FERC has accepted a new standard for critical infrastructure protection, according to SC Magazine
The new standard will improve electronic access controls to low impact Bulk Electronic Systems (BES), mandatory security controls for mobile devices and develop modifications to critical infrastructure protection (CIP) reliability standards.
Daniel Skees, a partner at the law firm Morgan Lewis said: “CIP-003-7 pushes forward on FERC’s concern that even the less critical assets covered by these standards (referred to as low impact facilities) present risks to the bulk electric system that need to be addressed.”
FERC officially approved the new CIP reliability standard CIP-003-7 (Cybersecurity Security Management Controls that were submitted by the North American Electric Reliability Corporation (NERC). By accepting the standard NERC is tasked with implementing the new standards. FERC noted that the new rules developed by NERC improve upon the prior CIP reliability standards by clarifying the obligations pertaining to electronic access control for low impact BES Cyber Systems, adopting mandatory security controls for transient electronic devices such as thumb drives, laptop computers, and other portable devices used frequently with a low impact BES Cyber Systems; and for adding the requirement to have responsible entities have in place a policy for declaring and responding to CIP Exceptional Circumstances related to low impact BES Cyber Systems.
Read the full story at SC Magazine