Skip to content

Configuration Change Management and Vulnerability Assessments

ID Number: RRC-CIP-010-1

(CIP) Critical Infrastructure Protection

Purpose: To prevent and detect unauthorized changes to Bulk Electric System Cyber Systems (BCS) by specifying configuration change management and vulnerability assessment requirements in support of protecting BCS from compromise that could lead to misoperation or instability in the Bulk Electric System (BES).

Noticed
Status: Board Approved
  1. The TAC Recommendation Submittal Package for the Configuration Change Management and Vulnerability Assessments (RRC-CIP-010-1) and Communication between Control Centers (RRC-CIP-012-1) Critical Infrastructure Protection (CIP) standards, each developed by Working Groups led by the RRC’s Chief Technical Officer. This package was noticed on June 23, 2025, and is slated for action by the Board on July 7, 2025.

    • Standards Development
  2. The Manager's letter to the Working Group introducing the recommendations for the Configuration Change Management and Vulnerability Assessments (RRC-CIP-010-1) and Communication between Control Centers (RRC-CIP-012-1) standards.

    • Standards Development