Earlier this week, FERC and NERC
released their Second Joint Staff White Paper on Notices of
Penalty Pertaining to Violations of Critical Infrastructure Protection
Reliability Standards (the Second White Paper).
In the Second White Paper, FERC and
NERC announced that for CIP noncompliance, “going forward, NERC will request
that the entire filing or submittal be treated as CEII and Commission staff
will designate such filings and submittals as CEII in their entirety.”
Additionally, they explained that because of the risk posed by disclosing CIP
noncompliance information, NERC will no longer publicly post redacted versions
of the CIP noncompliance filings or submittals.
The Second White Paper reflects the
priority for protection of cybersecurity information as it relates to grid
security. If Registered Entities have questions regarding enforcement
activities, please reach out to your Enforcement Case Manager.