Notice of Intent to Develop CIP Standards
Notice of Intent to Develop CIP Standards
On January 21, 2025, the RRC issued a Notice of Intent to Develop Critical Infrastructure Protection (CIP) Standards per the Product Development Rule (ER1). The notice can be found here.
The following proposed 14 CIP standards are slated for development:
- RRC-CIP-002 BES Cyber System Categorization
- RRC-CIP-003 Security Management Controls
- RRC-CIP-004 Personnel and Training
- RRC-CIP-005 Electronic Security Perimeter(s)
- RRC-CIP-006 Physical Security of BES Cyber Systems
- RRC-CIP-007 System Security Management
- RRC-CIP-008 Incident Reporting and Response Planning
- RRC-CIP-009 Recovery Plans for BES Cyber Systems
- RRC-CIP-010 Configuration Change Management and Vulnerability
- RRC-CIP-011 Information Protection
- RRC-CIP-012 Communications between Control Centers
- RRC-CIP-013 Supply Chain Risk Management
- RRC-CIP-014 Physical Security
- RRC-CIP-015 Internal Network Security Monitoring
The Technical Advisory Council (TAC) Working Group assigned to this development is planning to hold multiple Working Group meetings. The first meeting will occur on January 28, 2025, at 9:00am and will focus on RRC-CIP-002 and RRC-CIP-003. All scheduled meetings, materials, and items related to this development can be found here.