Background Information
On January 19, 2023, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) to develop and submit, within 15 months of the effective date of the final rule for FERC approval, new or modified Reliability Standards that require internal network security monitoring within a trusted Critical Infrastructure Protection networked environment for all high impact Bulk Electric System (BES) Cyber Systems with and without external routable connectivity and medium impact BES Cyber Systems with external routable connectivity. In addition, FERC directed NERC to perform a study of all low impact BES Cyber Systems with and without external routable connectivity and medium impact BES Cyber Systems without external routable connectivity and to submit its study report to FERC within 12 months of the issuance of the final rule.
 
To meet FERC’s directive to conduct a study of these BES Cyber Systems, NERC is developing this proposed request for data or information in accordance with Section 1600 of the NERC Rules of Procedure. Given the directive deadline, the NERC Board of Trustees (Board) authorized the use of shortened review and comment periods pursuant to Section 1606 of the NERC Rules of Procedure. NERC provided this proposed data request to the FERC Office of Electric Reliability for information on March 8, 2023. NERC posted this proposed data request for public comment for a twenty-one (21)-day comment period beginning on March 24, 2023 in accordance with Section 1600 of the NERC Rules of Procedure. Once issued, this proposed data request will be mandatory for the Reporting Entities listed below (see question 2). Although not required, Canadian registered entities are encouraged to participate.

T