Commission Information Collection Activity (FERC-725B4); Comment Request; Extension

Issuing agencies

Abstract

In compliance with the requirements of the Paperwork Reduction Act of 1995, the Federal Energy Regulatory Commission (Commission or FERC) is soliciting public comment on the information collection requirements associated with Reliability Standards CIP-004-7 and CIP- 011-3 in Docket No. RD21-6-000. The burden for the requirements will be included in FERC-725B4 (Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards).

Full Text

<html>
<head>
<title>Federal Register, Volume 86 Issue 246 (Tuesday, December 28, 2021)</title>
</head>
<body><pre>
[Federal Register Volume 86, Number 246 (Tuesday, December 28, 2021)]
[Notices]
[Pages 73752-73754]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2021-28206]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission

[Docket No. RD21-6-000]


Commission Information Collection Activity (FERC-725B4); Comment 
Request; Extension

AGENCY: Federal Energy Regulatory Commission, Department of Energy.

[[Page 73753]]


ACTION: Notice of information collection and request for comments.

-----------------------------------------------------------------------

SUMMARY: In compliance with the requirements of the Paperwork Reduction 
Act of 1995, the Federal Energy Regulatory Commission (Commission or 
FERC) is soliciting public comment on the information collection 
requirements associated with Reliability Standards CIP-004-7 and CIP-
011-3 in Docket No. RD21-6-000. The burden for the requirements will be 
included in FERC-725B4 (Mandatory Reliability Standards for Critical 
Infrastructure Protection [CIP] Reliability Standards).

DATES: Comments on the collections of information are due February 28, 
2022.

ADDRESSES: You may submit your comments (identified by Docket No. RD21-
6-000) on FERC-725B4 by one of the following methods:
    Electronic filing through <a href="http://www.ferc.gov">http://www.ferc.gov</a> is preferred.
    <bullet> Electronic Filing: Documents must be filed in acceptable 
native applications and print-to-PDF, but not in scanned or picture 
format.
    <bullet> For those unable to file electronically, comments may be 
filed by USPS mail or by hand (including courier) delivery:
    [cir] Mail via U.S. Postal Service Only: Addressed to: Federal 
Energy Regulatory Commission, Secretary of the Commission, 888 First 
Street NE, Washington, DC 20426.
    [cir] Hand (including courier) delivery: Deliver to: Federal Energy 
Regulatory Commission, 12225 Wilkins Avenue, Rockville, MD 20852.
    Instructions: All submissions must be formatted and filed in 
accordance with submission guidelines at: <a href="http://www.ferc.gov">http://www.ferc.gov</a>. For user 
assistance, contact FERC Online Support by email at 
<a href="/cdn-cgi/l/email-protection#fa9c9f889995949693949f898f8a8a95888eba9c9f8899d49d958c"><span class="__cf_email__" data-cfemail="73151601101c1d1f1a1d16000603031c010733151601105d141c05">[email&#160;protected]</span></a>, or by phone at (866) 208-3676 (toll-free).
    Docket: Users interested in receiving automatic notification of 
activity in this docket or in viewing/downloading comments and 
issuances in this docket may do so at <a href="http://www.ferc.gov">http://www.ferc.gov</a>.

FOR FURTHER INFORMATION CONTACT: Ellen Brown may be reached by email at 
<a href="/cdn-cgi/l/email-protection#eda98c998cae81888c9f8c838e88adaba8bfaec38a829b"><span class="__cf_email__" data-cfemail="2763465346644b42465546494442676162756409404851">[email&#160;protected]</span></a>, or by telephone at (202) 502-8663.

SUPPLEMENTARY INFORMATION:
    Title: FERC-725B4, Mandatory Reliability Standards: Critical 
Infrastructure Protection Reliability Standards CIP-004-7 and CIP-011-
3.\1\
---------------------------------------------------------------------------

    \1\ FERC-725B4 is an interim information collection number to 
accommodate the need to seek timely approval during the pendency of 
an unrelated information collection request pertaining to FERC-725B 
(OMB Control No. 1902-0248). In addition, the implementation plan 
for CIP-004-7 and CIP-011-3 provides that those Reliability 
Standards become effective on the first day of the first calendar 
quarter that is 24 calendar months after the effective date of the 
Commission's order, so that Responsible Entities have sufficient 
time to come into compliance with the revised Reliability Standards. 
Thus, FERC-725B continues to cover the current requirements of the 
standards, before implementation of the revised requirements of 
Docket No. RD21-6-000.
---------------------------------------------------------------------------

    OMB Control No.: TBD.
    Type of Request: Approval of proposed changes as described in 
Docket No. RD21-6-000.
    Abstract: On September 15, 2021 the North American Electric 
Reliability Corporation (NERC) filed a petition requesting approval of 
two Reliability Standards CIP-004-7 (Cyber Security, Personnel and 
Training) and CIP-011-3 (Cyber Security, Information Protection). NERC 
described the proposed Reliability Standards as ``Addressing Bulk 
Electric System Cyber System Information Access Management.'' The 
petition was noticed on September 22, 2021, with interventions and 
comments due by October 6, 2021.\2\ The Commission did not receive any 
interventions or comments.
---------------------------------------------------------------------------

    \2\ 86 FR 52667, at 52668.
---------------------------------------------------------------------------

    On December 7, 2021, the Designated Letter Order (DLO) in Docket 
No. RD21-6-000 approved the proposed Reliability Standards, and found 
that the modified Reliability Standards enhance security as discussed 
below.
    At present, Reliability Standards CIP-004-6 require Responsible 
Entities to control access to Bulk Electric System Cyber System 
Information (BCSI) by managing access to a designated storage location, 
such as an electronic document or physical file room. Reliability 
Standard CIP-004-7 removes references to ``designated storage 
locations'' of BCSI and requires an access management program to 
authorize, verify and revoke provisioned access to BCSI. This change 
updates CIP-004 by focusing on controls at the file level (e.g., 
rights, permissions, privileges) of BCSI and reduces the need for 
access to only a physical, designated storage location for BCSI.
    Reliability Standard CIP-011-3 clarifies the requirements of 
protecting and handling BCSI with the goal of providing flexibility for 
Responsible Entities to use third-party data storage and analysis 
systems. Specifically, Reliability Standard CIP-011-3 requires 
Responsible Entities to implement specific controls related to BCSI 
during storage handling use, and disposal of information when 
implementing services provided by third parties.
    Type of Respondents: Businesses and other for-profit entities.
    Estimate of Annual Burden: The Commission estimates 686 responses 
annually, and per-response burdens of 10 hours and $850.20. The total 
estimated burdens per year are 6,860 hours and $583,237.20. These 
burdens are itemized in the following table:
---------------------------------------------------------------------------

    \3\ The number of respondents is based on the NERC Compliance 
Registry as of June 22, 2021. Currently there are 1,508 unique NERC 
Registered Entities, subtracting 16 Canadians Entities yields 1,492 
U.S. NERC Registered Entities subject to the CIP Standards. However, 
only those NERC Registered Entities that own Medium Impact or High 
Impact BES Cyber System are subject to the CIP Standards in this 
filing which is estimated to be 343 NERC Registered Entities.
    \4\ Of the average estimated twenty (20) hours per response, all 
twenty (20) hours are for the one-time effort of updating or 
changing documentation for record-keeping burden that is already 
accounted for.
    \5\ Commission staff estimates that the average industry hourly 
cost for this information collection is $85.02/hour based on the 
following occupations from the Bureau of Labor Statistics: (1) 
Manager (Occupational Code: 11-0000): $97.89/hour; and (2) 
Electrical Engineer (Occupational Code 17-2071): $72.15/hour. 
Source: <a href="http://bls.gov/oes/current/naics3_221000.htm">http://bls.gov/oes/current/naics3_221000.htm</a>, as of June 
2021.


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
                                                      B. Annual
                                    A. Number of      number of       C. Total number  of      D. Average burden  hours \4\     E. Total annual burden hours &
                                     respondents    responses per          responses             & cost  per response \5\           total annual cost \6\           F. Cost per respondent ($)
                                         \3\         respondent
                                                                       (Column A x Column B)                                 (Column C x Column D)..............  (Column E / Column A)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CIP-004-7........................             343               1                        343  10 hours & $850.20...........  3,430 hours & $291,619.60..........  10 hours & $850.20.
CIP-011-3........................             343               1                        343  10 hours & $850.20...........  3,430 hours & $291,619.60..........  10 hours & $850.20.
                                  --------------------------------------------------------------------------------------------------------------------------------------------------------------
    Totals.......................  ..............  ..............                        686  .............................  6,860 hours & $583,237.20..........  20 hours & $1,700.40
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


[[Page 73754]]

    Comments are invited on: (1) Whether the collection of information 
is necessary for the proper performance of the functions of the 
Commission, including whether the information will have practical 
utility; (2) the accuracy of the agency's estimate of the burden and 
cost of the collection of information, including the validity of the 
methodology and assumptions used; (3) ways to enhance the quality, 
utility and clarity of the information collection; and (4) ways to 
minimize the burden of the collection of information on those who are 
to respond, including the use of automated collection techniques or 
other forms of information technology.

    Dated: December 21, 2021.
Kimberly D. Bose,
Secretary.
[FR Doc. 2021-28206 Filed 12-27-21; 8:45 am]
BILLING CODE 6717-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>