Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

FERC Adopts Revised Reliability Standards for Cybersecurity

By John Bridge on January 28, 2016
Email this postTweet this postLike this postShare this post on LinkedIn

shutterstock_123802696On January 21, 2016, the Federal Energy Regulatory Commission (FERC) issued a final rule adopting seven revised critical infrastructure protection (CIP) Reliability Standards addressing cybersecurity of the electric grid, as initially proposed in July 2015. The revised standards were developed by the North American Electric Reliability Corporation (NERC), the FERC-certified Electric Reliability Organization, in response to FERC Order No. 791.

The revised standards, effective on July 1, 2016, are:

  1. CIP-003-6 (Security Management Controls), specifying security management controls that establish responsibility and accountability to protect grid cyber systems against compromise;
  2. CIP-004-6 (Personnel and Training), requiring an appropriate level of personnel risk assessment, training, and security awareness in support of protecting grid cyber systems;
  3. CIP-006-6 (Physical Security of BES Cyber Systems), specifying a physical security plan to manage physical access to grid cyber systems;
  4. CIP-007-6 (Systems Security Management), specifying select technical, operational, and procedural requirements to manage system security by;
  5. CIP-009-6 (Recovery Plans for BES Cyber Systems), specifying recovery plan requirements in support of the continued stability, operability, and reliability;
  6. CIP-010-2 (Configuration Change Management and Vulnerability Assessments), specifying configuration change management and vulnerability assessment requirements to prevent and detect unauthorized changes to grid cyber systems; and
  7. CIP-011-2 (Information Protection), specifying information protection requirements to prevent unauthorized access to grid cyber systems information.

The final rule also includes a number of directives for NERC intended to facilitate enhanced protection of information and the physical security of cyber systems. The final rule also announces a FERC staff-led technical conference on January 28, 2016 to address the development by NERC of requirements for supply chain management for control system hardware, software and service.

This post was written by Hogan Lovells associate John Bridge who is a member of the Energy practice group in our Los Angeles and Washington, DC offices. This entry was cross-posted on our Focus on Regulation blog.

  • Posted in:
    Energy and Utilities
  • Blog:
    HL Chronicle of Data Protection
  • Organization:
    Hogan Lovells

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo