[Federal Register Volume 87, Number 133 (Wednesday, July 13, 2022)]
[Notices]
[Pages 41707-41708]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-14925]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission

[Docket No. RD21-6-000]


Commission Information Collection Activities (FERC-725B4); 
Comment Request; Extension

AGENCY: Federal Energy Regulatory Commission, DOE.

ACTION: Notice of information collection and request for comments.

-----------------------------------------------------------------------

SUMMARY: In compliance with the requirements of the Paperwork Reduction 
Act of 1995, the Federal Energy Regulatory Commission (Commission or 
FERC) is soliciting public comment on the new information collection 
designated as FERC-725B4 (Mandatory Reliability Standards: Critical 
Infrastructure Protection Reliability Standards CIP-004-7 and CIP-011-
3), which will be submitted to the Office of Management and Budget 
(OMB) for a review of the information collection requirements.

DATES: Comments on the collection of information are due August 12, 
2022.

ADDRESSES: Send written comments on FERC-725B4 to OMB through 
www.reginfo.gov/public/do/PRAMain, Attention: Federal Energy Regulatory 
Commission Desk Officer. Please identify the OMB control number (1902-
TBD) in the subject line. Your comments should be sent within 30 days 
of publication of this notice in the Federal Register.
    Please submit copies of your comments (identified by Docket No. 
RD21-6-000) to the Commission as noted below. Electronic filing through 
http://www.ferc.gov, is preferred.
     Electronic Filing: Documents must be filed in acceptable 
native applications and print-to-PDF, but not in scanned or picture 
format.
     For those unable to file electronically, comments may be 
filed by USPS mail or by hand (including courier) delivery.
    [cir] Mail via U.S. Postal Service Only: Addressed to: Federal 
Energy Regulatory Commission, Secretary of the Commission, 888 First 
Street NE, Washington, DC 20426.
    [cir] Hand (including courier) delivery: Deliver to: Federal Energy 
Regulatory Commission, 12225 Wilkins Avenue, Rockville, MD 20852.
    Instructions: OMB submissions must be formatted and filed in 
accordance with submission guidelines at www.reginfo.gov/public/do/PRAMain; Using the search function under the ``Currently Under Review 
field,'' select Federal Energy Regulatory Commission; click ``submit'' 
and select ``comment'' to the right of the subject collection.
    FERC submissions must be formatted and filed in accordance with 
submission guidelines at: http://www.ferc.gov. For user assistance, 
contact FERC Online Support by email at [email protected], or 
by phone at: (866) 208-3676 (toll-free).
    Docket: Users interested in receiving automatic notification of 
activity in this docket or in viewing/downloading comments and 
issuances in this docket may do so at http://www.ferc.gov.

FOR FURTHER INFORMATION CONTACT:  Ellen Brown may be reached by email 
at [email protected] and telephone at (202) 502-8663.

SUPPLEMENTARY INFORMATION:
    Title: FERC-725B4, Mandatory Reliability Standards: Critical 
Infrastructure Protection Reliability Standards CIP-004-7 and CIP-011-
3.\1\
---------------------------------------------------------------------------

    \1\ FERC-725B4 is an interim information collection number that, 
as of December 2021 (when the 60-day notice was issued) accommodated 
the need to seek timely approval during the pendency of an unrelated 
information collection request pertaining to FERC-725B (OMB Control 
No. 1902-0248). In addition, the implementation plan for CIP-004-7 
and CIP-011-3 provides that those Reliability Standards become 
effective on the first day of the first calendar quarter that is 24 
calendar months after the effective date of the Commission's order, 
so that Responsible Entities have sufficient time to come into 
compliance with the revised Reliability Standards. FERC-725B 
continues to cover the current requirements of the standards, before 
implementation of the revised requirements of Docket No. RD21-6-000. 
FERC-725B has been renewed with an expiration date of May 31, 2025. 
Thus, if and when OMB approves the information collection request 
for FERC725B4, the Commission intends to seek OMB's approval to add 
this collection of information to FERC-725B.
---------------------------------------------------------------------------

    OMB Control No.: TBD.
    Type of Request: Approval of proposed changes as described in 
Docket No. RD21-6-000.
    Abstract: On September 15, 2021 the North American Electric 
Reliability Corporation (NERC) filed a petition requesting approval of 
two Reliability Standards: CIP-004-7 (Cyber Security, Personnel and 
Training) and CIP-011-3 (Cyber Security, Information Protection). NERC 
described the proposed Reliability Standards as ``Addressing Bulk 
Electric System Cyber System Information Access Management.'' The 
petition was noticed on September 22, 2021, with interventions and 
comments due by October 6, 2021.\2\ The Commission did not receive any 
interventions or comments.
---------------------------------------------------------------------------

    \2\ 86 FR 52667, at 52668.
---------------------------------------------------------------------------

    On December 7, 2021, the Designated Letter Order (DLO) in Docket 
No. RD21-6-000 approved the proposed Reliability Standards, and found 
that the modified Reliability Standards enhance security as discussed 
below.
    At present, Reliability Standard CIP-004-6 requires Responsible 
Entities to control access to Bulk Electric System Cyber System 
Information (BCSI) by managing access to a designated storage location, 
such as an electronic document or physical file room. Reliability 
Standard CIP-004-7 removes references to ``designated storage 
locations'' of BCSI and requires an access management program to 
authorize, verify and revoke provisioned access to BCSI. This change 
updates CIP-004 by focusing on controls at the file level (e.g., 
rights, permissions, privileges) of BCSI and reduces the need for 
access to only a physical, designated storage location for BCSI.
    Reliability Standard CIP-011-3 clarifies the requirements of 
protecting and handling BCSI with the goal of providing flexibility for 
Responsible Entities to use third-party data storage and analysis 
systems. Specifically, Reliability Standard CIP-011-3 requires 
Responsible Entities to implement specific controls related to BCSI 
during storage handling use, and disposal of information when 
implementing services provided by third parties.
    Type of Respondents: Businesses and other for-profit entities.
    Estimate of Annual Burden: The Commission estimates 686 responses 
annually, and per-response burdens of 10 hours and $850.20. The total 
estimated burdens per year are 6,860 hours and $583,237.20. These 
burdens are itemized in the following table:

[[Page 41708]]



------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
                                                      B. Annual
                                    A. Number of      number of        C. Total number of     D. Average burden hours \4\ &     E. Total annual burden hours &
                                     respondents    responses per          responses              cost per response \5\             total annual cost \6\           F. Cost per respondent ($)
                                         \3\         respondent
                                                                       (Column A x Column B)                                 (Column C x Column D)..............  (Column E / Column A)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CIP-004-7........................             343               1                        343  10 hours & $850.20...........  3,430 hours & $291,618.60..........  10 hours & $850.20
CIP-011-3........................             343               1                        343  10 hours & $850.20...........  3,430 hours & $291,618.60..........  10 hours & $850.20
                                  --------------------------------------------------------------------------------------------------------------------------------------------------------------
    Totals.......................             686  ..............                        686  .............................  6,860 hours & $583,237.20..........  20 hours & $1,700.40
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Comments are invited on: (1) whether the collection of information 
is necessary for the proper performance of the functions of the 
Commission, including whether the information will have practical 
utility; (2) the accuracy of the agency's estimate of the burden and 
cost of the collection of information, including the validity of the 
methodology and assumptions used; (3) ways to enhance the quality, 
utility and clarity of the information collection; and (4) ways to 
minimize the burden of the collection of information on those who are 
to respond, including the use of automated collection techniques or 
other forms of information technology.
---------------------------------------------------------------------------

    \3\ The number of respondents is based on the NERC Compliance 
Registry as of June 22, 2021. Currently there are 1,508 unique NERC 
Registered Entities, subtracting 16 Canadians Entities yields 1,492 
U.S. NERC Registered Entities subject to the CIP Standards. However, 
only those NERC Registered Entities that own Medium Impact or High 
Impact BES Cyber System are subject to the CIP Standards in this 
filing which is estimated to be 343 NERC Registered Entities.
    \4\ Of the average estimated twenty (20) hours per response, all 
twenty (20) hours are for the one-time effort of updating or 
changing documentation for record-keeping burden that is already 
accounted for.
    \5\ Commission staff estimates that the average industry hourly 
cost for this information collection is $85.02/hour based on the 
following occupations from the Bureau of Labor Statistics: (1) 
Manager (Occupational Code: 11-0000): $97.89/hour; and (2) 
Electrical Engineer (Occupational Code 17-2071): $72.15/hour. 
Source: http://bls.gov/oes/current/naics3_221000.htm, as of June 
2021.

    Dated: July 7, 2022.
Kimberly D. Bose,
Secretary.
[FR Doc. 2022-14925 Filed 7-12-22; 8:45 am]
BILLING CODE 6717-01-P