Today’s LiveWire Spotlight evaluates the third postings of CIP-005-7, CIP-010-4, and CIP-013-2, which act on FERC’s directives to apply vendor procurement, remote access, and software source controls to equipment other than BES Cyber Systems. The latest drafts address stakeholder feedback that vendor remote access must be controlled by separate CIP-005-7 requirements – treating BES Cyber System and EACMS/PACS sessions differently.
The third drafts of CIP-005-7, CIP-010-4, and CIP-013-2 have been posted for a 45-day review and concurrent ballot. Industry stakeholder comments are due back to the project team by September 10, 2020 and votes must be cast on or before the same day.