Agenda Board of Trustees Standards Oversight and Technology Committee May 6, 2014 | 11:15 a.m. to 12:15 p.m. Eastern

Hyatt Regency Philadelphia at Penn’s Landing 201 S. Columbus Bvd. Philadelphia, PA 19106 215-928-1234

Call to Order and Chair’s Remarks

NERC Antitrust Compliance Guidelines and Public Announcement

Agenda

1. Minutes* — Approve

a. February 5, 2014 Meeting

2. CIP Version 5* – Information

a. Response to FERC Directives

b. Implementation Update

3. Stage 2 GMD Standard* – Information

4. Physical Security Standard Project* – Information

5. ERO Enterprise IT Applications – Information

6. TOP/IRO Response Update* – Information

7. Reliability Standards Quarterly Status Report (including Standards Committee Report)* —Information

8. Periodic Review of NERC ANSI Accreditation* – Information

9. Adjournment

*Background materials included.

Antitrust Compliance Guidelines

I. General It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition.

It is the responsibility of every NERC participant and employee who may in any way affect NERC’s compliance with the antitrust laws to carry out this commitment.

Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another. The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations. In some instances, the NERC policy contained in these guidelines is stricter than the applicable antitrust laws. Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC’s antitrust compliance policy is implicated in any situation should consult NERC’s General Counsel immediately.

II. Prohibited ActivitiesParticipants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (e.g., at NERC meetings, conference calls and in informal discussions):

• Discussions involving pricing information, especially margin (profit) and internal costinformation and participants’ expectations as to their future prices or internal costs.

• Discussions of a participant’s marketing strategies.

• Discussions regarding how customers and geographical areas are to be divided amongcompetitors.

• Discussions concerning the exclusion of competitors from markets.

• Discussions concerning boycotting or group refusals to deal with competitors, vendors orsuppliers.

NERC Antitrust Compliance Guidelines 2

• Any other matters that do not clearly fall within these guidelines should be reviewed with NERC’s General Counsel before being discussed.

III. Activities That Are Permitted From time to time decisions or actions of NERC (including those of its committees and subgroups) may have a negative impact on particular entities and thus in that sense adversely impact competition. Decisions and actions by NERC (including its committees and subgroups) should only be undertaken for the purpose of promoting and maintaining the reliability and adequacy of the bulk power system. If you do not have a legitimate purpose consistent with this objective for discussing a matter, please refrain from discussing the matter during NERC meetings and in other NERC-related communications. You should also ensure that NERC procedures, including those set forth in NERC’s Certificate of Incorporation, Bylaws, and Rules of Procedure are followed in conducting NERC business. In addition, all discussions in NERC meetings and other NERC-related communications should be within the scope of the mandate for or assignment to the particular NERC committee or subgroup, as well as within the scope of the published agenda for the meeting. No decisions should be made nor any actions taken in NERC activities for the purpose of giving an industry participant or group of participants a competitive advantage over other participants. In particular, decisions with respect to setting, revising, or assessing compliance with NERC reliability standards should not be influenced by anti-competitive motivations. Subject to the foregoing restrictions, participants in NERC activities may discuss:

• Reliability matters relating to the bulk power system, including operation and planning matters such as establishing or revising reliability standards, special operating procedures, operating transfer capabilities, and plans for new facilities.

• Matters relating to the impact of reliability standards for the bulk power system on electricity markets, and the impact of electricity market operations on the reliability of the bulk power system.

• Proposed filings or other communications with state or federal regulatory authorities or other governmental entities.

Matters relating to the internal governance, management and operation of NERC, such as nominations for vacant committee positions, budgeting and assessments, and employment matters; and procedural matters such as planning and scheduling meetings.

Draft Minutes Standards Oversight and Technology Committee February 5, 2014 | 7:30-9:00 a.m. Mountain

Arizona Grand Resort 8000 Arizona Grand Parkway Phoenix, AZ 85044

Call to Order and Chair’s Remarks Kenneth G. Peterson, Chair, convened a duly noticed open meeting of the Standards Oversight and Technology Committee (the “Committee”) of the North American Electric Reliability Corporation (“NERC”) on February 5, 2014 at 7:30 a.m. Mountain, and a quorum was declared present. The agenda is attached as Exhibit A.

Committee Members: Board of Trustees Members: Kenneth G. Peterson, Chair Janice B. Case Paul F. Barber Gerald W. Cauley, President and Chief Executive Officer Frederick W. Gorbet Robert G. Clarke David Goulding Jan Schori Douglas Jaeger Roy Thilly Bruce A. Scherr

NERC Staff: Valerie Agnew, Director of Standards Development Charles A. Berardesco, Senior Vice President, General Counsel, and Corporate Secretary Matthew Blizzard, Director of Critical Infrastructure Protection Thomas Burgess, Vice President and Director of Reliability Assessment and Performance Analysis Howard Gugel, Director of Performance Analysis Holly A. Hawkins, Assistant General Counsel Mark G. Lauby, Vice President and Director of Standards Development Mark Rossi, Senior Vice President and Chief Operating Officer Janet Sena, Senior Vice President and Director of Policy and External Affairs Brady Walker, Associate Counsel Michael Walker, Senior Vice President, Chief Financial and Administrative Officer, and Corporate Treasurer

Other: Mr. Brian Murphy, Chair, Standards Committee

Agenda Item 1.a

NERC Antitrust Compliance Guidelines Mr. Peterson directed the participants’ attention to the NERC Antitrust Compliance Guidelines included in the agenda, and stated that any additional questions regarding these guidelines may be directed to himself or to Mr. Berardesco. Minutes Upon motion duly made and seconded, the November 6, 2013 meeting minutes were approved in the form as presented to the Committee at the meeting. SOTC Self-Assessment Results Mr. Peterson reviewed the Committee’s Self-Assessment results for 2013, noting the results were positive overall, and that areas identified for improvement would be a focus in the coming year. Operating Personnel Communication Protocols Mr. Lauby reported that the latest version of proposed Reliability Standard COM-002-4 had been approved by industry stakeholders. Committee members and industry stakeholders engaged in a general discussion. CIP Version 5 Response to FERC Order No. 791 and Implementation Ms. Agnew outlined a timeline for (i) developing modifications to the CIP Version 5 Reliability Standards (in response to outstanding FERC directives), and (ii) implementing lessons learned from the transition study. Mr. Blizzard discussed the transition study and plan in detail. The formation of the standard drafting team was also discussed. Committee members engaged in a general discussion of this issue. Actions in response to TOP/IRO NOPR Ms. Hawkins outlined several steps NERC is taking to understand and address technical concerns raised by industry stakeholders and FERC. She noted that industry stakeholders have expressed strong support for upcoming technical conferences intended to address these concerns. NERC has committed to filing revised Reliability Standards by January 2015. Assessment of 2013 Process Reforms and Resolution to August 9, 2013 Appeal Mr. Lauby outlined reforms to the standard development process implemented in 2013. Board members and industry stakeholders discussed the effectiveness of these changes and made suggestions concerning future process revisions. Status of Reliability Standard Audit Worksheet (RSAW) Development Ms. Agnew provided a brief background on RSAWs and outlined a plan for concurrent development of RSAWs with Reliability Standards. She highlighted the collaborative nature of the process that involves coordination between NERC and the Regional Entities, and allows for industry comment. All Reliability

2

Standards development projects will adopt this process going forward. The Committee and industry stakeholders engaged in active discussion of this issue. Reliability Standards Quarterly Status Report (including Standards Committee Report) Mr. Lauby presented the Reliability Standards Quarterly Status Report which (i) outlined Reliability Standards that will be presented to the Board for approval, (ii) updated the number of outstanding FERC directives, and (iii) provided a summary of projects slated for development in 2014. Mr. Murphy presented a summary of the policy input letter he submitted on behalf of the Standards Committee. The Committee members engaged in an active discussion of the issue. Adjournment There being no further business, and upon motion duly made and seconded, the meeting was adjourned at 8:55 a.m. Mountain. Submitted by,

Charles A. Berardesco Corporate Secretary

3

Agenda Item 2.a Standards Oversight and Technology Committee Meeting

May 6, 2014

CIP Version 5 – Response to FERC Directives

Action Information

Background On November 22, 2013, the Federal Energy Regulatory Commission (FERC or the Commission) issued Order No. 791, Version 5 Critical Infrastructure Protection Reliability Standards, in which FERC approved Version 5 of the Critical Infrastructure Protection (CIP) standards and directed several modifications.

Summary In Order No. 791, FERC approved Version 5 of the CIP standards and directed several modifications, including the following:

1. Modify or remove the “identify, assess, and correct” (IAC) language found in 17 of the 32CIP Version 5 requirements.

2. Develop modifications to the CIP standards to address security controls for Low Impactassets.

3. Develop requirements that protect transient electronic devices.

4. Create a definition of “communication networks” and develop new or modifiedReliability Standards that address the protection of communication networks.

5. Modify certain Violation Severity Levels (VSLs) and Violation Risk Factors (VRFs)

FERC directed that NERC must submit new or revised standards responding to the directives related to the IAC language and communication networks by February 3, 2015, one year from the effective date of Order No. 791. FERC did not place a timeframe on responding to the other directives.

FERC also directed NERC to survey responsible entities to gain a better understanding of the Bulk Electric System (BES) Cyber Asset definition and submit an informational filing on the results from this survey by February 3, 2015. In addition, Order No. 791 directed FERC staff to convene a technical conference within 180 days from the date of the final rule to address the technical issues identified in the Order concerning communications security, remote access, and the NIST Risk Management Framework. Finally, FERC approved both the implementation approach to bypass CIP Version 4 and move directly to CIP Version 5 as well as the implementation timeframes proposed by NERC.

1

Pertinent directives from the FERC Order No. 791, Version 5 Critical Infrastructure Protection Reliability Standards, 145 FERC ¶ 61,160 (2013):

Paragraph 67 For the reasons discussed below, the Commission concludes that the “identify, assess, and correct” language, as currently proposed by NERC, is unclear with respect to the obligations it imposes on responsible entities, how it would be implemented by responsible entities, and how it would be enforced. Accordingly, we direct NERC, pursuant to section 215(d)(5) of the FPA, to develop modifications to the CIP version 5 Standards that address our concerns. Preferably, NERC should remove the “identify, assess, and correct” language from the 17 CIP version 5 requirements, while retaining the substantive provisions of those requirements. Alternatively, NERC may propose equally efficient and effective modifications that address the Commission’s concerns regarding the “identify, assess, and correct” language. The Commission directs NERC to submit the modifications to the CIP Reliability Standards within one year from the effective date of this Final Rule. Paragraph 108 In addition, the absence of objective criteria to evaluate the controls chosen by responsible entities for Low Impact assets introduces an unacceptable level of ambiguity and potential inconsistency into the compliance process, and creates an unnecessary gap in reliability. This ambiguity will make it difficult for registered entities to develop, and NERC and the regions to objectively evaluate, the effectiveness of procedures developed to implement Reliability Standard CIP-003-5, Requirement R2. Therefore, pursuant to section 215(d)(5) of the FPA, we direct NERC to develop modifications to the CIP version 5 Standards to address this concern. We believe that NERC can effectively address this concern in a number of ways, including: (1) requiring specific controls for Low Impact assets, including subdividing the assets into different categories with different defined controls applicable to each subcategory; (2) developing objective criteria against which the controls adopted by responsible entities can be compared and measured in order to evaluate their adequacy, including subdividing the assets into different categories with different defined control objectives applicable to each subcategory; (3) defining with greater specificity the processes that responsible entities must have for Low Impact facilities under Reliability Standard CIP-003-5, Requirement R2; or (4) another equally efficient and effective solution. We believe that this approach allows NERC the flexibility to develop appropriate modification(s), while also considering the stakeholder concerns expressed in NOPR comments regarding the possible rigidity of requiring a “one-size-fits-all” set of controls. Paragraph 124 Accordingly, the Commission directs NERC to conduct a survey of Cyber Assets that are included or excluded under the new BES Cyber Asset definition during the CIP version 5 Standards implementation periods. Such data will help provide a better understanding of the BES Cyber Asset definition. Based on the survey data, NERC should explain in an informational filing the following: (1) specific ways in which entities determine which Cyber Assets meet the 15 minute parameter; (2) types or functions of Cyber Assets that are excluded from being designated as

2

BES Cyber Assets and the rationale as to why; (3) common problem areas with entities improperly designating BES Cyber Assets; and (4) feedback from each region participating in the implementation study on lessons learned with the application of the BES Cyber Asset definition. The informational filing should not provide a level of detail that divulges CEII data. This filing should also help other entities implementing CIP version 5 in identifying BES Cyber Assets. Paragraph 132 Based on the explanation provided by NERC and other commenters, we will not direct modifications regarding the 30-day exemption in the definition of BES Cyber Asset. While we are persuaded that it would be unduly burdensome for responsible entities to treat all transient devices as BES Cyber Assets, we remain concerned whether the CIP version 5 Standards provide adequately robust protection from the risks posed by transient devices. Accordingly, as discussed below, we direct NERC to develop either new or modified standards to address the reliability risks posed by connecting transient devices to BES Cyber Assets and Systems. Paragraph 150 We direct NERC to create a definition of communication networks and to develop new or modified Reliability Standards to address the reliability gap discussed above. The definition of communications networks should define what equipment and components should be protected, in light of the statutory inclusion of communication networks for the reliable operation of the Bulk-Power System. The new or modified Reliability Standards should require appropriate and reasonable controls to protect the nonprogrammable aspects of communication networks. The Commission directs NERC to submit these modifications for Commission approval within one year from the effective date of this final rule. We also direct Commission staff to include this issue in the staff-led technical conference discussed herein. Paragraph 181 We adopt the NOPR proposal and direct NERC to modify the VRF assignment for CIP-006-5, Requirement R3 from Lower to Medium. This modification will ensure that the CIP version 5 Standards afford similar treatment to the testing and monitoring of Physical Access Control Systems (PACS) as the CIP version 4 Standards. We are not persuaded by commenters’ arguments that a Lower VRF assignment is appropriate for CIP-006-5, Requirement R3. Paragraph 192 The Commission adopts the NOPR proposal and directs NERC to modify the VRF assignment for CIP-004-5, Requirement R4 from Lower to Medium. This modification is necessary to reflect that access to operationally sensitive computer equipment should be strictly limited to employees or contractors who utilize the equipment in performance of their job responsibilities, and to prevent or mitigate disclosure of sensitive information consistent with Recommendations 40 and 44 of the 2003 Blackout Report. In addition, a Medium VRF assignment ensures consistency with the Commission’s VRF guidelines.

3

Paragraph 205 Consistent with the NOPR proposal, we direct NERC to develop modifications to the VSLs for certain CIP version 5 Standard requirements to: (1) remove the “identify, assess, and correct” language from the text of the VSLs for the affected requirements; (2) address typographical errors; and (3) clarify certain unexplained elements. For the VSLs that include “identify, assess, and correct” language, we direct NERC to ensure that these VSLs are modified to reflect any revisions to the requirement language in response to our directives. We grant NERC the discretion to decide how best to address these modifications be it through an errata filing to this proceeding or separate filing. Paragraph 206 With respect to the VSL language for CIP-003-5, Requirements R1 and R2, the Commission notes that the language “as required by R[1 or 2]” and “according to Requirement R[1 or 2]” is redundant and potentially confusing and hereby directs NERC to provide clarification to this language. Paragraph 207 With respect to the VSL language for CIP-003-5, Requirement R4, the Commission agrees with NERC that basing the VSL language on a timeline is appropriate, but notes that the VSL language does not match the table and analysis documents within Appendix E of the CIP version 5 Petition. After considering NERC’s comments, the Commission understands that the correct VSL for this requirement includes timeline gradations. We therefore direct NERC to clarify the VSL language for this requirement to reflect this understanding. Paragraph 208 We direct NERC to change the VSL gradation for CIP-004-5, Requirement R4 to be percentage based, instead of using the number of BES Cyber Systems or sites for storing BES Cyber System information. This change will allow for fair treatment for entities that may only have a single BES Cyber system or storage location. Paragraph 209 With respect to the VSL language for CIP-008-5, Requirement R2, the Commission believes that NERC inserted a typographical error into the petition, creating a gap between 18 months and 19 months in the VSLs. We therefore direct NERC to clarify this language in a further filing. Paragraph 210 With respect to the VSL language in CIP-009-5 Part 3.1, we believe that the number of days listed in the VSLs is inconsistent. For example, the moderate VSL for Part 3.1.2 has a timeframe of 90 – 210 calendar days, while the High VSL has a timeframe of greater than 120 calendar days. The Commission believes that the 120 day metric is appropriate for these time-based VSL gradations and directs NERC to change the “210 calendar days” language to “120 calendar days” where appropriate. In short, notwithstanding any changes the Commission requires for VRFs and VSLs, the Commission clarifies that any penalties for violations of the CIP Standards

4

must be tailored to each responsible entity’s effect on the BES, with particular consideration given to small utilities that individually pose less of a reliability and security risk. Standards Development Process Update On January 16, 2014, the Standards Committee (SC) accepted the Project 2014-02 Standard Authorization Request (SAR) to post for a 30-day informal comment period. NERC staff posted the SAR from January 17–February 18, 2014. NERC staff made minor revisions to the SAR based on submitted comments and posted the revised SAR to the project page on March 20, 2014. NERC staff hosted two technical conferences to engage in early dialogue regarding the four main directives in FERC Order No. 791, one on January 21, 2014 at its Atlanta offices and one on January 23, 2014 in Phoenix, AZ. During these day-long sessions, industry representatives were able to discuss considerations and perspectives on addressing the directives and provide informal input to the standard drafting team (SDT). NERC staff from Standards, Critical Infrastructure, and Enforcement participated, demonstrating an ERO unified on coordinating efforts for transition activities, the Reliability Assurance Initiative (RAI), and standards development. In Atlanta, 114 people attended in person and 170 via webinar; in Phoenix, there 137 attended in person and 121 via webinar. On January 29, 2014, the SC seated 10 members to the Project 2014-02 SDT. The roster is available here. The SDT has set an aggressive meeting schedule, and has had two in-person SDT meetings to date. Two more in-person meetings are scheduled prior to the targeted posting date. When not meeting in person, the SDT holds weekly full-team conference calls as well as weekly calls for subgroups. There are four subgroups, each one focusing on one of the four main directives, and the SDT designated two SDT members to lead each call. In total, the SDT holds approximately 10 hours of calls each week. The schedule of calls and in-person meetings is available here. The SDT anticipates the following milestones to complete the project:

1. Early June: Post revised standards and related development materials for a 45-day formal comment and concurrent initial ballot period.

2. July and August: In-person SDT meetings.

3. September and October: Additional posting (if needed) of standards and related development materials for a 45-day formal comment and concurrent additional ballot period.

4. Late October to early November: Post for 10-day final ballot.

5. November to December: Adoption by the NERC Board of Trustees (Board); NERC staff file standards with applicable regulatory authorities.

5

NERC staff also revised certain VRFs and VSLs in response to FERC’s directive related to those items in Order No. 791. NERC staff is requesting that the Board approve the modifications during the May 2014 Board meeting. NERC staff will file the VRFs and VSLs with FERC after Board approval. NERC staff from Standards and Critical Infrastructure are also working to develop the survey of BES Cyber Assets in response to the FERC directive in paragraph 124, and will provide an additional update on the survey during the August 2014 Standards Oversight and Technology Committee and Board meetings. Additional Information The project history and related files are available by following this link:

[Project 2014-02 CIP Version 5 Revisions]

6

Agenda Item 2.b Standards Oversight and Technology Committee Meeting

May 6, 2014

Critical Infrastructure Protection (CIP) Version 5 Implementation Study

Action Information

Background As part of the ongoing implementation study to support the transition to version 5 of the CIP Reliability Standards (CIP Version 5), NERC selected six Registered Entities to help identify transition issues and address industry concerns in the early phases of the implementation plan for CIP Version 5.1 In summary, the implementation study has three primary goals:

• The implementation study results would inform NERC’s compliance and enforcementdirection during the transition period (in particular, assessing an entity’s compliancewith CIP Version 3 while it is implementing CIP Version 5).

• The study would help determine which standards and requirements would be the mostchallenging to implement and anticipate problem areas for the industry in order to easethe transition process.

• Based on the Final Rule2 and resulting directives, NERC would provide guidance to helpmanage concerns regarding the “Identify, Assess and Correct” (IAC) language and anyother changes directed by the Final Rule.

In Order No. 791, the Federal Energy Regulatory Commission (FERC) approved CIP Version 5, but directed NERC to develop modifications to address FERC’s concerns regarding the IAC language within one year of the effective date of the Final Rule.3 A standard drafting team has been convened to address this and other directives from Order No. 791.

Currently, NERC is completing efforts to integrate compliance and enforcement processes and concepts relevant to the removal and/or modification of the IAC language through the Reliability Assurance Initiative (RAI). NERC understands that adoption of self-correcting language informed industry’s approval of the CIP Version 5 standards, insofar as IAC allowed for entities to demonstrate internal controls to correct issues effectively and swiftly. NERC’s compliance staff has been working closely with the standard drafting team to advise the team

1 For additional information regarding the Implementation Study, see Informational Filing of the North American Electric Reliability Corporation Regarding the CIP Version 5 Reliability Standards Implementation Study, Dkt. No. RM13-5-000 (Oct. 11, 2013), available at http://www.nerc.com/pa/CI/tpimplementstudy/Informational%20Filing%20CIP%20Implementation%20Study.pdf. 2 Order No. 791, Version 5 Critical Infrastructure Protection Reliability Standards, Dkt. No. RM13-5-000 (Nov. 22, 2013) (“Final Rule” or “Order No. 791”). 3 Final Order at ¶¶ 67-76.

1

on development regarding RAI and how the RAI concepts will utilize the self-correcting aspects of IAC. In support of the drafting team, NERC has developed several compliance “storyboards” to demonstrate how RAI tools and methods will apply to noncompliance under CIP Version 5. Lastly, staff from NERC and the Regional Entities are working to finalize a set of guidance communications that will guide the industry’s activities during the transition to CIP Version 5. These communications will include specific instructions on the methods that compliance and enforcement will use to provide flexibility to Registered Entities implementing CIP Version 5 during the transition period. Status As of April 2014, NERC, the Regional Entities, implementation study participants, and stakeholder observers have been working on the following activities in support of the stated goals:

1. Outreach and Training CIP Version 5 transition training was provided to industry and CIP auditors at the St. Louis Critical Infrastructure Protection Committee (CIPC) meeting on March 4, 2014. In addition, CIP Version 5 transition training was provided to Regional Entity auditors as part of the Auditor Workshop in Atlanta on March 5, 2014. The implementation study has progressed, and one implementation study participant completed its activities in March 2014. Close-out meetings are scheduled for the remaining five participants in the implementation study in the second quarter of 2014. Several Q&A topics and lessons learned deliverables have been posted to NERC’s website.4 Based on industry feedback, remaining lessons learned documents may include the following topics:

• Determination of Bulk Electric System (BES) Cyber Assets for Generation Facilities;

• Determination of BES Cyber Assets for Substations;

• “High-watermarking” Protected Cyber Assets;

• Remote Interactive Access Controls;

• Configuration Management; or

• The use of Virtualization and Virtual Local Area Networks.

2. Standard Drafting Team Support NERC’s Compliance and Enforcement staffs have engaged the standard drafting team to provide assistance and transparency with regard to the RAI development activities. Example scenarios have been presented to the standard drafting team to illustrate how self-corrective processes can be demonstrated and how Compliance Enforcement Authorities would evaluate noncompliance in the context of internal controls.

3. Transition Guidance

4 http://www.nerc.com/pa/CI/Pages/Transition-Program-V5-Implementation-Study.aspx.

NERC’s Compliance staff is developing an updated transition guidance document to address key topics to aid the industry’s transition to CIP Version 5. The core concept for the guidance document to address is how industry will implement CIP Version 5 requirements prior to the effective date so that those activities can be deemed acceptable for CIP Version 3 compliance during the transition period. To accompany this guidance, the ERO will prepare a compatibility matrix that will explain in detail the specific CIP Version 5 requirements that will be considered compatible with CIP Version 3. The goal of providing this information is so Registered Entities can begin implementing CIP Version 5 in a timely manner so that they are well-prepared to meet the mandatory enforcement dates for CIP Version 5. In addition, the guidance will provide additional details and clarification to assist Registered Entities during the transition period. Examples include processes for addressing newly-identified BES cyber assets and clarifying the timing for meeting certain CIP Version 5 requirements.

3

Agenda Item 3 Standards Oversight and Technology Committee Meeting

May 6, 2014

Stage 2 Geomagnetic Disturbance Mitigation

Action Information

Background On May 16, 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 779 directing NERC to develop Reliability Standards addressing the potential impact of geomagnetic disturbances (GMD) in two stages.

• A Stage 1 Standard, EOP-010-1, which requires applicable entities to implementOperating Procedures was adopted by the Board of Trustees (Board) and filed inNovember 2013.

• Stage 2 Standard(s) requiring applicable entities to conduct assessments of the impactsof benchmark GMD events on their systems and requiring the development andimplementation of a plan to mitigate the risk of instability, uncontrolled separation, orcascading, if impacts are identified. FERC established a filing deadline of January 21,2015, for Stage 2.

FERC further directed that NERC identify, through its standards development process, the benchmark GMD event (including a technical justification for the selected benchmark) that entities will use in their vulnerability assessments.

Summary The standard drafting team has developed draft standard TPL-007-1 – Transmission System Planned Performance during Geomagnetic Disturbances to meet the Stage 2 directives. The proposed standard will establish planned performance requirements during a benchmark GMD event and is applicable to Planning Coordinators and Transmission Planners whose respective areas include a transformer connected at 200 kV or higher, and Transmission Owners, and Generation Owners that own a transformer connected at 200 kV or higher.

The benchmark GMD event was developed using statistical analysis of historical geomagnetic data to represent a conservative estimate of a 1-in-100 year storm. The benchmark GMD event is the design basis for the TPL-007-1 standard and provides the criteria for assessing system steady-state performance and thermal impact on transformers. The drafting team has prepared a whitepaper describing the benchmark GMD event, their analysis, and the procedure for scaling the benchmark GMD event to account for the location of the system being studied.

Technical details of the draft standard and benchmark GMD event were presented to the GMD Task Force, Planning Committee, and Operating Committee in March 2014. An industry webinar and informal comment period are planned to provide early communication with stakeholders prior to posting for initial comment and ballot in June 2014. The drafting team expects to present the proposed standard to the Board for adoption in November 2014.

1

Additional Information A link to the project history and files is included here for reference:

[http://www.nerc.com/pa/Stand/Pages/Project-2013-03-Geomagnetic-Disturbance-Mitigation.aspx]

2

Agenda Item 4 Standards Oversight and Technology Committee Meeting

May 6, 2014

Physical Security Standard Project

Action Information

Background On March 7, 2014, the Federal Energy Regulatory Commission (FERC) issued an order directing NERC to submit for approval, within 90 days of the order, one or more Reliability Standards to address physical security risks and vulnerabilities of critical facilities on the Bulk Power System (BPS).1

Summary The order focuses on critical facilities, directing steps to evaluate physical security threats and implement security plans that will continue NERC’s ongoing physical security efforts. In the order, FERC stated that the proposed standard(s) should require entities to take a least the following three steps:

• Perform a risk assessment to identify facilities that, if rendered inoperable or damaged,could result in instability, uncontrolled separation, or cascading failures on the BPS.

• Evaluate the potential threats and vulnerabilities to those identified facilities.

• Develop and implement a security plan designed to protect against physical attacks tothose identified facilities based on the assessment of the potential threats andvulnerabilities to their physical security.

Additionally, FERC directed that the proposed standard(s) should also: (1) include a procedure that will ensure confidential treatment of sensitive or confidential information; (2) include a procedure for a third party to verify the list of identified facilities and allow the verifying entity, as well as FERC, to add or remove facilities from the list of critical facilities; (3) include a procedure for a third party to review the evaluation of threats and vulnerabilities and the security plan; and (4) require that the identification of the facilities, the assessment of the potential risks and vulnerabilities, and the security plans be periodically reevaluated and revised to ensure their continued effectiveness. FERC directed that the proposed Physical Security Reliability Standard(s) must be filed by June 5, 2014.

In response to the order, NERC staff and the Standards Committee (SC) worked together in order to develop an action plan for meeting the June 5, 2014 filing deadline. The SC approved several waivers to facilitate meeting the required timelines and seated the Standard Drafting

1 Reliability Standards for Physical Security Measures, 146 FERC ¶ 61,166 (2014).

1

Team (SDT) on March 21, 2014. Further details are provided below in the “Standards Development Process Update” section. Pertinent directives from the FERC Order, Reliability Standards for Physical Security Measures 146 FERC ¶ 61,166 (2014): Paragraph 5 Therefore, to carry out section 215 of the FPA and to provide for the reliable operation of the Bulk-Power System, the Commission directs the ERO to develop and file for approval proposed Reliability Standards that address threats and vulnerabilities to the physical security of critical facilities on the Bulk-Power System. Paragraph 6 The Reliability Standards should require owners or operators of the Bulk-Power System to take at least three steps to address the risks that physical security attacks pose to the reliable operation of the Bulk-Power System. First, the Reliability Standards should require owners or operators of the Bulk-Power System to perform a risk assessment of their systems to identify their “critical facilities.” A critical facility is one that, if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation or cascading failures on the Bulk-Power System. Paragraph 8 In the second step, the Reliability Standards should require owners or operators of the identified critical facilities to evaluate the potential threats and vulnerabilities to those identified facilities. The threats and vulnerabilities may vary from facility to facility based on factors such as the facility’s location, size, function, existing protections and attractiveness as a target. Thus, the Reliability Standards should require the owners or operators to tailor their evaluation to the unique characteristics of the identified critical facilities and the type of attacks that can be realistically contemplated. Paragraph 9 Third and finally, the Reliability Standards should require those owners or operators of critical facilities to develop and implement a security plan designed to protect against attacks to those identified critical facilities based on the assessment of the potential threats and vulnerabilities to their physical security. Paragraph 10 NERC should include in the Reliability Standards a procedure that will ensure confidential treatment of sensitive or confidential information but still allow for the Commission, NERC and the Regional Entities to review and inspect any information that is needed to ensure compliance with the Reliability Standards. Paragraph 11 In addition, the risk assessment used by an owner or operator to identify critical facilities should be verified by an entity other than the owner or operator. Such verification could be performed

2

by NERC, the relevant Regional Entity, a Reliability Coordinator, or another entity. The Reliability Standards should include a procedure for the verifying entity, as well as the Commission, to add or remove facilities from an owner’s or operator’s list of critical facilities. Similarly, the determination of threats and vulnerabilities and the security plan should also be reviewed by NERC, the relevant Regional Entity, the Reliability Coordinator, or another entity with appropriate expertise. Finally, the Reliability Standards should require that the identification of the critical facilities, the assessment of the potential risks and vulnerabilities, and the security plans be periodically reevaluated and revised to ensure their continued effectiveness. NERC should establish a timeline for when such reevaluations should occur. Standards Development Process Update Section 16 of the Standards Processes Manual (SPM) allows SPM Provisions to be waived by the SC to meet a regulatory deadline. On March 21, 2014, the SC approved waivers to support drafting activities to meet the FERC-imposed regulatory deadline of June 5, 2014. The SC approved the following waivers of provisions from the SPM for the Physical Security Reliability Standards Project:

1. Standard Authorization Request (SAR) to be posted for a seven-calendar day informal comment period. (Sections 4.1-4.2)

2. Initial formal comment and ballot period reduced from 45 days to 15 calendar days, with a ballot conducted during the last five days of the comment period. Form ballot pool in first 10 days. (Sections 4.7-4.9)

3. Additional formal comment and ballot period(s) reduced from 45 days to 10 calendar days, with ballot conducted during the last five days of the comment period. (Sections 4.9 and 4.12)

4. Final ballot from 10 days to five calendar days. (Section 4.9)

On March 21, 2014, the SC also accepted the Project 2014-04 Standard Authorization Request (SAR) for a seven-calendar day informal comment period posting, pursuant to the SC-approved waiver, and seated the SDT with 11 members. NERC staff posted the SAR from Friday, March 21 through Friday, March 28, 2014. On April 1, 2014, NERC staff convened a technical conference in Atlanta, GA to focus stakeholder discussion on a draft of a Physical Security Reliability Standard to assist the SDT in quickly developing and posting a proposed Reliability Standard for comment and ballot. The conference provided a forum for industry input on the concepts in the draft standard which include criteria for determining applicable entities, identification of critical facilities, evaluation of potential threats and vulnerabilities, development and implementation of physical security plans, and the proposed standard’s implementation plan. NERC compliance staff also provided an overview of the Reliability Standard Audit Worksheet (RSAW) approach. There were approximately 150 in-person attendees and 550 attendees registered to participate via audio and web presentation.

3

Given the SC waiver, the SDT developed the draft CIP-014-1 standard and posted it for a 15-calendar day initial formal comment and concurrent 10-day ballot period. NERC compliance staff, with SDT and Regional Entity input, prepared and posted a draft RSAW concurrent with the posting of the draft standard. At the time of preparing these materials, the dates and results from the ballot were not available. NERC management will provide an update on the ballot results to the Standards Oversight and Technology Committee at the May 6, 2014 meeting and to the NERC Board of Trustees (Board) at the May 7, 2014 meeting. In addition to completion of the initial formal comment and ballot period, NERC anticipates the SDT will meet the following timeline to complete the project through the standard drafting process:

1. Early-May: Additional posting (if needed) of draft CIP-014-1 for 10-day comment and concurrent five-day ballot period, pursuant to the SC-approved waiver.

2. Mid to late May: Five-day final ballot, pursuant to the SC-approved waiver

3. End of May to Early June (not later than June 5, 2014): Board adoption; NERC staff file standard with applicable regulatory authorities.

Additional Information A link to the project history and files is included here for reference:

[Project 2014-04 Physical Security]

4

Agenda Item 6 Standards Oversight and Technology Committee Meeting

May 6, 2014

Action Plan for Revisions to TOP and IRO Reliability Standards

Action Information

Background On November 21, 2013, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR), proposing to remand several revised Transmission Operations (TOP) and Interconnection Reliability Operations and Coordination (IRO) Reliability Standards that NERC filed for FERC approval on April 16, 2013.1 On December 20, 2013, NERC filed a motion requesting that FERC defer action until January 31, 2015, to allow NERC time to consider the reliability concerns raised by FERC in the NOPR.

On January 14, 2014, FERC granted NERC’s motion to defer action until January 31, 2015.2

Summary of Actions to Date and Future Plan The Standards Committee has appointed a drafting team, chaired by David Souder of PJM. Drafting team members, along with approximately 100 other stakeholders including FERC technical and legal staff, industry stakeholders, and NERC technical, standards, and legal staff, participated in an active discussion during two technical conferences held in March 2014. The first technical conference was held immediately preceding the Operating Committee (OC) meeting on March 3 and 4, 2014. The second was held on March 6, 2014, in Arlington, Virginia.

Each technical conference was facilitated by a former NERC OC Chair (Sam Holeman in St. Louis, Tom Bowe in Arlington), using a set of slides that outlined each issue identified in the NOPR along with language from the standards that were filed. Issues were grouped into three broad categories for discussion purposes: (i) operating concepts; (ii) tools and analysis; and (iii) coordination and communication. 3 Key points from the discussion during the technical conferences were captured in a second set of slides, which were reviewed with participants at the end of each conference to ensure an accurate reflection of the discussion was captured.

Following the technical conferences, an informal comment period was held from March 11 through March 24, 2014, to allow for industry to comment on the topics discussed during the conferences and to make suggestions for further consideration of issues identified in the NOPR. These comments will be posted on the project webpage as part of the development record and considered by the standard drafting team (SDT) for Project 2014-03.

1 Monitoring System Conditions - Transmission Operations Reliability Standard, Transmission Operations Reliability Standards, Interconnection Reliability Operations and Coordination Reliability Standards, Notice of Proposed Rulemaking, 145 FERC ¶ 61,158 (2013).

2 Monitoring System Conditions - Transmission Operations Reliability Standard, Transmission Operations Reliability Standards, Interconnection Reliability Operations and Coordination Reliability Standards, 146 FERC ¶ 61,023 (2014).

3 The slides from the conferences are available here: [http://www.nerc.com/pa/Stand/Prjct201403RvsnstoTOPandIROStndrds/top_iro_technical_conference_presentation_20140306.pdf].

1

The Project 2014-03 SDT and NERC Staff are diligently working to revise the TOP and IRO Reliability Standards and anticipate posting the standards for an initial 45-day formal comment period and ballot in early May 2014. Additional Information A link to the project page is included here for reference:

[Project 2014-03 Revisions to TOP and IRO Reliability Standards]

2

Agenda Item 7 Standards Oversight and Technology Committee Meeting

May 6, 2014

Reliability Standards Quarterly Status Report

Attached is the Reliability Standards Quarterly Status Report. Key points of the report include:

• 2014-2016 Reliability Standards Development Plan (RSDP)

The Standards Committee has prioritized several standard development projectsinitiated in 2014 that were not included in the 2014-2016 RSDP, including revisionsto CIP, TOP and IRO standards, Standards Applicability for Dispersed PowerProducing Resources.

• Standards Development Forecast

Provides a forecast for NERC Board of Trustees (Board) meetings through November2014.

• Paragraph 81 Phase 2 Recommendations and Independent Experts Quarterly Update

Standard Drafting Teams are continuing to apply Paragraph 81 criteria and considerthe retirement recommendations from the Independent Expert Review Panel (IERP).As a consequence, many individual projects are resulting in a net reduction in thenumber of standards and requirements.

A total of 281 unique requirements were recommended to be considered forretirement either by stakeholders under P81 Phase 2 or by the IERP, or both. Ofthese, 179 requirements have been addressed by a drafting team in projectspresented to the Board through May 2014; 80 requirements are in current projects;and 22 requirements are unassigned to a project.

• Regulatory Directives Update

At year-end 2013, there were 73 FERC pre-2013 directives awaiting resolution. Anadditional 46 directives were issued in 2013 and 2014. As of March 31, 2014 a totalof 104 directives (including 69 pre-2013 and 35 2013/2014 directives) remain to beaddressed. The attached report includes a summary of progress to date.

• Standards Committee (SC) Report

The SC has approved several waivers for the Physical Security project.

The SC endorsed enhanced standards-related metrics for inclusion in the ElectricReliability Organization Enterprise Strategic Plan (ERO SP).

• Additional Information for Selected Projects

Because key projects that are included on Standards Oversight and TechnologyCommittee (SOTC) agenda, including updates on the CIP Version 5 standards, theStage 2 GMD standard, the Physical Security standard, and the TOP/IRO standards,include a more detailed write-up in the SOTC package, they have not been includedin this report.

SOTC | Quarterly Reliability Standards Status Report | May 2014 1 of 10 

              

             

Reliability StandardsStandards Oversight and Technology Committee Quarterly Status Report

May 6, 2014 

3353 Peachtree Road NE Suite 600, North Tower

Atlanta, GA 30326 404-446-2560 | www.nerc.com

 

SOTC | Reliability Standards Quarterly Status Report | May 2014 2 of 10 

Table of Contents Preface ....................................................................................................................................................................... 3 2014‐2016 Reliability Standards Development Plan ................................................................................................. 4 Standards Development Forecast (Continent‐wide) ................................................................................................. 6 Board Forecast for Standard Projects in Active Development .............................................................................. 6 June 2014 ........................................................................................................................................................... 6 August 2014 ....................................................................................................................................................... 6 November 2014 .................................................................................................................................................. 6 Additional Information for Selected Projects .................................................................................................... 6 

Paragraph 81 and Independent Experts Quarterly Update ...................................................................................... 7 Progress to Date ................................................................................................................................................. 7 Planned Schedule for Board Action ................................................................................................................... 7 

Regulatory Directives Update .................................................................................................................................... 8 Pre‐2013 Directives ................................................................................................................................................ 8 Post 2012 Directives .............................................................................................................................................. 8 Summary of Total Directives .................................................................................................................................. 9 

Standards Committee Report .................................................................................................................................. 10 Project 2014‐04 Physical Security Waivers .......................................................................................................... 10 Goals and Metrics SC Endorsement ..................................................................................................................... 10 Project Tracking Spreadsheet .............................................................................................................................. 10 

 

            

 

SOTC | Reliability Standards Quarterly Status Report | May 2014 3 of 10 

Preface The North American Electric Reliability Corporation (NERC)  is a not‐for‐profit  international regulatory authority whose mission is to ensure the reliability of the Bulk Power System (BPS) in North America. NERC develops and enforces Reliability Standards; annually assesses  seasonal and  long‐term  reliability; monitors  the BPS  through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United  States, Canada,  and  the northern portion  of Baja California, Mexico. NERC  is  the  electric reliability organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the BPS, which serves more than 334 million people.   The North American BPS is divided into several assessment areas within the eight Regional Entity (RE) boundaries, as shown in the map and corresponding table below.  

  

 

FRCC  Florida  Reliability  Coordinating Council 

MRO  Midwest Reliability Organization NPCC  Northeast  Power  Coordinating 

Council RFC  ReliabilityFirst Corporation SERC  SERC Reliability Corporation SPP‐RE 

Southwest  Power  Pool  Regional Entity 

TRE  Texas Reliability Entity WECC  Western  Electric  Coordinating 

Council 

SOTC | Quarterly Reliability Standards Status Report | May 2014 4 of 10 

2014-2016 Reliability Standards Development Plan The NERC Board of Trustees (Board) approved the 2014‐2016 Reliability Standards Development Plan (RSDP) on November 7, 2013, and NERC staff filed it for information with the Federal Energy Regulatory Commission (FERC) on November 8, 2013. The 2014‐2016 RSDP continues the approach set forth in the 2013‐2015 RSDP, with several significant incremental improvements to facilitate the transformation of NERC Reliability Standards to a “steady‐state.”1 By addressing ongoing work along with new prioritizations, NERC expects to be at steady‐state by the end of 2015. 

The RSDP prioritizes Reliability Standards projects by considering several specific elements, such as: (i) Reliability Issues  Steering  Committee  (RISC)  Category  Rankings;  (ii)  regulatory  directives;  (iii)  regulatory  deadlines;  (iv) Reliability  Standard  requirement  candidates  for  retirement,  (v)  the  Independent  Experts Review Panel  (IERP) content  and  quality  assessments;  and  (vi)  additional  considerations  (i.e.,  fill‐in‐the‐blank  status,  five‐year assessment commitments). The application of these elements results in prioritization of each Reliability Standard project as High, Medium, Low, or Pending Technical Committee input.  Some projects were initiated after the 2014‐2016 RSDP was approved by the Board. The first of these was Project 2014‐01,  Standards  Applicability  for  Dispersed  Power  Producing  Resources.  The  Standards  Committee  (SC) recommended a high priority for this project in January 2014.    Subsequently, on March 12, 2014, the SC considered the additional projects below, which were all  initiated  in response to regulatory directives after the 2014‐2016 RSDP was completed, and approved prioritization of the following  following projects using the aforementioned criteria.  

 

                                                            1 For purposes of the RSDP, “steady state” means a stable set of clear, concise, high quality, and technically sound Reliability Standards that are results‐based, including retirement of requirements that do little to promote reliability. 

Project Prioritization criteria Recommended Priority

2014‐03 Revisions to TOP and IRO Standards  

• RISC ranking: High (Situational Awareness)  • FERC: NOPR proposing remand  • FERC deadline for re‐filing of standards January 31, 2014  

• IERP – quality and content issues 

High 

2014‐02 CIP Version 5 Revisions 

• RISC ranking: High (Cyber Attack) • FERC ‐4 directives, two with filing deadline of February 2015 

High 

2007‐17.3 Protection System Maintenance and Testing Auxiliary Relays PRC‐005‐4   

• RISC ranking: High (Protection Systems)  • NERC commitment to FERC to address Sudden Pressures Relays, with filing deadline of December 31, 2014  

Medium 

2010‐13.3 Relay Loadability Stable Power Swings PRC‐026  

• RISC ranking: High (Protection Systems) • FERC directives   

Medium 

TBD TPL‐001‐4 Directive   • RISC ranking: Low (Long Term Planning)  • FERC directive  • No FERC deadline  • IERP quality or content issues  

Medium 

SOTC | Quarterly Reliability Standards Status Report | May 2014 5 of 10 

To schedule and implement the Reliability Standard projects in the RSDP, NERC standards staff collaborated with the SC and the Project Management Oversight Subcommittee (PMOS) to  incorporate the projects and forecast milestones into the PMOS Project Tracking Spreadsheet for 2014 and beyond. The Project Tracking Spreadsheet will continue to track the projected compared to actual progress of each project, and as new projects are added (whether  in  response  to  regulatory directives, emerging  issues, etc.)  they will be prioritized using  the criteria presented above and added to the Tracking Spreadsheet.   

 

SOTC | Reliability Standards Quarterly Status Report | May 2014 6 of 10 

Standards Development Forecast (Continent-wide) Board Forecast for Standard Projects in Active Development  June 2014

• Project 2014‐04 Physical Security—CIP‐014‐1  August 2014

• Project 2007‐06 System Protection Coordination—PRC‐027‐12 

• Project 2007‐11 Disturbance Monitoring – PRC‐002, PRC‐018  

• Project 2010‐02 Connecting New Facilities to the Grid (Revisions to FAC‐001‐1 and FAC‐002‐1 from Five‐Year Review) 

• Project 2010‐05.1 Phase 1 of Protection Systems: Misoperations—PRC‐004‐33 

• Project 2010‐14.1 Balancing Authority Reliability‐based Controls—BAL‐002‐2 

• Project 2012‐13 Revisions to NUC‐001‐2.1 from Five‐Year Review – NUC‐001‐3 

 November 2014

• Project 2007‐17.3 Protection System Maintenance: Sudden Pressure Relays – PRC‐005‐4 

• Project 2010‐13.3 Relay Loadability Stable Power Swings 

• Project 2013‐03 Geomagnetic Disturbance Mitigation – TPL‐001‐7 

• Project 2014‐02 CIP Version 5 Revisions 

• Project 2014‐03 Revisions to TOP and IRO Reliability Standards  Additional Information for Selected Projects

• None4 

 

                                                            2 Rescheduled to the August Board meeting to address comments received during the formal comment period and successive ballot. 3 Rescheduled to the August Board meeting to address comments received during the formal comment period and additional ballot. 4 Note: Project 2014‐02 CIP Version 5 revisions, Project 2014‐03 TOP/IRO revisions, and Project 2014‐04 Physical Security are separate items on the SOTC’s May agenda. 

 

SOTC | Reliability Standards Quarterly Status Report | May 2014 7 of 10 

Paragraph 81 and Independent Experts Quarterly Update Progress to Date On November 21, 2013, FERC issued Order No. 788 approving the retirement of the requirements proposed for retirement under Phase 1 of the Paragraph 81 (P81) project. In addition, the Independent Expert Review Panel (IERP) recommended an additional 257 requirements for retirement. Some requirements were included in both sets of recommendations, resulting in full set of 281 unique requirements. Of these, all except 22 candidates have either been addressed or are in the process of being addressed in either a current project or five‐year review.      

  Current Status 

P81 and IERP Recommendations for Retirement 

Total*    281 Addressed  179    In current project or 5‐year review  80   Not assigned  22    

  

 Planned Schedule for Board Action Progress  in addressing  the  IERP and Phase 2 of P81  recommendations  is ongoing  through  individual standard projects. The projects being presented for Board adoption in May include three standards, and the retirement of seven standards. Drafting teams for each of the standards have considered recommendations from stakeholders on candidates for retirement under Paragraph 81 criteria, as well as recommendations of the IERP. The following chart has been updated to show progress in revising standards against the 2014 work plan.   

 

0

5

10

15

20

25

30

Q1 ‐2014 Q2 ‐2014 Q3 ‐2014 Q4 ‐2014

Planned Standards to Board (All Projects) Actual/Projected Standards

 

SOTC | Reliability Standards Quarterly Status Report | May 2014 8 of 10 

Regulatory Directives Update Pre-2013 Directives5 Throughout 2013, NERC  reported on  the progress of FERC directives  that had been  issued prior  to 2013. For consistency,  this  report  provides  a  status  for  those  directives.  At  2013  year‐end,  there  were  73  directives remaining from the 191 pre‐2013 directives. As of March 1, 2014, four additional directives have been resolved through a filing with FERC, resulting in 69 directives remaining to be addressed. These directives were filed in the following projects:  

Project 2010‐03 MOD‐032 and MOD‐033 Modeling Data (1) 

Project 2007‐17.2 PRC‐005‐3 Reclosing Relays (1) 

Project 2013‐03 EOP‐010‐1 Geomagnetic Disturbance Mitigation (2)  Post 2012 Directives FERC issued 55 additional directives between November 20, 2012 and March 1, 2014, 46 of which are standards related. NERC has already begun to address these directives and has filed 11 in petitions with FERC. The directives that FERC issued include:6 

Four  directives  and  13  FERC  guidances  over  Stage  1  and  Stage  2  of  the  Geomagnetic  Disturbance Mitigation Project in FERC Order No. 779.7 

Five directives for the Definition of the Bulk Electric System in FERC Order No. 773 issued on December 20, 2012.8 

Six directives in FERC Order No. 777 approving FAC‐003‐2.9 

Two directives in FERC Order No. 772 approving the SERC Regional Standard PRC‐006‐SERC‐01.10 

Thirteen directives in FERC Order No. 791 regarding CIP V5.11 

Four directives in FERC Order No. 786 approving TPL‐001‐4.12 

Six directives in FERC Order No. 794 approving BAL‐001‐3.13 

Two directives in FERC Order No. 793 approving PRC‐005‐2.14  Of these, 11 directives have been filed with FERC: 

Bulk Electric System: 4  

FAC‐003‐2: 3 

                                                            5Pre‐2013 directives include FERC directives that were issued prior to November 20, 2012. 6NERC conducts a verification for the number of directives issued in each order before including those directives for reporting purposes.  Any directives contained in FERC orders issued after March 1, 2014 are not included on this list. 7Reliability Standards for Geomagnetic Disturbances, Final Rule, 143 FERC ¶ 61,147 (May 16, 2013).  8These directives were issued in Revisions to Electric Reliability Organization Definition of Bulk Electric System and Rules of Procedure, 141 FERC ¶ 61,236 (December 20, 2012), after the 2012 year‐end number of directives was established. One of the directives was resolved in the April 4, 2013 NERC Compliance Filing. 

9FERC Order No. 777, Revisions to Reliability Standard for Transmission Vegetation Management (March 21, 2013).  10These directives were issued by FERC in Order No. 772, Regional Reliability Standard PRC‐006‐SERC‐01 – Automatic Underfrequency Load Shedding Requirements (December 20, 2012), after the 2012 year‐end number of directives was established and were resolved  in the March 11, 2013 NERC Compliance Filing in response to FERC Order No. 772. 

11FERC Order 791, Approving Version 5 CIP Reliability Standards (November 22, 2013). 12 FERC Order 786, Transmission Planning Reliability Standards (October 17, 2013). 13FERC Order 794, Frequency Response and Frequency Bias Setting Reliability Standard (January 16, 2014). 14FERC Order 793, Protection System Maintenance Reliability Standard (December 19, 2013). 

Regulatory Directives Update 

 

SOTC | Quarterly Reliability Standards Status Report | May 2014 9 of 10 

PRC‐006‐SERC‐01: 2 

Stage 1 GMD standard (EOP‐010‐1): 2  Summary of Total Directives As of March 1, 2013, there were 104 standards related directives and FERC guidances to be resolved, along with an  additional 18 directives  that pertain  to other NERC department or  technical  committee.  The  table below illustrates the progress to address FERC directives issued prior to 2013, post 2013 and in total. It does not include the 18 non‐standards related directives.    

  2012 

Directives 2013/2014 Directives  Total 

Issued prior to year‐end 2012  191    Issued in 2013/2014     46    Resolved as of March 1, 2014  122  11    

Remaining  69  35  104 Projected to be resolved in 2014  45  29  74 

Projected to be remaining at year‐end 2014  24  6  30    

 

SOTC | Reliability Standards Quarterly Status Report | May 2014 10 of 10 

Standards Committee Report This report highlights key activities of the Standards Committee (SC) and its associated subcommittees.  

Project 2014-04 Physical Security Waivers The SC approved the waiver of several Standards Process Manual provisions on a March 21, 2014 committee call. The waivers were necessary due to a recent FERC order that provided 90 days to complete the development of Physical Security standard(s). The motion on the waivers, as approved by the SC, is as follows:  

Approve  the  following waiver  of  provisions  of  the  Standard  Processes Manual  for  the  Physical  Security Reliability Standard(s) Project: 

 1. Standard  Authorization  Request  to  be  posted  for  a  seven‐calendar  day  informal  comment  period. 

(Sections 4.1‐4.2)  

2. Initial  formal  comment  and  ballot  period  reduced  from  45  days  to  15  calendar  days, with  a  ballot conducted during the last five days of the comment period. Form ballot pool beginning immediately upon approval of this waiver with closure of the ballot pool 10 days after the initial formal comment and ballot period begins. (Sections 4.7‐4.9)  

3. Additional formal comment and ballot period(s) reduced from 45 days to 10 calendar days, with ballot conducted during the last five days of the comment period. (Sections 4.9 and 4.12)  

4. Final ballot reduced from 10 days to five calendar days. (Section 4.9)  

A signed letter, from the SC Chair, Brian Murphy, was sent via e‐mail on March 31, 2014, to Ken Peterson, chair of the Standards Oversight and Technology Committee (SOTC), notifying the SOTC of the waivers.  Goals and Metrics SC Endorsement At  a March  12‐13,  2014 meeting,  the  SC  endorsed  enhanced  Standard Metrics  for  inclusion  in  the  Electric Reliability Organization Enterprise Strategic Plan (ERO SP). The SC also endorsed the implementation of the 2016 and 2017 effort to develop a periodic review approach  for 2016 and beyond which addresses the quality and content of standards. The  team conducting  the periodic  review development has committed  to present draft approaches to the SC by the end of the second quarter of 2014. With the SC’s concurrence, these approaches will be  posted  for  industry  comment.  The  final  periodic  quality  and  content  review  approach  is  expected  to  be presented to the Board of Trustees by the end of the first quarter in 2015.  Project Tracking Spreadsheet The project tracking spreadsheet for Standards has been enhanced to include prioritization from the 2014‐2016 RSDP.  It was also enhanced to depict whether the project  is directionally consistent with the  IERP findings, to provide a basis for further discussion.       

Agenda Item 8 Standards Oversight and Technology Committee Meeting

May 6, 2014

Review of NERC’s ANSI Accreditation Status

Action Information

Background The Standards Oversight and Technology Committee Mandate calls for the committee to periodically review NERC’s status with the American National Standards Institute (ANSI). The following report is provided to support the committee’s review.

On March 24, 2003, the ANSI’s Executive Standards Committee notified NERC of its approval of NERC’s application to be an accredited developer of American National Standards. Since receiving its original accreditation, NERC has revised its standard development process multiple times, most recently in 2013, and has continuously maintained its status with ANSI as an accredited standard developer.

In order to maintain accreditation, ANSI requires that accredited standard developers: • Submit their accredited procedures for review and approval by ANSI on a five year

cycle, with a justification for why the accreditation remains relevant if the accredited standard developer does not maintain one or more approved American National Standards (which NERC does not).

• If the accredited standard developer revises its procedures, submit the revisedprocedures for review and approval by ANSI.

• Comply with audits of the standard developer’s procedures and practices,conducted under the supervision of the ANSI Executive Standards Committee.

NERC has complied with each of these requirements, and most recently received notification of its continuing accreditation in response to submitting its revised Standard Processes Manual on May 17, 2013.