sos logo, Reliability MattersSOS University logo

Effective Requirements Summary

Solutions List

SOS Intl 2018 Copyright      |       Privacy Policy

Initial performance for this Part is required by October 1, 2016 (i.e., within 3 calendar months after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015.


The evidence of compliance here includes:


•  Dated documentation of the    

   verification between the system

   generated list of individuals who

   have been authorized for access

   (i.e., workflow database) and a

   system generated list of personnel

   who have access (i.e., user

   account listing)


  Dated documentation of the

   verification between a list of

   individuals who have been

   authorized for access (i.e.,  

   authorization forms) and a list

   of individuals provisioned for

   access (i.e., provisioning forms

   or shared account listing).








SOS Industry Expert

CIP-004-6 Requirement 4.2

Jim Stanton

Director of Advisory Services


Vegetation Management

This standard is applicable to:


• Planning Authority and

  Planning  Coordinator

• Transmission Planner

• Balancing Authority

• Resource Planner

• Load Serving Entity

• Distribution Provider


MOD-031-2 Demand and Energy Data

Effective date October 1, 2016. 


Adjusted MVCD (minimum vegetation clearance distance) values in Table 2 for alternating current systems, consistent with findings reported in report filed on August 12, 2015 in Docket No. RM12-4-002 consistent with FERC’s directive in Order No. 777, and based on empirical testing results for flashover distances between conductors and vegetation.

This standard addresses Total Internal Demand, Net Energy for Load, and Demand Side Management data that may be requested by the Planning Coordinator or Balancing Authority. If such data is needed, the Planning Coordinator or Balancing Authority will issue a request. The remaining requirements entail the obligation to respond to the request by the identified applicable entities.

This requirement is applicable to:


High Impact BES Cyber Systems and their associated:



2. PACS  

Medium Impact BES Cyber Systems with External Routable Connectivity

and their associated:



2. PACS  

Wrong password.