Changeflow GovPing Government General CIP-003-11 Cyber Security Reliability Standard ...
Priority review Rule Amended Final

CIP-003-11 Cyber Security Reliability Standard Security Management Controls

Favicon for changeflow.com FERC eLibrary: Rulemakings - ChangeBridge
Published March 19th, 2026
Detected April 3rd, 2026
Email

Summary

FERC issued Order 918, a final rule adopting Critical Infrastructure Protection Reliability Standard CIP-003-11 (Cyber Security – Security Management Controls) under docket RM25-8. The order establishes updated security management control requirements for responsible entities operating the bulk electric system. Citation: 194FERC61,210.

View original document View source feed page

What changed

FERC Order 918 finalizes revisions to CIP-003-11, the Critical Infrastructure Protection reliability standard addressing cyber security management controls for the bulk electric system. The order, issued under RM25-8 and citing 194FERC61,210, modifies security management control requirements applicable to responsible entities as defined under the NERC reliability framework.\n\nRegistered entities subject to CIP reliability standards must implement the updated security management controls in accordance with the implementation timeline established under the standard development process. Non-compliance with FERC-approved reliability standards may result in enforcement action through NERC's compliance monitoring and enforcement program. Entities should review Order 918 and assess gaps between current security management controls and the revised standard requirements.

What to do next

  1. Review Order 918 and assess current CIP-003-11 implementation against updated requirements
  2. Update security management control policies and procedures to align with revised standard provisions
  3. Monitor NERC compliance deadlines for CIP-003-11 implementation

Source document (simplified)

Document Info for Accession Number: 20260319-3042

Details Document: 03/19/2026
Filed: 03/19/2026
Posted: 03/19/2026 11:59:08 AM
First Received Date: 03/19/2026 11:33:32 AM
Security Level: Public
Official: Yes
E-filing: No
Non-decisional: No
Category: Issuance
Library: Electric,Rulemaking
Aperture: 0
File Type:
Description* :** Order No. 918: Final Rule; Critical Infrastructure Protection Reliability Standard CIP-003-11 – Cyber Security – Security Management Controls under RM25-8.
File List

| Docket | Sub-Docket | Type |
| --- | --- | --- |
| RM25-8 | 000 | On Document |

| Document Class | Document Type |
| --- | --- |
| Order/Opinion | Commission Order/Opinion |

| Correspondent | Last Name | First Name | MI | Role/Org |
| --- | --- | --- | --- | --- |
| AUTHOR | CLAY | C | D | SECRETARY OF THE COMMISSION, FERC |
| AUTHOR | * | * | | COMMISSIONERS AND IMMEDIATE STAFF (THE COMMISSION) |

| Associate Type | Associate Numbers |
| --- | --- |
| Ferc Cite Number | 194FERC61,210 |
| Order Number | 918 |

Named provisions

CIP-003-11 - Cyber Security - Security Management Controls Security Management Controls

Related changes

Favicon for changeflow.com Public Notice on Records Governing Off-the-Record Communications RM98-1
Routine Apr 07, 2026 FERC eLibrary: Rulemakings - ChangeBridge Government General
Favicon for changeflow.com Order on Remand: Qualifying Facility Rates and PURPA Implementation
Priority review Apr 03, 2026 FERC eLibrary: Rulemakings - ChangeBridge Government General
Favicon for changeflow.com Virtualization Reliability Standards
Priority review Apr 03, 2026 FERC eLibrary: Rulemakings - ChangeBridge Government General
Favicon for changeflow.com Investor-owned electric utilities fuel factor proceedings requirements
Priority review Apr 07, 2026 Virginia Legislative Events Government General
Favicon for changeflow.com Virginia HB508 defines agrivoltaics for small renewable energy projects
Priority review Apr 07, 2026 Virginia Legislative Events Government General
Favicon for changeflow.com FERC accepts Fayetteville Express Pipeline tariff updates for system map URLs
Routine Apr 07, 2026 FERC eLibrary: Gas & Pipeline Orders - ChangeBridge Government General

Get daily alerts for FERC eLibrary: Rulemakings - ChangeBridge

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for changeflow.com
FERC eLibrary: Rulemakings - ChangeBridge changeflow.com/changebridge/ferc-elibrary/rulemakings
Government General
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
FERC
Published
March 19th, 2026
Instrument
Rule
Legal weight
Binding
Stage
Final
Change scope
Substantive
Document ID
194FERC61,210 / RM25-8
Docket
RM25-8
Supersedes
CIP-003-11 (prior version)

Who this affects

Applies to
Energy companies
Industry sector
2210 Electric Utilities
Activity scope
Cyber Security Reliability Standards Compliance Bulk Electric System Operations
Threshold
Responsible entities as defined under the NERC Glossary (including generators, transmission operators, and distribution providers serving bulk electric system functions)
Geographic scope
United States US

Taxonomy

Primary area
Energy
Operational domain
Compliance, IT Security
Compliance frameworks
NERC CIP NIST CSF
Topics
Cybersecurity Critical Infrastructure Protection

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 361 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Environmental Permits 1 Environmental Regulation 13 Government & Legislation 278 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legislative 1 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 14 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get alerts for this source

We'll email you when FERC eLibrary: Rulemakings - ChangeBridge publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.