingency ReserveTo specify the quantity and types of Contingency Reserve required to ensure reliability under normal and abnormal conditions.... See Standard details..8/15/20199/6/20194/15/20214/15/20216/28/2021Implementation PlanWECC
InactiveBAL-003-0Frequency Response and BiasThis standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details..2/8/20054/4/20063/16/20076/18/20076/18/20078/26/2008Replaced with BAL-003-0a (Interpretation of BAL-003-0, Requirement 3)
InactiveBAL-003-0.1aFrequency Response and BiasThis standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details..10/29/20082/6/20095/13/20095/13/20095/13/20096/28/2009Replaced with BAL-003-0.1b
InactiveBAL-003-0.1bFrequency Response and BiasThis standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details..10/29/20082/6/20095/13/20095/13/20096/29/20093/31/2015
InactiveBAL-003-0aFrequency Response and BiasThis standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details..10/23/200712/19/20077/21/20088/27/20088/27/20085/12/2009Replaced with BAL-003-0.1a (Errata)
InactiveBAL-003-0bFrequency Response and BiasThis standard provides a consistent method for calculating the Frequency Bias component of ACE.... See Standard details..2/12/20087/28/20085/21/20096/29/20096/28/2009Replaced with BAL-003-0.1b
InactiveBAL-003-1Frequency Response and Frequency Bias SettingTo require sufficient Frequency Response from the Balancing Authority (BA) to maintain Interconnection Frequency within predefined bounds by arresting frequency deviations and supporting frequency until the frequency is restored t... See Standard details..2/7/20133/29/20131/16/20143/24/20144/1/2015X11/12/2015Implementation PlanSee the implementation plan for guidance on phased-in enforcement dates. Requirement R1 will never become enforceable.. Disregard the dates for R1 it is non enforceable.
InactiveBAL-003-1.1Frequency Response and Frequency Bias SettingTo require sufficient Frequency Response from the Balancing Authority (BA) to maintain Interconnection Frequency within predefined bounds by arresting frequency deviations and supporting frequency until the frequency is restored t... See Standard details..2/7/20138/25/201511/13/201511/13/201511/13/2015X11/30/2020Implementation PlanReplaces BAL-003-1Project 2007-12RSAW
Mandatory Subject to EnforcementBAL-003-2Frequency Response and Frequency Bias SettingTo require sufficient Frequency Response from the Balancing Authority (BA) to maintain Interconnection Frequency within predefined bounds by arresting frequency deviations and supporting frequency until the frequency is restored t... See Standard details..11/5/201912/19/20197/15/20207/15/202012/1/2020Implementation PlanProject 2017-01RSAW
InactiveBAL-004-0Time Error CorrectionThe purpose of this standard is to ensure that Time Error Corrections are conducted in a manner that does not adversely affect the reliability of the Interconnection.... See Standard details..2/8/20054/4/20063/16/20076/18/20076/18/20074/1/2017Implementation PlanThe retirement of BAL-004-0 is contingent upon the retirement of NAESB WEQ-006 Manual Time Error Correction Business Practice Standard.Time Error Correction
InactiveBAL-004-1Time Error CorrectionThe purpose of this standard is to ensure that Time Error Corrections are conducted in a manner that does not adversely affect the reliability of the Interconnection.... See Standard details..3/26/20088/11/20118/16/2012The NERC BOT withdrew its approval of this standard at its meeting on August 16, 2012.
InactiveBAL-004-WECC-01Automatic Time Error CorrectionTo maintain Interconnection frequency within a predefined frequency profile under all conditions (i.e. normal and abnormal), and to ensure that Time Error Corrections are effectively conducted in a manner that does not adversely a... See Standard details..3/26/20087/29/20085/21/20096/29/20097/1/20093/31/2014WECC
InactiveBAL-004-WECC-02Automatic Time Error Correction (ATEC)To maintain Interconnection frequency and to ensure that Time Error Corrections and Primary Inadvertent Interchange (PII) payback are effectively conducted in a manner that does not adversely affect the reliability of the Intercon... See Standard details..12/19/20128/20/201310/16/201310/16/20134/1/20149/30/2018Replaces BAL-004-WECC-01WECC
Mandatory Subject to EnforcementBAL-004-WECC-3Automatic Time Error CorrectionTo maintain Interconnection frequency and to ensure that Time Error Corrections and Primary Inadvertent Interchange (PII) payback are effectively conducted in a manner that does not adversely affect the reliability of the Intercon... See Standard details..2/8/20183/8/20185/30/20185/30/201810/1/2018Implementation PlanWECC
InactiveBAL-005-0Automatic Generation ControlThis standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details..2/8/20054/4/20063/16/20076/18/20076/18/20078/26/2008Replaced with BAL-005-0b (R.W. Beck Request for Interpretation of BAL-005-0, Requirement 17)
InactiveBAL-005-0.1bAutomatic Generation ControlThis standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details..10/29/20082/6/20095/13/20095/13/20095/13/20099/12/2012Replaced by BAL-005-0.2b (Errata)
InactiveBAL-005-0.2bAutomatic Generation ControlThis standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details..3/8/20126/5/20129/13/20129/13/20129/13/201212/31/2018Implementation PlanReplaces BAL-005-0.1bProject 2007-25RSAW
InactiveBAL-005-0aAutomatic Generation ControlThis standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details..5/2/200712/19/20074/15/2008Withdrawn
InactiveBAL-005-0bAutomatic Generation ControlThis standard establishes requirements for Balancing Authority Automatic Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely deploy the Regulating Reserve. The standard also ensures that all f... See Standard details..2/12/20084/15/20087/21/20088/27/20088/27/20085/12/2009Replaced with BAL-005-0.1b (Errata)
Mandatory Subject to EnforcementBAL-005-1Balancing Authority ControlThis standard establishes requirements for acquiring data necessary to calculate Reporting Area Control Error (Reporting ACE). The standard also specifies a minimum periodicity, accuracy, and availability requirement for acquisiti... See Standard details..2/11/20164/20/20169/20/201711/27/20171/1/2019Implementation PlanBAL-005-1 will replace BAL-005-0.2b and BAL-006-2Project 2010-14.2.1Technical Rationale BAL-005-1RSAW
InactiveBAL-006-0Inadvertent InterchangeThis standard defines a process for monitoring Balancing Authorities to ensure that, over the long term, Balancing Authority Areas do not excessively depend on other Balancing Authority Areas in the Interconnection for meeting the... See Standard details..2/8/20054/4/20065/1/2006Replaced with BAL-006-1 (BAL-006-0 was never enforceable)
InactiveBAL-006-1Inadvertent InterchangeThis standard defines a process for monitoring Balancing Authorities to ensure that, over the long term, Balancing Authority Areas do not excessively depend on other Balancing Authority Areas in the Interconnection for meeting the... See Standard details..5/2/20068/28/20063/16/20076/18/20076/18/20075/12/2009Replaced with BAL-006-1.1 (Errata)
InactiveBAL-006-1.1Inadvertent InterchangeThis standard defines a process for monitoring Balancing Authorities to ensure that, over the long term, Balancing Authority Areas do not excessively depend on other Balancing Authority Areas in the Interconnection for meeting the... See Standard details..10/29/20082/6/20095/13/20095/13/20095/13/20093/31/2011Replaced with BAL-006-2
InactiveBAL-006-2Inadvertent InterchangeThis standard defines a process for monitoring Balancing Authorities to ensure that, over the long term, Balancing Authority Areas do not excessively depend on other Balancing Authority Areas in the Interconnection for meeting the... See Standard details..11/5/200911/20/20091/6/20111/6/20114/1/201112/31/2018Implementation PlanReplaces BAL-006-1.1Project 2009-18RSAW
Mandatory Subject to EnforcementBAL-502-RF-03Planning Resource Adequacy Analysis, Assessment and DocumentationTo establish common criteria, based on “one day in ten year” loss of Load expectation principles, for the analysis, assessment and documentation of Resource Adequacy for Load in the ReliabilityFirst Corporation (RF) region... See Standard details..8/10/20179/7/201710/16/201710/16/20171/1/2018Implementation PlanReplaces BAL-502-RFC-02RF
InactiveBAL-502-RFC-02Planning Resource Adequacy Analysis, Assessment and DocumentationTo establish common criteria, based on “one day in ten year” loss of Load expectation principles, for the analysis, assessment and documentation of Resource Adequacy for Load in the ReliabilityFirst Corporation (RFC) region... See Standard details..8/5/200912/14/20093/17/20115/23/20115/23/201112/31/2017Implementation Plan
InactiveBAL-STD-002-0Operating Reserves (WECC)Regional Reliability Standard to address the Operating Reserve requirements of the Western Interconnection.... See Standard details..3/12/20073/26/20076/8/20076/18/20076/18/20079/30/2014
InactiveCIP-001-0Sabotage ReportingDisturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory
bodies.... See Standard details..
2/8/20054/4/20061/1/2007Replaced with CIP-001-1 (CIP-001-0 was never enforceable)
InactiveCIP-001-1Sabotage ReportingDisturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.... See Standard details..11/1/200611/15/20063/16/20076/18/20076/18/20072/1/2011Replaced with CIP-001-1a (Interpretation of R2)
InactiveCIP-001-1aSabotage ReportingDisturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.... See Standard details..2/16/20104/21/20102/2/20112/2/20112/2/20119/30/2011Replaced with CIP-001-2a
InactiveCIP-001-2aSabotage ReportingDisturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.... See Standard details..2/17/20116/21/20118/2/20118/2/201110/1/201112/31/2013Replaced with EOP-004-2Project 2009-09
InactiveCIP-002-1Cyber Security — Critical Cyber Asset IdentificationNERC Standards CIP-002 through CIP-009 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System. These standards recognize the diff... See Standard details..5/2/20068/28/20061/18/20084/7/20087/1/20083/31/2010Replaced with CIP-002-2
InactiveCIP-002-2Cyber Security — Critical Cyber Asset IdentificationStandard CIP-002-2 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details..5/6/20095/22/20099/30/20099/30/20094/1/20109/30/2010Replaced with CIP-002-3
InactiveCIP-002-3Cyber Security — Critical Cyber Asset IdentificationStandard CIP-002-3 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details..12/16/200912/29/20093/31/20103/31/201010/1/20106/30/2016Implementation PlanProject 2009-21
InactiveCIP-002-3aCyber Security — Critical Cyber Asset IdentificationStandard CIP-002-3 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details..5/9/20128/1/20123/21/2013FERC remanded the interpretation of R3 in an order issued on 3/21/13
InactiveCIP-002-3bCyber Security — Critical Cyber Asset IdentificationStandard CIP-002-3 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details..2/7/20136/30/2016Implementation PlanProject 2009-21
InactiveCIP-002-3(i)Cyber Security — Critical Cyber Asset IdentificationNERC Standards CIP-002-3(i) through CIP-009-3 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.

These standards recogniz... See Standard details..
11/13/201411/13/2014Implementation PlanVersion developed but never filed for approval.Project 2010-05.2
InactiveCIP-002-3(i)bCyber Security — Critical Cyber Asset IdentificationNERC Standards CIP-002-3(i)b through CIP-009-3 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.

These standards recogni... See Standard details..
11/13/201411/13/2014Implementation PlanVersion developed but never filed for approval.Project 2010-05.2
InactiveCIP-002-4Cyber Security — Critical Cyber Asset IdentificationStandard CIP-002-4 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details..1/24/20112/10/20114/19/20126/25/201210/1/20142/3/2014Implementation PlanProject 2008-06
InactiveCIP-002-4aCyber Security — Critical Cyber Asset IdentificationStandard CIP-002-4 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be ide... See Standard details..5/9/20128/1/20123/21/2013Implementation PlanFERC remanded the interpretation of R3 in an order issued on 3/21/13Project 2008-06
InactiveCIP-002-5Cyber Security — BES Cyber System CategorizationTo identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Systems... See Standard details..11/26/20121/31/20132/3/2014Implementation PlanReplaced with CIP-002-5.1 (Errata)Project 2008-06
InactiveCIP-002-5.1Cyber Security — BES Cyber System CategorizationTo identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Systems... See Standard details..9/27/20139/30/201311/22/20132/3/20147/1/201612/26/2016Implementation PlanErrata approved by the SC on 9/27/2013Project 2008-06CIP Version 5 Transition Program5/20/2016
Mandatory Subject to EnforcementCIP-002-5.1aCyber Security — BES Cyber System CategorizationTo identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Systems... See Standard details..11/2/201611/28/201612/27/201612/27/201612/27/2016Implementation PlanCIP-002-5.1a replaced CIP-002-5.1Project 2015-INT-01RSAW2/9/2018
InactiveCIP-002-6Cyber Security – BES Cyber System CategorizationTo identify and categorize BES Cyber Systems and their associated BES
Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Syste... See Standard details..
5/14/20206/12/20202/4/2021Implementation PlanThis standard was withdrawn by NERC per request to FERC on 2/5/21 and will never be effective.  It was approved by the NERC BOT on 2/4/21.Project 2016-02
Filed and Pending Regulatory ApprovalCIP-002-7Cyber Security — BES Cyber System CategorizationTo identify and categorize BES Cyber Systems (BCS) and their associated BES Cyber Assets (BCA) for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BCS c... See Standard details..5/9/20247/10/2024Implementation PlanProject 2016-02
InactiveCIP-003-1Cyber Security — Security Management ControlsStandard CIP-003 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003 should be read as part of a group of standards numbered Standards CIP-002 th... See Standard details..5/2/20068/28/20061/18/20084/7/20087/1/20083/31/2010Replaced with CIP-003-2
Filed and Pending Regulatory ApprovalCIP-003-10Cyber Security — Security Management ControlsTo specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems (BCS) against compromise that could lead to misoperation or instability in the Bulk E... See Standard details..5/9/20247/10/2024Implementation PlanProject 2016-02
InactiveCIP-003-2Cyber Security — Security Management ControlsStandard CIP-003-2 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-2 should be read as part of a group of standards numbered Standards CIP-00... See Standard details..5/6/20095/22/20099/30/20099/30/20094/1/20109/30/2010Replaced with CIP-003-3
InactiveCIP-003-3Cyber Security — Security Management ControlsStandard CIP-003-3 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-3 should be read as part of a group of standards numbered Standards CIP-00... See Standard details..12/16/200912/29/20093/31/20103/31/201010/1/20106/30/2016Project 2009-21
InactiveCIP-003-3aCyber Security — Security Management ControlsStandard CIP-003-3 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-3 should be read as part of a group of standards numbered Standards CIP-00... See Standard details..11/7/20136/30/2016Project 2012-06
InactiveCIP-003-4Cyber Security — Security Management ControlsStandard CIP-003-4 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-4 should be read as part of a group of standards numbered Standards CIP-00... See Standard details..1/24/20112/10/20114/19/20126/25/201210/1/20142/3/2014Implementation PlanProject 2008-06
InactiveCIP-003-4aCyber Security — Security Management ControlsStandard CIP-003-4 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003-4 should be read as part of a group of standards numbered Standards CIP-00... See Standard details..11/7/20132/3/2014Implementation PlanProject 2008-06
InactiveCIP-003-5Cyber Security — Security Management ControlsTo specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details..11/26/20121/31/201311/22/20132/3/20146/30/2016Implementation PlanCIP-003-5 will be superseded by CIP-003-6.Project 2008-06
InactiveCIP-003-6Cyber Security — Security Management ControlsTo specify consistent and sustainable security management controls that establish responsibility and accountability to protect Bulk Electric System (BES) Cyber Systems against compromise that could lead to misoperation or instabil... See Standard details..2/12/20152/13/20151/21/20163/31/20167/1/2016X12/31/2019Implementation PlanWith the approval of CIP-003-7 and its associated Implementation Plan, entities will not be required to implement CIP-003-6, Requirement R2, Attachment 1, Sections 2 and 3. Instead, entities will implement CIP-003-7, Requirement RProject 2014-02RSAWCIP Version 5 Transition Program5/20/2016: Compliance Guidance Updates
InactiveCIP-003-7Cyber Security — Security Management ControlsTo specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electri... See Standard details..2/10/20173/3/20174/19/20186/25/20181/1/20203/31/2020Implementation PlanProject 2016-02RSAW
Mandatory Subject to EnforcementCIP-003-8Cyber Security — Security Management ControlsTo specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electri... See Standard details..5/9/20195/21/20197/31/20197/31/20194/1/20203/31/2026Implementation PlanProject 2016-02RSAW
Subject to Future EnforcementCIP-003-9Cyber Security — Security Management ControlsTo specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electri... See Standard details..11/16/202212/6/20223/16/20234/1/20264/1/2026Implementation PlanProject 2020-03RSAW
InactiveCIP-004-1Cyber Security — Personnel & TrainingStandard CIP-004 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessment,... See Standard details..5/2/20068/28/20061/18/20084/7/20087/1/20083/31/2010Replaced with CIP-004-2
InactiveCIP-004-2Cyber Security — Personnel & TrainingStandard CIP-004-2 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details..5/6/20095/22/20099/30/20099/30/20094/1/20109/30/2010Replaced with CIP-004-3
InactiveCIP-004-3Cyber Security — Personnel & TrainingStandard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details..12/16/200912/29/20093/31/20103/31/201010/1/201012/11/2012Implementation PlanReplaced with CIP-004-3a (Interpretation)Project 2010-09
InactiveCIP-004-3aCyber Security — Personnel & TrainingStandard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details..5/24/20128/1/201212/12/201212/12/201212/12/20126/30/2016Implementation PlanProject 2009-26
InactiveCIP-004-4Cyber Security — Personnel & TrainingStandard CIP-004-4 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details..1/24/20112/10/20114/19/20126/25/201212/11/2012Implementation PlanReplaced with CIP-004-4a (Interpretation)Project 2008-06
InactiveCIP-004-4aCyber Security — Personnel & TrainingStandard CIP-004-4 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessmen... See Standard details..5/24/20128/1/201212/12/201212/12/201210/1/20142/3/2014Implementation PlanProject 2008-06
InactiveCIP-004-5Cyber Security — Personnel & TrainingTo minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, training, and security ... See Standard details..11/26/20121/31/20139/30/2013Replaced with CIP-004-5.1 (Errata)
InactiveCIP-004-5.1Cyber Security — Personnel & TrainingTo minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, training, and security ... See Standard details..9/27/20139/30/201311/22/20132/3/20146/30/2016Implementation PlanCIP-004-5.1 will be superseded by CIP-004-6.Project 2008-06
InactiveCIP-004-6Cyber Security — Personnel & TrainingTo minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric System (BES) from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, ... See Standard details..2/12/20152/13/20151/21/20163/31/20167/1/2016X12/31/2023Implementation PlanLocated under Key Resources: CIP V5 Effective DatesProject 2014-02RSAWCIP Version 5 Transition Program5/20/2016
Mandatory Subject to EnforcementCIP-004-7Cyber Security — Personnel & TrainingTo minimize the risk against compromise that could lead to misoperation or
instability in the Bulk Electric System (BES) from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment,... See Standard details..
8/12/20219/15/202112/7/202112/7/20211/1/2024Implementation PlanA Responsible Entity may elect to comply with the requirements in CIP-004-7 and CIP-011-3 following their approval by the applicable governmental authority, but prior to their Effective Date. In such a case, the Responsible EntityProject 2019-02Technical Rationale CIP-004-7RSAWImplementation Guidance
Filed and Pending Regulatory ApprovalCIP-004-8Cyber Security — Personnel & Training To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric System (BES) from individuals accessing BES Cyber Systems (BCS) by requiring an appropriate level of personnel risk assess... See Standard details..5/9/20247/10/2024Implementation PlanProject 2016-02
InactiveCIP-005-1Cyber Security — Electronic Security Perimeter(s)Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005 should be read as p... See Standard details..5/2/20068/28/20061/18/20084/7/20087/1/20083/31/2010Replaced with CIP-005-2
InactiveCIP-005-1aCyber Security — Electronic Security Perimeter(s)Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005 should be read as p... See Standard details..2/16/20102/1/2011Replaced with CIP-005-3a
InactiveCIP-005-2Cyber Security — Electronic Security Perimeter(s)Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-2 should be read ... See Standard details..5/6/20095/22/20099/30/20099/30/20094/1/20109/30/2010Replaced with CIP-005-3
InactiveCIP-005-2aCyber Security — Electronic Security Perimeter(s)Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-2 should be read ... See Standard details..2/16/20104/21/20102/2/20112/2/20112/1/2011Replaced with CIP-005-3a
InactiveCIP-005-3Cyber Security — Electronic Security Perimeter(s)Standard CIP-005-3 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-3 should be read ... See Standard details..12/16/200912/29/20093/31/20103/31/201010/1/20102/1/2011Replaced with CIP-005-3a (Interpretation of CIP-005-3, Section 4.2.2 and Requirement 1.3)
InactiveCIP-005-3aCyber Security — Electronic Security Perimeter(s)Standard CIP-005-3 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-3 should be read ... See Standard details..2/16/20104/21/20102/2/20112/2/20112/2/20116/30/2016Implementation PlanProject 2009-12
InactiveCIP-005-4aCyber Security — Electronic Security Perimeter(s)Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005-4a should be rea... See Standard details..1/24/20114/12/20114/19/20126/25/201210/1/20142/3/2014Implementation PlanProject 2008-06
InactiveCIP-005-5Cyber Security — Electronic Security Perimeter(s)To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security Perimeter in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details..11/26/20121/31/201311/22/20132/3/20147/1/20169/30/2020Implementation PlanSee Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspxProject 2008-06RSAWCIP Version 5 Transition Program5/20/2016: Compliance Guidance Updates
InactiveCIP-005-6Cyber Security — Electronic Security Perimeter(s)To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security Perimeter in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details..8/10/20179/26/201710/18/201812/26/201810/1/20209/30/2022Implementation PlanProject 2016-03RSAW
Mandatory Subject to EnforcementCIP-005-7Cyber Security — Electronic Security Perimeter(s)To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security Perimeter in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details..11/5/202012/14/20203/18/20213/18/202110/1/2022Implementation PlanProject 2019-03Technical Rationale CIP-005-7RSAW
Filed and Pending Regulatory ApprovalCIP-005-8Cyber Security — Electronic Security Perimeter(s) To protect BES Cyber Systems (BCS) against compromise by permitting
only known and controlled communication to reduce the likelihood of
misoperation or instability in the Bulk Electric System (BES).... See Standard details..
5/9/20247/10/2024Implementation PlanProject 2016-02
InactiveCIP-006-1Cyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006 should be read as part of a group of standards numbered Standards CIP-002 throu... See Standard details..5/2/20068/28/20061/18/20084/7/20087/1/20083/31/2010Implementation PlanReplaced with CIP-006-2
InactiveCIP-006-1aCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006 should be read as part of a group of standards numbered Standards CIP-002 throu... See Standard details..2/12/200812/22/2009Implementation PlanReplaced with CIP-006-1b and included as part of CIP-006-2b filing; inactive as of the date CIP-006-2b was filed
InactiveCIP-006-1bCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006 should be read as part of a group of standards numbered Standards CIP-002 throu... See Standard details..8/5/200912/22/2009Implementation PlanReplaced with CIP-006-2b and included as part of CIP-006-2b filing; inactive as of the date CIP-006-2b was filed
InactiveCIP-006-1cCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006 should be read as part of a group of standards numbered Standards CIP-002 throu... See Standard details..2/16/20104/20/2010Implementation PlanReplaced with CIP-006-2c (filed as CIP-006-2c because CIP-006-1 was inactive as of the filing date and the interpretation equally applied to CIP-006-2; inactive as of the date CIP-006-2c was filed)
InactiveCIP-006-2Cyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-2 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-2 should be read as part of a group of standards numbered Standards CIP-002-2... See Standard details..5/6/20095/22/20099/30/20099/30/20094/1/20107/14/2010Implementation PlanReplaced with CIP-006-2c
InactiveCIP-006-2aCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-2 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-2 should be read as part of a group of standards numbered Standards CIP-002-2... See Standard details..5/6/20094/20/20107/15/20107/15/20107/15/20109/30/2010Implementation PlanReplaced with CIP-006-3a
InactiveCIP-006-2bCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-2 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-2 should be read as part of a group of standards numbered Standards CIP-002-2... See Standard details..8/5/200912/22/20095/19/20117/14/2010Implementation PlanReplaced with CIP-006-2c
InactiveCIP-006-2cCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-2 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-2 should be read as part of a group of standards numbered Standards CIP-002-2... See Standard details..2/16/20104/20/20107/15/20107/15/20109/30/2010Implementation PlanReplaced with CIP-006-3c
InactiveCIP-006-3Cyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-3 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be read as part of a group of standards numbered Standards CIP-002-3... See Standard details..12/16/200912/29/20093/31/20103/31/20109/30/2010Implementation PlanReplaced with CIP-006-3c
InactiveCIP-006-3aCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-3 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be read as part of a group of standards numbered Standards CIP-002-3... See Standard details..12/16/20094/20/20107/15/20107/15/201010/1/20105/18/2011Implementation PlanReplaced with CIP-006-3c
InactiveCIP-006-3cCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-3 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be read as part of a group of standards numbered Standards CIP-002-3... See Standard details..2/16/201012/22/20095/19/20115/19/20115/19/20116/30/2016Implementation PlanProject 2008-06
InactiveCIP-006-3dCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-3 is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be read as part of a group of standards numbered Standards CIP-002-3... See Standard details..2/9/20125/23/20123/21/2013Implementation PlanFERC remanded the interpretation of R1.1 in an order issued on 3/21/13Project 2009-21
InactiveCIP-006-4cCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-4c is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-4c should be read as part of a group of standards numbered Standards CIP-002... See Standard details..1/24/20114/12/20114/19/20126/25/201210/1/20142/3/2014Implementation PlanProject 2008-06
InactiveCIP-006-4dCyber Security — Physical Security of Critical Cyber AssetsStandard CIP-006-4c is intended to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Standard CIP-006-4c should be read as part of a group of standards numbered Standards CIP-002... See Standard details..2/9/20125/23/20123/21/2013Implementation PlanFERC remanded the interpretation of R1.1 in an order issued on 3/21/13Project 2008-06
InactiveCIP-006-5Cyber Security — Physical Security of BES Cyber SystemsTo manage physical access to BES Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details..11/26/20121/31/201311/22/20132/3/20146/30/2016Implementation PlanProject 2008-06
Mandatory Subject to EnforcementCIP-006-6Cyber Security — Physical Security of BES Cyber SystemsTo manage physical access to Bulk Electric System (BES) Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details..11/13/20142/13/20151/21/20163/31/20167/1/2016XImplementation PlanSee Implementation Plan for Compliance dates. See also CIP V5 Effective Dates here under Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspxProject 2014-02RSAWCIP Version 5 Transition Program5/20/2016: Compliance Guidance Updates
Filed and Pending Regulatory ApprovalCIP-006-7Cyber Security — Physical Security of BES Cyber SystemsTo manage physical access to Bulk Electric System (BES) Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems (BCS) against compromise that could lead to misoperation or instability in the... See Standard details..5/9/20247/10/2024Implementation PlanProject 2016-02
InactiveCIP-007-1Cyber Security — Systems Security ManagementStandard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the non-critical Cyber Assets within the Electronic Security... See Standard details..5/2/20068/28/20061/18/20084/7/20087/1/20083/31/2010Replaced with CIP-007-2
InactiveCIP-007-2Cyber Security — Systems Security ManagementStandard CIP-007-2 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details..5/6/20095/22/20099/30/20099/30/20093/31/2010Replaced with CIP-007-2a (Interpretation of a term used in R2)
InactiveCIP-007-2aCyber Security — Systems Security ManagementStandard CIP-007-2 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details..11/5/200911/17/20093/18/20103/18/20104/1/20109/30/2010Replaced with CIP-007-3a
Pending Regulatory FilingCIP-007-3Cyber Security — Systems Security ManagementStandard CIP-007-3 requires Responsible Entities to define methods, processes,
and procedures for securing those systems determined to be Critical Cyber Assets, as well as
the other (non-critical) Cyber Assets within the Electro... See Standard details..
12/16/2009This version is not used in the United States.
InactiveCIP-007-3aCyber Security — Systems Security ManagementStandard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details..12/16/200912/29/20093/31/20103/31/201010/1/20106/30/2016Implementation PlanThe version number was updated from CIP-007-3 to CIP-007-3a to incorporate the approved interpretation that should have previously been appended.Project 2009-21
InactiveCIP-007-3bCyber Security — Systems Security ManagementStandard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details..11/7/20136/30/2016Implementation PlanProject 2009-21
InactiveCIP-007-4aCyber Security — Systems Security ManagementStandard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details..1/24/20112/10/20114/19/20126/25/201210/1/20142/3/2014Implementation PlanThe version number was updated from CIP-007-4 to CIP-007-4a to incorporate the approved interpretation that should have previously been appended.Project 2008-06
InactiveCIP-007-4bCyber Security — Systems Security ManagementStandard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electroni... See Standard details..11/7/20132/3/2014Implementation PlanProject 2008-06
InactiveCIP-007-5Cyber Security — System Security ManagementTo manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.... See Standard details..11/26/20121/31/201311/22/20132/3/20146/30/2016Implementation PlanProject 2008-06
Mandatory Subject to EnforcementCIP-007-6Cyber Security — System Security ManagementTo manage system security by specifying select technical, operational, and procedural requirements in support of protecting Bulk Electric System (BES) Cyber Systems against compromise that could lead to misoperation or instability... See Standard details..2/12/20152/13/20151/21/20163/31/20167/1/2016XImplementation PlanSee Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspxProject 2014-02RSAWCIP Version 5 Transition Program5/20/2016: Compliance Guidance Updates
Filed and Pending Regulatory ApprovalCIP-007-7Cyber Security — System Security ManagementTo manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES Cyber Systems (BCS) against compromise that could lead to misoperation or instability in the Bulk Elec... See Standard details..5/9/20247/10/2024Implementation PlanProject 2016-02
InactiveCIP-008-1Cyber Security — Incident Reporting and Response PlanningStandard CIP-008 ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008 should be read as part of a group of standards numbered Standards ... See Standard details..5/2/20068/28/20061/18/20084/7/20087/1/20083/31/2010Replaced with CIP-008-2
InactiveCIP-008-2Cyber Security — Incident Reporting and Response PlanningStandard CIP-008-2 ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008-2 should be read as part of a group of standards numbered Standa... See Standard details..5/6/20095/22/20099/30/20099/30/20094/1/20109/30/2010Replaced with CIP-008-3
InactiveCIP-008-3Cyber Security — Incident Reporting and Response PlanningStandard CIP-008-3 ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008-23 should be read as part of a group of standards numbered Stand... See Standard details..12/16/200912/29/20093/31/20103/31/201010/1/20106/30/2016Implementation PlanProject 2009-21
InactiveCIP-008-4Cyber Security — Incident Reporting and Response PlanningStandard CIP-008-4 ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008-4 should be read as part of a group of standards numbered Standa... See Standard details..1/24/20112/10/20114/19/20126/25/201210/1/20142/3/2014
InactiveCIP-008-5Cyber Security — Incident Reporting and Response PlanningTo mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements.... See Standard details..11/26/20121/31/201311/22/20132/3/20147/1/2016X12/31/2020Implementation PlanSee Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspxProject 2008-06RSAWCIP Version 5 Transition Program5/20/2016: Compliance Guidance Updates
Mandatory Subject to EnforcementCIP-008-6Cyber Security — Incident Reporting and Response PlanningTo mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements.... See Standard details..2/7/20193/7/20196/20/20196/20/20191/1/2021Implementation PlanProject 2018-02Technical Rationale CIP-008-6RSAW
Filed and Pending Regulatory ApprovalCIP-008-7Cyber Security — Incident Reporting and Response PlanningTo mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements. ... See Standard details..5/9/20247/10/2024Implementation PlanProject 2016-02
InactiveCIP-009-1Cyber Security — Recovery Plans for Critical Cyber AssetsStandard CIP-009 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009 should be read ... See Standard details..5/2/20068/28/20061/18/20084/7/20087/1/20083/31/2010Replaced with CIP-009-2
InactiveCIP-009-2Cyber Security — Recovery Plans for Critical Cyber AssetsStandard CIP-009-2 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009-2 should be r... See Standard details..5/6/20095/22/20099/30/20099/30/20094/1/20109/30/2010Replaced with CIP-009-3
InactiveCIP-009-3Cyber Security — Recovery Plans for Critical Cyber AssetsStandard CIP-009-3 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009-3 should be r... See Standard details..12/16/200912/29/20093/31/20103/31/201010/1/20106/30/2016Implementation PlanProject 2009-21
InactiveCIP-009-4Cyber Security — Recovery Plans for Critical Cyber AssetsStandard CIP-009-4 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009-4 should be r... See Standard details..1/24/20112/10/20114/19/20126/25/201210/1/20142/3/2014
InactiveCIP-009-5Cyber Security — Recovery Plans for BES Cyber SystemsTo recover reliability functions performed by BES Cyber Systems by specifying recovery plan requirements in support of the continued stability, operability, and reliability of the BES.... See Standard details..11/26/20121/31/201311/22/20132/3/20146/30/2016Implementation PlanProject 2008-06
Mandatory Subject to EnforcementCIP-009-6Cyber Security — Recovery Plans for BES Cyber SystemsTo recover reliability functions performed by BES Cyber Systems by specifying recovery plan requirements in support of the continued stability, operability, and reliability of the BES.... See Standard details..11/13/20142/13/20151/21/20163/31/20167/1/2016XImplementation PlanLocated under Key Resources: CIP V5 Effective DatesProject 2014-02RSAWCIP Version 5 Transition Program5/20/2016: Compliance Guidance Updates
Filed and Pending Regulatory ApprovalCIP-009-7Cyber Security — Recovery Plans for BES Cyber Systems To recover reliability functions performed by BES Cyber Systems (BCS) by  specifying recovery plan requirements in support of the continued     stability, operability, and reliability of the Bulk Electric System (BES). ... See Standard details..5/9/20247/10/2024Implementation PlanProject 2016-02
InactiveCIP-010-1Cyber Security — Configuration Change Management and Vulnerability AssessmentsTo prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to ... See Standard details..11/26/20121/31/201311/22/20132/3/20146/30/2016Implementation PlanProject 2008-06
InactiveCIP-010-2Cyber Security — Configuration Change Management and Vulnerability AssessmentsTo prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to ... See Standard details..2/12/20152/13/20151/21/20163/31/20167/1/20169/30/2020Implementation PlanSee Key Resources: http://www.nerc.com/pa/CI/Pages/Transition-Program.aspxProject 2014-02RSAWCIP Version 5 Transition Program5/20/2016: Compliance Guidance Updates
InactiveCIP-010-3Cyber Security — Configuration Change Management and Vulnerability AssessmentsTo prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to ... See Standard details..8/10/20179/26/201710/18/201812/26/201810/1/20209/30/2022Implementation PlanProject 2016-03RSAW2/8/2018
Mandatory Subject to EnforcementCIP-010-4Cyber Security — Configuration Change Management and Vulnerability AssessmentsTo prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to ... See Standard details..11/5/202012/14/20203/18/20213/18/202110/1/2022Implementation PlanProject 2019-03Technical Rationale CIP-010-4RSAW3/25/2021:Compliance Guidance Updates
Filed and Pending Regulatory ApprovalCIP-010-5Cyber Security — Configuration Change Management and Vulnerability AssessmentsTo prevent and detect unauthorized changes to BES Cyber Systems (BCS) by specifying configuration change management and vulnerability assessment requirements in support of protecting BCS from compromise that could lead to misopera... See Standard details..5/9/2024