CIP-004-AB-7 & CIP-011-AB-3

Consultation has concluded

Decision Issued

On March 14, 2024, the AESO forwarded a Forwarding Notice with the Alberta Utilities Commission (AUC) requesting approval of the proposed new CIP-004-AB-7, CIP-011-AB-3, AND CIP-PLAN-AB-3, and retirement of existing CIP-004-AB-5.1, CIP-011-AB-1, and CIP-PLAN-AB-2 (CIP-004-AB-7 & CIP-011-AB-3).

In Decision 28903-D01-2024, dated May 2, 2024, the AUC approved adoption of proposed new CIP-004-AB-7 & CIP-011-AB-3. 

CIP-004-AB-7 & CIP-011-AB-3 will become effective on April 1, 2026. Early compliance with CIP-004-AB-7 and CIP-011-AB-3 is available as set out in CIP-PLAN-AB-3. 

Background

The AESO consulted with Stakeholders on CIP-004-AB-7 and CIP-011-AB-3 (adoption of CIP-004-AB-7, CIP-011-AB-3, and CIP-PLAN-AB-2 and the retirement of existing CIP-004-AB-5.1, CIP-011-AB-1, and CIP-PLAN-AB-2) which are focused on addressing new cyber security challenges facing the Alberta Interconnected Electric System (AIES). 

The purpose of CIP-004-AB-7 is to minimize BES Cyber Systems' risk from unauthorized access by requiring personnel risk assessment, training, and security awareness to protect the Bulk Electric System (BES) against compromise, misoperation, or instability.

CIP-011-AB-3 aims to safeguard BES Cyber System Information (BCSI) by specifying protection requirements, ensuring the security of BES Cyber Systems against compromise that could affect BES stability and operation.

Decision Issued

On March 14, 2024, the AESO forwarded a Forwarding Notice with the Alberta Utilities Commission (AUC) requesting approval of the proposed new CIP-004-AB-7, CIP-011-AB-3, AND CIP-PLAN-AB-3, and retirement of existing CIP-004-AB-5.1, CIP-011-AB-1, and CIP-PLAN-AB-2 (CIP-004-AB-7 & CIP-011-AB-3).

In Decision 28903-D01-2024, dated May 2, 2024, the AUC approved adoption of proposed new CIP-004-AB-7 & CIP-011-AB-3. 

CIP-004-AB-7 & CIP-011-AB-3 will become effective on April 1, 2026. Early compliance with CIP-004-AB-7 and CIP-011-AB-3 is available as set out in CIP-PLAN-AB-3. 

Background

The AESO consulted with Stakeholders on CIP-004-AB-7 and CIP-011-AB-3 (adoption of CIP-004-AB-7, CIP-011-AB-3, and CIP-PLAN-AB-2 and the retirement of existing CIP-004-AB-5.1, CIP-011-AB-1, and CIP-PLAN-AB-2) which are focused on addressing new cyber security challenges facing the Alberta Interconnected Electric System (AIES). 

The purpose of CIP-004-AB-7 is to minimize BES Cyber Systems' risk from unauthorized access by requiring personnel risk assessment, training, and security awareness to protect the Bulk Electric System (BES) against compromise, misoperation, or instability.

CIP-011-AB-3 aims to safeguard BES Cyber System Information (BCSI) by specifying protection requirements, ensuring the security of BES Cyber Systems against compromise that could affect BES stability and operation.

  • CLOSED: This survey has concluded.

    The AESO is seeking an second round of written comments from Stakeholders on CIP-004-AB-7, CIP-001-AB-3 and CIP-PLAN-3 to understand key questions and concerns relating to reliability standard content, implementation or compliance. The AESO values stakeholder feedback and invites all interested stakeholders to provide their comments via the Stakeholder Feedback survey on or before January 24, 2023. 

    Instructions

    1.  To submit your feedback, you will need to be registered and signed in on the AESO Engage platform.
    2. Please click on the "Complete Stakeholder Feedback" box below to provide your specific comments.
    3. Please submit one completed Stakeholder Feedback survey per organization.
    4. Stakeholder Feedback results will be posted on AESO Engage, in their original state.
    5. Responses due on or before January 24, 2023.

    Stakeholder Questions:

    1. Do you have any questions, comments, or concerns related to the draft proposed new CIP-004-AB-7, Cyber Security - Personnel & Training (“CIP-004-AB-7”)? If so, please elaborate.
    2. Do you agree that the proposed new CIP-004-AB-7 is not technically deficient? If not, why? 
    3. Do you agree that the proposed new CIP-004-AB-7 supports the public interest? If not, why?
    4. Do you have any questions, comments, or concerns related to the draft proposed new CIP-011-AB-3, Cyber Security - Information Protection (“CIP-011-AB-3”)? If so, please elaborate.
    5. Do you agree that the proposed new CIP-011-AB-3 is not technically deficient? If not, why? 
    6. Do you agree that the proposed new CIP-011-AB-3 supports the public interest? If not, why?
    7. Do you have any questions, comments, or concerns related to the draft proposed new CIP-PLAN-AB-3, Implementation Plan for CIP (“CIP-PLAN-AB-3”)? If so, please elaborate.
    8. Do you agree that the proposed new CIP-PLAN-AB-3 is not technically deficient? If not, why? 
    9. Do you agree that the proposed new CIP-PLAN-AB-3 supports the public interest? If not, why?
    10. The AESO is proposing an effective date of April 1, 2026 with the option of electing an earlier effective date for interested parties as set out in CIP-PLAN-AB-3. Do you have concerns with this approach? If so, please elaborate.
    11. Do you have any questions, comments, or concerns related to the draft proposed amended AESO Information Document ID #2015-003RS, Guidance Information for CIP Standards (“ID#2015-003RS”)? If so, please elaborate.
    12. Do you have any questions, comments, or concerns related to the draft proposed AESO Reliability Standard Audit Worksheet (“RSAW”) for CIP-004-AB-7? If so, please elaborate.
    13. Do you have any questions, comments, or concerns related to the draft proposed AESO RSAW for CIP-011-AB-3? If so, please elaborate.
    14. Do you have any questions, comments, or concerns with the proposed retirement of the existing CIP-004-AB-5.1, CIP-011-AB-1, or CIP-PLAN-AB-2? If so, please elaborate.



    Consultation has concluded
  • CLOSED: This survey has concluded.

    The AESO is seeking an initial round of written comments from Stakeholders on CIP-004-AB-7, CIP-001-AB-3 and CIP-PLAN-3 to understand key questions and concerns relating to reliability standard content, implementation or compliance. The AESO values stakeholder feedback and invites all interested stakeholders to provide their comments via the Stakeholder Feedback survey on or before October 17, 2023. 

    Instructions

    1.  To submit your feedback, you will need to be registered and signed in on the AESO Engage platform.
    2. Please click on the "Complete Stakeholder Feedback" box below to provide your specific comments.
    3. Please submit one completed Stakeholder Feedback survey per organization.
    4. Stakeholder Feedback results will be posted on AESO Engage, in their original state.
    5. Responses due on or before October 17, 2023.

    Stakeholder Questions:

      1. Do you have any questions, comments, or concerns related to the draft proposed new CIP-004-AB-7, Cyber Security - Personnel & Training (“CIP-004-AB-7”)If so, please elaborate.
      2. Do you have any questions, comments, or concerns related to the draft proposed new CIP-011-AB-3, Cyber Security - Information Protection (“CIP-011-AB-3”)If so, please elaborate.
      3. Do you have any questions, comments, or concerns related to the draft proposed AESO Reliability Standard Audit Worksheet (“RSAW”) for CIP-004-AB-7? If so, please elaborate.
      4. Do you have any questions, comments, or concerns related to the draft proposed AESO RSAW for CIP-011-AB-3? If so, please elaborate.
      5. Do you have any questions, comments, or concerns related to the draft proposed new CIP-PLAN-AB-3, Implementation Plan for CIP Cyber Security Reliability Standards (“CIP-PLAN-AB-3”)If so, please elaborate.
      6. Do you have any questions, comments, or concerns related to the draft proposed amended AESO Information Document ID #2015-003RS, Guidance Information for CIP Standards (“ID#2015-003RS”)If so, please elaborate.
      7. The AESO is targeting an effective date of April 1, 2026. Do you have concerns with this date? If so, please elaborate and indicate a preferred effective date.  
      8. Would you like to have the option of complying with CIP-004-AB-7 and CIP-011-AB-3 early. If so, please elaborate. 
      9. Do you think a Reliability Standard Workshop is needed to discuss CIP-004-AB-7, CIP-011-AB-3, CIP-PLAN-3, ID #2015-003RS, or the RSAWs? If so, what topics relating to this draft material would you like to discuss at a Reliability Standard Workshop in Q4 2023?

    Consultation has concluded