← Back to all briefings

Infrastructure · Credibility 88/100 · · 2 min read

FERC Approves CIP-014-3 Physical Security Reliability Standard

FERC approved NERC’s CIP-014-3 standard, expanding physical security plan requirements for transmission substations and control centres.

Executive briefing: On March 21, 2024 the Federal Energy Regulatory Commission approved Reliability Standard CIP-014-3, which updates physical security requirements for transmission owners and operators. The revision adds third-party verifier independence criteria, clarifies threat assessment obligations, and mandates documented corrective action plans for critical facilities.

Key compliance signals

  • Independent review. Transmission owners must use independent verifiers that were not involved in developing vulnerability assessments.
  • Threat evaluation. CIP-014-3 clarifies how entities must consider physical attack scenarios and coordinate with law enforcement.
  • Corrective plans. Entities must develop and implement corrective action plans for identified vulnerabilities, documenting milestones and evidence of completion.

Control alignment

  • Security governance. Update physical security programs to incorporate CIP-014-3 assessment, verification, and documentation requirements.
  • Third-party management. Ensure verifiers meet independence criteria and maintain records for audit.
  • Incident coordination. Align security operations centres with law enforcement communication protocols outlined in the standard.

Action checklist

  • Perform a gap analysis against CIP-014-3 requirements and adjust physical security plans accordingly.
  • Engage independent verifiers early to schedule assessments before compliance deadlines.
  • Document corrective action milestones and evidence for NERC audit readiness.

Sources

Zeph Tech supports transmission operators in updating CIP-014 physical security plans, verifier contracts, and audit evidence.

  • FERC
  • CIP-014
  • Physical security
  • Compliance
Back to curated briefings