Today’s LiveWire Spotlight looks at the third draft of two CIP standards offering alternative access control strategies designed to allow Registered Entities to purchase 3rd party BES Cyber System information (BCSI) storage services.  The rigid language in CIP-004-6 and CIP-011-2 appears to restrict any method outside of premise-based electronic and physical access controls.

CIP-004-X and CIP-011-X Draft 3 have been posted for a 45-day review and concurrent ballot.  Industry stakeholder comments are due back to the project team by May 10, 2021 and votes must be cast on or before the same day.