The items below are provided as resources for Critical Infrastructure Protection (CIP) Compliance Monitoring engagements and implementation of the CIP Standards.
Information on the Technical Feasibility Exception (TFE) process is also included below. TFEs are currently available for twelve of the CIP Requirements:
CIP-005-5, Requirement R1, Part 1.4;
CIP-005-5, Requirement R2, Parts 2.1, 2.2, and 2.3;
CIP-006-6, Requirement R1, Part 1.3;
CIP-007-6, Requirement R1, Part 1.1;
CIP-007-6, Requirement R4, Part 4.3;
CIP-007-6, Requirement R5, Parts 5.1, 5.6, and 5.7;
CIP-010-2, Requirement R1, Part 1.5; and
CIP-010-2, Requirement R3, Part 3.2.
When entering a TFE for the CIP Version 5 Standards, an entity has the option to enter BES Cyber Assets (BCAs) or a BES Cyber System (BCS) that has a number of TFE eligible BCAs associated with it. A Protected Cyber Asset (PCA), Electronic Access Control or Monitoring System (EACM), or Physical Access Control System (PACS) Covered Asset should be entered individually since they cannot be part of a BCS.
The ReliabilityFirst Compliance Data Management System (webCDMS) is used by the Registered Entity to submit requests for TFEs to ReliabilityFirst.
If you have any questions regarding the CIP Standards or the TFE process, feel free to contact our Compliance Monitoring or Entity Development departments.