Standards and Guidelines Working Group Status Updates

2005 Jun 09Washington DC

Critical Infrastructure Protection Committee

Public Release

Update ItemsAs of 2005 Jun 09

Subject Area: Min:

1 SGWG Objectives for 2005/2006 - Confirmation 5

2 SGWG Process Flow and Decision Making 5

3 Review of CIPC Document Types 10

4 SAC Standard Documents and CIPC Document Types 5

5 Guideline Template & Usage Guide 5

6 Accumulation and Handling of Comments for the Next Round of Guideline Updates

5

7 Status of Guideline Reviews and Updates 5

SGWG Objectives for 2005/2006

1. Secure endorsement for the standard document shell for CIPC guidelines

2. Identify CIPC document types and define as to purpose, application rules, relationships with other documents

3. Review existing guidelines and recommend for updating or discontinuance

4. Recommend streamlining of reviewing and approving CIPC guidelines

5. On-going reviews of guidelines and other documents

SGWG Document Review Process Flow SGWG Document Review Process

NER

C B

oard

of

Trus

tees

Stan

dard

s an

d G

uide

lines

WG

Orig

inat

or/D

rafte

rC

IPC

Mai

n

4aCirculatedraft for

comments

2aSchedulereviews

3enough

time for agroup

review?

1bReceiveand log

Yes

6aAny special

considerations?

4bChair to review format andadvise the SGWG members

re results

No

No

Yes

Originator/Drafter can be: * any CIPC working group or task team * individuals * other NERC Committees

4cReview if

anyspecial

considerations

needed

1aDraft orupdate

guidelineand

submit

8aNotify re

completion ofSGWG review

(or lack thereof)

2dLog

drafts

6bSGWG vote?

2bReceiveperiodicstatusreport

Yes

No

8cParticipatein a CIPC

review

5aChair checksconsolidates

comments

6cConsider

SGWGcomments

7ado nothing.

Wait for draftto come to a

CIPCdiscussion

Endorsed

9cConsider feedback and

go to 1a

Not endorsed

Quorum Required2/3 affirmative to pass

7bAdvise no time

for a SGWGgroup review

8bReview.

Endorse?

9aReview.

Approve?

10aPublish

theguideline

Approved

J:\\cip\nerc sgwg\sgwg guidelines approvalprocess map v4.vsd 2005 Apr 18 S Harada

9bAdvisedrafter

Not Approved

10bUpdate

GuidelinesLog

NERC Critical Infrastructure Protection Committee

SGWG Main Function:1. Provide standard format for CIPC documents.

2. Review DRAFTS for:

• Standard Components

• Consistency

• References

• Tone of language

3. Will stay away from value judgment on the content. That will be left with the drafting teams.

Potential CIPC Document Types for SGWG Reviews

Type: Example: SGWG Review:

1 Policies Spare Equipmt Database (SED) ??

2 Standards CIP 001 to CIP 009 No.

3 Guidelines Risk Assessment Guidelines Format only

4 FAQs FAQ Cyber Security DRAFT #3 No?

5 Glossary of Terms

BES (Bulk Electric System) Scan existing when shifted

6 Procedure SED Usage Procedure Format only?

7 Reference (or White Paper)

Risk Assessment Methodologies

No.

SGWG Review of White/Reference Papers

RAWG has produced a White Paper on Risk Assessment Methodologies

Discussion Points:1. Does SGWG need to review White Papers and

reference documents, or do SGWG members join the general CIPC members in providing comments?

2. If SGWG did, what value can SGWG add?

SGWG Consensus: SGWG will not get involved in the reviews of

White papers. However, it may act as an unofficial proof reader.

SAC Document Types and CIPC Guidelines

SAC announced a list of supporting documents that support “Standards”:1. Standard Reference2. Standard Supplement 3. Procedure 4. Practice 5. Training Reference 6. Technical Reference 7. White Paper

Discussion Points:1. There is no such document as ‘guidelines’2. CIPC has guidelines without supporting

standards.3. Does NERC recognize “guidelines”?

The Guideline Template

Refer to the two Word documents:• “Guideline Template”• “Usage Guide”

Discussion Points:

1. Document ID for Guidelines2. Preamble (See next foil)3. Guideline Statement and Guideline Details4. Definitions (treat Global and Local differently)5. Certified Products (eliminated)6. Exceptions (eliminated)

Review of the Guideline Template

Preamble:

“ This Guideline addresses potential risks that can apply to some Electricity Sector Organizations and provides practices that can help mitigate the risks. Each organization decides the risk it can accept and the practices it deems appropriate to manage its risk.”

Why the capitalization?

The Guideline Template Usage Guide

Usage Guide provides a description of:

• What information to provide in which section of a CIPC guideline

• What tone of language to use

Decision Requested:

CIPC approve the:

1. Guideline Template2. Template Usage Guide

Status of Document Reviews

SGWG members reviewing existing guidelines:1. Reviewed 10 guidelines in March 20052. 5 more being reviewed

Discussion Points:

• Most of the reviewed guidelines need updating and are being assigned to the originating team or individuals.

Accumulation of Guideline Comments:

A CIPC member asked what to do with the comments he or she might come up in between document update cycles.

SGWG Consensus:

1. SGWG recommends these comments be sent to the SGWG Chair who will identify the working/task team/individual responsible for the document, pass on the comment, and let the comment originator know.

Reviews of the Recent Document DRAFTS:

SGWG Review comments passed to the drafters of:

1. Threat Alert System and Physical Response Guidelines for the Electric Sector - V 3.0

2. Vulnerability and Risk Assessment V2 - Guideline

3. Spare Equipment Database Usage Guide - Procedure