Legal Status This site displays a prototype of a “Web 2.0” version of the daily
Federal Register. It is not an official legal edition of the Federal
Register, and does not replace the official print version or the official
electronic version on GPO’s govinfo.gov.

The documents posted on this site are XML renditions of published Federal
Register documents. Each document posted on the site includes a link to the
corresponding official PDF file on govinfo.gov. This prototype edition of the
daily Federal Register on FederalRegister.gov will remain an unofficial
informational resource until the Administrative Committee of the Federal
Register (ACFR) issues a regulation granting it official legal status.
For complete information about, and access to, our official publications
and services, go to About the Federal Register on NARA's archives.gov.

The OFR/GPO partnership is committed to presenting accurate and reliable
regulatory information on FederalRegister.gov with the objective of
establishing the XML-based Federal Register as an ACFR-sanctioned
publication in the future. While every effort has been made to ensure that
the material on FederalRegister.gov is accurately displayed, consistent with
the official SGML-based PDF version on govinfo.gov, those relying on it for
legal research should verify their results against an official edition of
the Federal Register. Until the ACFR grants it official status, the XML
rendition of the daily Federal Register on FederalRegister.gov does not
provide legal notice to the public or judicial notice to the courts.

Legal Status

Notice

North American Electric Reliability Corporation; Order Approving Reliability Standard CIP-002-8

A Notice by the Federal Energy Regulatory Commission on 03/24/2026

• 1.

1.

• Document Details Published Content - Document Details Agencies Department of Energy Federal Energy Regulatory Commission Agency/Docket Number Docket No. RD25-8-000 Document Citation 91 FR 14013 Document Number 2026-05715 Document Type Notice Pages 14013-14015
  (3 pages) Publication Date 03/24/2026 Published Content - Document Details

• PDF Official Content

  • View printed version (PDF) Official Content

• Document Details Published Content - Document Details Agencies Department of Energy Federal Energy Regulatory Commission Agency/Docket Number Docket No. RD25-8-000 Document Citation 91 FR 14013 Document Number 2026-05715 Document Type Notice Pages 14013-14015
  (3 pages) Publication Date 03/24/2026 Published Content - Document Details

• Table of Contents Enhanced Content - Table of Contents This table of contents is a navigational tool, processed from the
  headings within the legal text of Federal Register documents.
  This repetition of headings to form internal navigation links
  has no substantive legal effect.

  • Footnotes Enhanced Content - Table of Contents

• Public Comments Enhanced Content - Public Comments This feature is not available for this document.

Enhanced Content - Public Comments
- Regulations.gov Data Enhanced Content - Regulations.gov Data Additional information is not currently available for this document.

Enhanced Content - Regulations.gov Data

- Sharing Enhanced Content - Sharing Shorter Document URL https://www.federalregister.gov/d/2026-05715 Email Email this document to a friend Enhanced Content - Sharing

• Print Enhanced Content - Print
  • Print this document Enhanced Content - Print
• Other Formats Enhanced Content - Other Formats This document is also available in the following formats:

JSON Normalized attributes and metadata XML Original full text XML MODS Government Publishing Office metadata More information and documentation can be found in our developer tools pages.

Enhanced Content - Other Formats
- Public Inspection Public Inspection This PDF is FR Doc. 2026-05715 as it appeared on Public Inspection on
03/23/2026 at 8:45 am.

It was viewed
9
times while on Public Inspection.

If you are using public inspection listings for legal research, you
should verify the contents of the documents against a final, official
edition of the Federal Register. Only official editions of the
Federal Register provide legal notice of publication to the public and judicial notice
to the courts under 44 U.S.C. 1503 & 1507. Learn more here.

Public Inspection
Published Document: 2026-05715 (91 FR 14013) This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Document Headings Document headings vary by document type but may contain
the following:

1. the agency or agencies that issued and signed a document
2. the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to
3. the agency docket number / agency internal file number
4. the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details.

Department of Energy

Federal Energy Regulatory Commission

1. [Docket No. RD25-8-000] North American Electric Reliability Corporation, 1401 H Street NW, Suite 410, Washington, DC 20005. Attention: Lauren A. Perotti, Sarah P. Crawford, Amy E. Engstrom.

Dear Ms. Perotti, Ms. Crawford, and Ms. Engstrom:

1. On December 20, 2024, the North American Electric Reliability Corporation (NERC), the Commission-certified Electric Reliability Organization, submitted a petition seeking approval of proposed Critical Infrastructure Protection (CIP) Reliability Standard CIP-002-8 (Cyber Security—BES Cyber System Categorization) and the modification of the term control center in the Glossary of Terms Used in NERC Reliability Standards (NERC Glossary). [1 ] NERC also requested approval of the associated implementation plans, violation risk factors, and violation severity levels, as well as the retirement of Reliability Standard CIP-002-7. [2 ] For the reasons discussed below, pursuant to section 215(d)(2) of the Federal Power Act (FPA), [3 ] we approve proposed Reliability Standard CIP-002-8 and the related definition.

2. NERC explains that the purpose of proposed Reliability Standard CIP-002-8 is to identify and categorize bulk electric system (BES) cyber systems and their associated BES cyber assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES cyber systems could have on the reliable operation of the BES. [4 ] Further, NERC notes that responsible entities are required to categorize BES cyber systems as low, medium, or high impact based on the characteristics of their BES facilities, which determines the applicability of the suite of CIP Reliability Standards. [5 ] NERC also states that Attachment 1 of proposed Reliability Standard CIP-002-8 includes the impact rating criteria used to determine the impact level for BES cyber systems.

3. NERC proposes to revise the definition of the term control center in the NERC Glossary to alleviate confusion from a lack of common understanding of the term “control” as opposed to “authority.” [6 ] NERC explains that the revision to the definition expands the reach of the term to incorporate transmission owners “so that a Transmission Owner is considered to have a Control Center if it has the capability to control transmission Facilities at two or more locations using SCADA,” i.e., supervisory control and data acquisition. [7 ] NERC asserts that the revised definition of control center advances reliability by clarifying the facilities that are subject to the CIP requirements.

4. NERC proposes to modify Criterion 2.12 of Attachment 1 of proposed Reliability Standard CIP-002-8. [8 ] NERC explains that proposed Criterion 2.12 assigns a weighted value to the transmission lines that a control center monitors and controls to assess the appropriate impact of BES cyber systems associated with a control center. Pursuant to the results of a field test conducted by the NERC Standards Development Team, NERC determined that a threshold of 6,000 for the total ( printed page 14014) aggregate weighted value, [9 ] with appropriate inclusion and exclusion criteria, would sufficiently differentiate medium and low impact BES cyber systems associated with control centers that are operated by a transmission operator or owned by a transmission owner. [10 ] NERC explains that proposed Criterion 2.12 contains an exclusion clause that allows responsible entities to categorize their BES cyber systems at control centers at a level commensurate with the risk for local systems that have limited flow-through or export generation and are primarily designed to serve load without extending the exclusion to large control areas. [11 ]

5. NERC's proposed implementation plan states that proposed Reliability Standard CIP-002-8 and the proposed definition for control center shall become effective on the later of either the effective date of Reliability Standard CIP-002-7 or the first day of the first calendar quarter that is three calendar months after the effective date of the Commission's order approving proposed Reliability Standard CIP-002-8. NERC concludes that the implementation plan is designed to “balance the urgency to implement the requirements while affording Responsible Entities time to incorporate the updated requirements into their processes.” [12 ]

6. Notice of NERC's petition was published in the Federal Register, 90 FR 24606 (June 11, 2025), with interventions and protests due on or before July 7, 2025. Public Citizen, Inc. filed a timely motion to intervene. No comments or protests were submitted. Pursuant to Rule 214 of the Commission's Rules of Practice and Procedure, 18 CFR 385.214 (2025), the timely, unopposed motion to intervene serves to make Public Citizen, Inc. a party to the proceeding.

7. Pursuant to section 215(d)(2) of the FPA, we approve proposed Reliability Standard CIP-002-8 as well as the proposed control center definition for inclusion in the NERC Glossary, as just, reasonable, not unduly discriminatory or preferential, and in the public interest. We also approve the proposed Reliability Standard's associated violation risk factors and violation severity levels, as well as the proposed implementation plans. Finally, we approve the retirement of Reliability Standard CIP-002-7 immediately prior to the effective date of proposed Reliability Standard CIP-002-8.

8. We find that proposed Reliability Standard CIP-002-8 would advance the reliable operation of the BES by better aligning the level of impact BES cyber systems could have on the reliable operation of the Bulk-Power System as a result of loss, compromise, or misuse of those systems. Further, we determine that the proposed definition of control center would strengthen reliability by improving risk identification, allowing responsible entities to focus on protecting assets that pose a higher reliability risk if unavailable, degraded, or compromised. Lastly, the revised definition would also help responsible entities in interpreting the control center definition by making clear that a transmission owner may have a control center through its capability to control transmission facilities.

Information Collection Statement

1. The FERC-725B information collection requirements are subject to review by the Office of Management and Budget (OMB) under section 3507(d) of the Paperwork Reduction Act of 1995. OMB's regulations require approval of certain information collection requirements imposed by agency rules. Upon approval of a collection of information, OMB will assign an OMB control number and expiration date. Respondents subject to the filing requirements will not be penalized for failing to respond to these collections of information unless the collections of information display a valid OMB control number. The Commission solicits comments on the need for this information, whether the information will have practical utility, the accuracy of the burden estimates, ways to enhance the quality, utility, and clarity of the information to be collected or retained, and any suggested methods for minimizing respondents' burden, including the use of automated information techniques.

2. The Commission bases its paperwork burden estimates on the additional paperwork burden presented by the proposed revisions to Reliability Standard CIP-002-8. Reliability Standards are objective-based and allow entities to choose compliance approaches best tailored to their systems. The NERC Compliance Registry, as of June 2025, identifies approximately 1,673 [13 ] U.S. entities that are subject to mandatory compliance with Reliability Standards.

3. Of this total, we estimate that 1,573 entities will face a minor increase in paperwork burden of two hours each for a total burden hours increase of 3,146 at $97 [14 ] per hour for $194 per entity and a total $305,162 burden for the first year and no ongoing burdens in addition to the burden already accounted for in the OMB control number for CIP Reliability Standards.

4. Additionally, we estimate that another 100 entities will have a burden of four hours each for a total burden hours increase of 400 at $85 per hour for a total burden of $38,000 for the first year and no ongoing burdens in addition to the burden already accounted for in the OMB control number for CIP Reliability Standards.

5. The responses and burden hours for Years 1-3 will total respectively as follows:

• Year 1-3 each: for proposed Reliability Standard CIP-002-8 will be 557.67 responses; 1,182 hours;
• The annual cost burden for each Year 1-3 is $101,803 for proposed Reliability Standard CIP-002-8. Title: Mandatory Reliability Standards, Revised Critical Infrastructure Standards.

Action: Revision 8 of CIP-002 under FERC-725B Mandatory Reliability Standards—CIP Reliability Standards.

OMB Control No.: 1902-0248.

Respondents: Businesses or other for-profit institutions; not-for-profit institutions.

Frequency of Responses: On Occasion.

Necessity of the Information: This order approves proposed Reliability Standard CIP-002-8 related to the ( printed page 14015) identification and categorization of BES cyber systems and their associated BES cyber assets. As discussed above, the Commission approves the proposed Reliability Standard CIP-002-8 pursuant to section 215(d)(2) of the FPA because the Standard would advance reliability by revising the threshold for applicable transmission owners and transmission operators to categorize their BES cyber systems based on the impact to their associated facilities, systems, and equipment, which, if destroyed, degraded, misused, or otherwise rendered unavailable would affect the reliability of the BES.

Internal Review: The Commission has reviewed the proposed Reliability Standard and made a determination that its action is necessary to implement section 215 of the FPA.

1. Interested persons may obtain information on the reporting requirements by contacting the following: Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426 [Attention: Kayla Williams, Office of the Executive Director, email: DataClearance@ferc.gov, phone: (202) 502-6468].

2. For submitting comments concerning the collection(s) of information and the associated burden estimate(s), please send your comments to the Commission, and to the Office of Management and Budget, Office of Information and Regulatory Affairs, Washington, DC 20503 [Attention: Desk Officer for the Federal Energy Regulatory Commission, phone: (202) 395-4638, fax: (202) 395-7285]. For security reasons, comments to OMB should be submitted by email to: oira_submission@omb.eop.gov. Comments submitted to OMB should include Docket Number RD25-8-000 and OMB Control Number 1902-0248.

3. In addition to publishing the full text of this document in the Federal Register, the Commission provides all interested persons an opportunity to view and/or print the contents of this document via the internet through the Commission's Home Page (http://www.ferc.gov).

4. From the Commission's Home Page on the internet, this information is available on eLibrary. The full text of this document is available on eLibrary in PDF and Microsoft Word format for viewing, printing, and/or downloading. To access this document in eLibrary, type the docket number excluding the last three digits of this document in the docket number field.

5. User assistance is available for eLibrary and the Commission's website during normal business hours from the Commission's Online Support at (202) 502-6652 (toll free at 1-866-208-3676) or email at ferconlinesupport@ferc.gov, or the Public Reference Room at (202) 502-8371, or (202) 502-8659 for TTY. Email the Public Reference Room at public.referenceroom@ferc.gov.

6. All submissions must be formatted and filed in accordance with submission guidelines at: http://www.ferc.gov/​help/​submission-guide.asp. For user assistance, contact FERC Online Support by email at ferconlinesupport@ferc.gov, or by phone at: (866) 208-3676 (toll-free), or (202) 502-8659 for TTY.

By direction of the Commission.

Issued: March 19, 2026.

Carlos D. Clay,

Deputy Secretary.

Footnotes

1.

                     NERC Petition at 1.

Back to Citation 2.

                     The revisions to proposed Reliability Standard CIP-002 are layered on top of the current NERC Board of Trustees approved draft, proposed Reliability Standard CIP-002-7, which we are approving in a concurrent order. *Id.* at 11; *Virtualization Reliability Standards,* 194 FERC ¶ 61,209 (2026).

Back to Citation 3. 16 U.S.C. 824o(d)(2).

Back to Citation 4.

                     NERC Petition, Ex. A-1 (CIP-002-8 Clean) at 3.

Back to Citation 5.

                     NERC Petition at 3.

Back to Citation 6. Id. at 12.

Back to Citation 7. Id.

Back to Citation 8. Id. at 15-17.

Back to Citation 9.

                     Aggregated weighted value is a point system based on voltage values (in kilovolts (kV)) for BES transmission lines that are monitored and controlled by a control center through inclusion of each BES transmission line that is connected between two or more transmission stations or substations. *Id.* at 16. The higher the kV for a BES transmission line, the higher assigned points for that line, indicating a larger potential adverse impact on the BES if the control center was lost, compromised, or misused; thus, meriting classifying the control center as a medium impact BES cyber system. *See id.*

Back to Citation 10. Id. at 15 (citing NERC, NERC Project 2021-03 CIP-002 Transmission Owner Control Center Field Test Final Report 6 (Jan. 2023), https://www.nerc.com/​globalassets/​standards/​projects/​2021-03/​2021-03​cip-002​tocc​field​test​final​report_​01262023.pdf (concluding that under a range of power flow scenarios, 22 entities, which are both below and above the 6,000 aggregated weighted value bright line and are likely to be impacted by a modification to Criterion 2.12, did not experience an adverse impact to the BES that would merit classifying the control centers that are operated by a transmission operator or owned by a transmission owner as medium impact BES cyber systems)).

Back to Citation 11. Id. at 17-21.

Back to Citation 12. Id. at 22.

Back to Citation 13.

                     The “Number of Entity” data is compiled from the June 2025 edition of the NERC Compliance Registry.

Back to Citation 14.

                     The hourly cost for wages is based in part on the average of the occupational categories from the Bureau of Labor Statistics website (*[http://www.bls.gov/​oes/​current/​naics2_​22.htm](http://www.bls.gov/oes/current/naics2_22.htm)*) plus benefits: Legal (Occupation Code: 23-0000): $162.66; Electrical Engineer (Occupation Code: 17-2071): $79.31; Office and Administrative Support (Occupation Code: 43-0000): $48.59 ($162.66 + $79.31 + $48.59) ÷ 3 = $96.85. The figure is rounded to $97.00 for use in calculating wage figures in this Order.

Back to Citation [FR Doc. 2026-05715 Filed 3-23-26; 8:45 am]

BILLING CODE 6717-01-P

Published Document: 2026-05715 (91 FR 14013)