Skip to main content
An official website of the United States government
The .gov means it's official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Search:
Agenda
Reg Review
ICR
This script is used to control the display of information in this page.
Display additional information by clicking on the following:
All
Brief and OIRA conclusion
Abstract/Justification
Legal Statutes
Rulemaking
FR Notices/Comments
IC List
Burden
Misc.
Common Form Info.
Certification
View Information Collection (IC) List
View Supporting Statement and Other Documents
Please note that the OMB number and expiration date may not have been determined when this Information Collection Request and associated Information Collection forms were submitted to OMB. The approved OMB number and expiration date may be found by clicking on the Notice of Action link below.
View ICR - OIRA Conclusion
OMB Control No:
1902-0248
ICR Reference No:
202012-1902-001
Status:
Historical Inactive
Previous ICR Reference No:
202002-1902-002
Agency/Subagency:
FERC
Agency Tracking No:
FERC-725B
Title:
FERC-725B, (Proposed Rule in RM21-3) Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards)
Type of Information Collection:
Revision of a currently approved collection
Common Form ICR:
No
Type of Review Request:
Regular
OIRA Conclusion Action:
Comment filed on proposed rule and continue
Conclusion Date:
04/16/2021
Retrieve Notice of Action (NOA)
Date Received in OIRA:
02/17/2021
Terms of Clearance:
In accordance with 5 CFR 1320, OMB is filing comment and withholding approval at this time. The agency shall examine public comment in response to the proposed rulemaking and will include in the supporting statement of the next ICR—which is to be submitted to OMB at the final rule stage—a description of how the agency has responded to any public comments on the ICR, including comments on maximizing the practical utility of the collection and minimizing the burden.
Inventory as of this Action
Requested
Previously Approved
Expiration Date
12/31/2021
36 Months From Approved
05/31/2022
Responses
224,800
0
224,800
Time Burden (Hours)
2,119,709
0
2,119,709
Cost Burden (Dollars)
0
0
0
Abstract:
NOPR 21-3 is set out to ensure that a public utility receiving incentive rate treatment has implemented the requirements for the incentive and to ensure that it continues to adhere to these requirements, we propose to add § 35.48(f) to the Commission’s regulations to require public utilities to submit annual informational filings with the Commission. We propose specific reporting requirements for each of the NERC CIP Incentives Approach and the NIST Framework Approach The Transmission Incentives NOPR proposes additional reporting requirements for recipients of transmission incentives under FPA section 219. Such additional reporting is likewise appropriate for cybersecurity upgrades receiving incentives. Accordingly, we propose to add § 35.48(f) to require that, within 120 days of the completion of cybersecurity upgrades for which an applicant is granted incentives, an incentives recipient must make an informational filing and subsequent informational filings annually thereafter. The annual informational filings must detail the specific investments that were made pursuant to the Commission’s approval and the corresponding FERC account(s) used. In addition, the annual informational filings must describe what parts of its network were upgraded or expanded (i.e., which substations, control centers, automated and continuous monitoring equipment) in addition to the nature (i.e., describing hardware purchase) and actual cost of the various capital investments. For incentives where the Commission allows deferral of expenses as regulatory assets, annual informational filings should describe such expenses in sufficient detail to demonstrate that such expenses are specifically related to implementing the cybersecurity incentives described in this NOPR and not for ongoing costs including system maintenance, surveillance, and other labor costs, either in the form of employee salaries or third-party service contracts.We preliminarily find that the proposed reporting requirements are necessary to provide the Commission with an understanding of the costs of various types of cybersecurity investments in order to more precisely target future incentives or other policies. However, based on the qualities of such investments, as well as the likely higher sensitivity of the information, we propose to require different reporting requirements under this proposal than those proposed under the Transmission Incentives NOPR. Several aspects of cybersecurity necessitate reporting different information that the Commission has required for conventional transmission facilities receiving incentives pursuant to FPA section 219. First, cybersecurity investments are not observable. Unlike conventional transmission facilities, such as a new transmission line, it is not readily apparent if, and when, such investments are completed and serving customers. Therefore, it is important to confirm the completion of cybersecurity investments by establishing additional reporting requirements. Second, certain cybersecurity investments may require public utilities to undertake subsequent actions or make expenditures to maintain the status for which they receive incentives. Annual reports enable public utilities to demonstrate that they have undertaken such actions or expenditures.Finally, we propose that both the initial and annual informational filings provide a summary of the costs incurred to achieve the higher level of security, including supporting documentation that provides a narrative explanation of the nature of the expenses proposed for deferred cost recovery, and inclusion in rate base as a regulatory asset, including the specific accounts (under the Commission’s Uniform System of Accounts) initially charged for the incurred expenses.
Authorizing Statute(s):
PL:
Pub.L. 109 - 58 1211, Title XII, Subtitle A
Name of Law: Energy Policy Act of 2005
US Code:
16 USC 824o
Name of Law: Federal Power Act
Citations for New Statutory Requirements:
None
Associated Rulemaking Information
RIN:
Stage of Rulemaking:
Federal Register Citation:
Date:
1902-AF76
Proposed rulemaking
86 FR 8309
02/05/2021
Federal Register Notices & Comments
Did the Agency receive public comments on this ICR?
No
Number of Information Collection (IC) in this ICR:
5
IC Title
Form No.
Form Name
CIP Incentives (NOPR RM21-3-000)
FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection
RM17-11-000 Final Rule (Reliability Standard CIP-003-7) (one-time averaged Years 1-3)
RM17-11-000 Final Rule (Reliability Standard CIP-003-7) (ongoing)
RM17-13-000 Final Rule (Reliability Standard CIP-013-1 R1) (one-time averaged over Years 1-3)
RM17-13-000 Final Rule (Reliability Standard CIP-013-1 R1-R4) (one-time averaged over Years 1-3)
RM17-13-000 Final Rule (Reliability Standard CIP-013-1 R2) (ongoing)
RM18-20, CIP-012-1 (one-time & ongoing averaged over Yrs. 1-3)
Burden increases because of Program Change due to Agency Discretion:
Yes
Burden Increase Due to:
Changing Regulations
Burden decreases because of Program Change due to Agency Discretion:
Yes
Burden Reduction Due to:
Miscellaneous Actions
Short Statement:
Program Changes Due to Agency Discretion: • The Burden was reduced to reflect the removal of one-time burden associated with RM 17-11 and RM17-13 (removal of 925 responses and 76,683 hours). Those one-time filings have been completed. • The NOPR in Docket No. RM21-3 would increase the number of responses by 20 and burden by 1,600 hours. The net changes are -905 responses and -75,083 hours.
Annual Cost to Federal Government:
$6,475
Does this IC contain surveys, censuses, or employ statistical methods?
No
Does this ICR request any personally identifiable information (see
OMB Circular No. A-130
for an explanation of this term)? Please consult with your agency's privacy program when making this determination.
No
Does this ICR include a form that requires a Privacy Act Statement (see
5 U.S.C. §552a(e)(3)
)? Please consult with your agency's privacy program when making this determination.
No
Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]?
No
Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]?
No
Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)?
No
Is this ICR related to the Pandemic Response?
No
Agency Contact:
Kayla Williams 410 786-5887 kayla.williams@cms.hhs.gov
Common Form ICR:
No
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
(a) It is necessary for the proper performance of agency functions;
(b) It avoids unnecessary duplication;
(c) It reduces burden on small entities;
(d) It uses plain, coherent, and unambiguous language that is understandable to respondents;
(e) Its implementation will be consistent and compatible with current reporting and recordkeeping practices;
(f) It indicates the retention periods for recordkeeping requirements;
(g) It informs respondents of the information called for under 5 CFR 1320.8 (b)(3) about:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control number;
(h) It was developed by an office that has planned and allocated resources for the efficient and effective management and use of the information to be collected.
(i) It uses effective and efficient statistical survey methodology (if applicable); and
(j) It makes appropriate use of information technology.
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
Certification Date:
02/17/2021