Skip to main content
Texas Reliability Entity
Texas RE webCDMS Access Go to webCDMS
Go Search
Skip Navigation Links
Compliance
Enforcement
Reliability
Registration
Standards & Rules
Stakeholder Outreach
About Us
Skip Navigation Links
Standards & Rules
National Reliability Standards
Actively Monitored NERC Standards
Critical Infrastructure Protection Standards FAQs
Regional Reliability Standards
Regional Reliability Standards Development
National Reliability Standards Development
Skip Navigation LinksHomeStandards & RulesNational Reliability StandardsCritical Infrastructure Protection Standards FAQs

Critical Infrastructure Protection Standards and Technical Feasibility Exception FAQs

One of the main responsibilities of Texas Reliability Entity, Inc. (Texas RE) is to enforce North American Electric Reliability Corporation (NERC) Reliability Standards. However, Texas RE also provides information to the registered entities about the implementation of these standards. With the continual development of Critical Infrastructure Protection (CIP) standards, registered entities need up-to-date information.

On January 18, 2008, the Federal Energy Regulatory Commission (FERC) issued Order No. 706 approving eight CIP Reliability Standards (CIP-002 through CIP-009). On September 30, 2009, FERC approved Version 2 of the CIP standards which became enforceable on April 1, 2010. The CIP standards require certain users, owners, and operators of the bulk-power system to comply with specific requirements to safeguard critical cyber assets.

Also in this section find information about Technical Feasibility Exceptions (TFEs). If you have any questions, concerns, or suggestions, please contact CIP@texasre.org External Link.

What is a Technical Feasibility Exception?
With the issuance of Order No. 706, FERC noted generally that there is legacy equipment on the bulk power system that may not meet the CIP requirements on day one, and although equipment replacement will often be appropriate to comply with the CIP standards, such as in instances where equipment is near the end of its useful life, the possibility of being required to replace equipment before the end of its useful life is a valid concern. As a result, FERC proposed to allow, in the near term, exceptions from compliance based on the concept of “technical feasibility” (referred to as Technical Feasibility Exceptions, or TFEs) in a limited set of circumstances. FERC observed that exceptions may be recognized, not only for technical feasibility reasons, but also for operational and safety considerations.

What is the NERC process for TFEs?
Please refer to the NERC Compliance Process Bulletin #2009-007, Amended Interim Approach to Technical Feasibility Exceptions External Link.

For more information about proposed Appendix 4D to the NERC Rules of Procedure - Technical Feasibility Exception, please visit the NERC Web site External Link.

What are the specific requirements in CIP-002 through CIP-009 to which a TFE may apply?
The following are the applicable requirements:

  • CIP-005-2/R2.4
  • CIP-005-2/R2.6
  • CIP-005-2/R3.1
  • CIP-005-2/R3.2
  • CIP-006-2/R1.1 including the Interpretation in Appendix 3
  • CIP-007-2/R2.3
  • CIP-007-2/R3.2
  • CIP-007-2/R4
  • CIP-007-2/R5.3.1
  • CIP-007-2/R5.3.2
  • CIP-007-2/R5.3.3
  • CIP-007-2/R6
  • CIP-007-2/R6.3

What are the qualifying considerations for a TFE?
The following are some, but not all, of the considerations that may qualify an entity as eligible for a TFE:

  • Strict compliance with an applicable requirement
    • is not technically feasible;
    • is not operationally feasible;
    • is precluded by technical limitations; or
    • could adversely affect the reliability of the BES.
  • While technically and operationally feasible, strict compliance cannot be achieved by the compliance due date to such factors as
    • scarce technical resources;
    • limited availability of required equipment or components; or
    • need to construct, install, or modify equipment during planned outages
  • Strict compliance cannot be acheived without
    • safety risks or issues that outweigh the reliability benefits;
    • conflict with or causing the entity to be non-compliant with a separate statutory or regulatory requirement that cannot be waived;
    • incurred costs exceed the benefits of compliance

What does my organization need to know when submitting a TFE request to Texas RE?
A TFE request must be submitted for each applicable requirement pertaining to a covered asset. The submitting entity may group multiple, similar covered assets into one submission, for example:

  • same asset type in multiple locations;
  • same basis for TFE request;
  • same compensating and/or mitigating measures; and/or
  • similar proposed expiration dates for the TFE.

The TFE Request Form Part A is submitted using the Technical Feasibility Exception Request - Part A form below. Texas RE will contact the entity regarding secure submission of the TFE Request Form Part B and mitigation plan if Texas RE accepts TFE Request Form Part A as a valid TFE request.


What guidance is available on deciding whether a registered entity has critical assets?
CIP Standard CIP-002 calls for registered entities to develop and implement a “risk-based assessment methodology” for determining critical assets.

The Critical Asset Guideline has been approved and posted along with CIP-002-3.  For the Guideline and other helpful documents, please see CIP-002-3 on the Reliability Standards External Link page of the NERC website.

Please visit the Electricity Sector Information Sharing and Analysis Center External Link, maintained by NERC, for security guidelines.


What happens if a plant becomes a critical asset? What happens if a plant is no longer a critical asset?
Per CIP Standard CIP-002, an entity may identify an asset as critical based on risk-based assessment. If an asset is reclassified as critical, the registered entity must self-report this change to Texas RE.

If an entity’s facility is removed from the critical asset list, the entity must self-report the change to Texas RE.

Find CIP Standard CIP-002 on the NERC Reliability Standards External Link page of the NERC site.

Visit the Self-Reporting page on this site for more information on submitting a self-report.


What kind of compliance reporting is expected, and when will an entity have to complete it?
Under the NERC Implementation Plan for Standards CIP-002 through CIP-009, an entity’s compliance reporting schedule is determined by which table (Tables 1-4) the entity falls under.

For information specific to your NERC registration, please refer to the NERC Implementation Plan. Go to the Reliability Standards External Link section of the NERC site. Click Critical Infrastructure Protection (CIP); under CIP-002, Critical Cyber Asset Identification, find the Implementation Plan.


How does an entity report cyber security incidents to the ES-ISAC (Electricity Sector Information Sharing and Analysis Center)?
Registered entities must register with the Critical Infrastructure Protection Information System (CIPIS) to report incidents directly to the ES-ISAC. Register at https://www.nerc.net/MyAccount/ External Link.


I need more information about NERC Alerts. How do I find out more?
Visit About NERC Alerts External Link on the NERC site.

Organizations are required to ensure that the following contacts have been identified and are receiving NERC Alerts:


  • Generation Engineering Contact
  • Physical Security Officer Contact
  • System Operator Contact
  • System Protection Contact
  • Chief Security Officer Contact
  • Cyber Security Control System Contact
  • Cyber Security Corporate IT Contact
  • Transmission Engineering Contact
  • Transmission Planning Contact

How do I update my organization’s NERC Alert contacts?
For NERC registered entities, NERC Alert contacts are set up and updated through webCDMS External Link. Texas RE recommends that your organization set up a NERC Alerts distribution list. In the portal, one contact record would be created under the name of the person responsible for maintaining the distribution list. All the NERC Alert roles are assigned to that one contact record.

Your organization’s Primary compliance Contact (PCC) can set up this contact record on webCDMS. If you do not know who the PCC is, please contact information@texasre.org External Link.

DOCUMENTS
Technical Feasibility Exception Request - Part A Form
Technical Feasibility Exception (TFE) Request Part A form for manual processing of TFEs.
(May 17, 2011 , .docx, 177 KB)

Technical Feasibility Exception Request - Part B Form
Technical Feasibility Exception (TFE) Request Part B form for manual processing of TFEs.
(Dec 22, 2010 , .docx, 164 KB)

Guidance for Completion of TFE Request Part A
Guidance for entities who wish to request a Technical Feasibility Exception (TFE), and completion of the Part A form.
(Apr 01, 2011 , .docx, 162 KB)

Guidance for Completion of TFE Request Part B
Guidance for entities who wish to request a Technical Feasibility Exception (TFE), and completion of the Part B form upon request by Texas RE.
(Apr 01, 2011 , .docx, 166 KB)

Quarterly TFE Reporting Template
This file contains the quarterly TFE reporting template. Please complete the form and certification and send to cip@texasre.org.
(Apr 05, 2011 , .xlsx, 106 KB)

Annual TFE Reporting Template
The file contains the annual TFE reporting template. Please complete the form and certification and send to cip@texasre.org by April 30 each year.
(Apr 11, 2011 , .xlsx, 111 KB)
© 2012 Texas Reliability Entity. All rights reserved.
Site Map | Terms of Use | Privacy | Contact Us