​

Earlier this week, FERC and NERC released their Second Joint Staff White Paper on Notices of Penalty Pertaining to Violations of Critical Infrastructure Protection Reliability Standards (the Second White Paper).

In the Second White Paper, FERC and NERC announced that for CIP noncompliance, “going forward, NERC will request that the entire filing or submittal be treated as CEII and Commission staff will designate such filings and submittals as CEII in their entirety.” Additionally, they explained that because of the risk posed by disclosing CIP noncompliance information, NERC will no longer publicly post redacted versions of the CIP noncompliance filings or submittals.

The Second White Paper reflects the priority for protection of cybersecurity information as it relates to grid security. If Registered Entities have questions regarding enforcement activities, please reach out to your Enforcement Case Manager.