Step 1 - Non-disclosure Agreements
Note: You must be willing to sign and abide by an appropriate agreement limiting your use and disclosure of the information requested.

Please select and sign one of the listed agreements.

CRITICAL ENERGY/ ELECTRIC INFRASTRUCTURE INFORMATION GENERAL NON-DISCLOSURE AGREEMENT

1. These provisions govern the use of Critical Energy/Electric Infrastructure Information
(CEII) provided to an individual who files a request for access to CEII pursuant to 18
C.F.R. § 388.113.
2. Definitions - For purposes of these provisions:
a. The term “CEII Coordinator” refers to the Federal Energy Regulatory Commission
(Commission) official designated as the CEII Coordinator, with delegated authority
under 18 C.F.R. § 375.313 to make determinations with respect to requests for CEII
and make determinations as to whether particular information fits within the
definition of CEII.
b. The terms “non-disclosure agreement” and “NDA” mean this agreement by which
requesters certify their understanding that access to CEII is provided pursuant to
the terms and restrictions of these provisions, and that such requesters have read
the provisions and agree to be bound by them.
c. The term “Recipient” means someone who is approved to receive CEII in
accordance with the provisions of 18 C.F.R. § 388.113.
3. A Recipient may only discuss CEII with another authorized Recipient of the identical CEII.
A Recipient may check with the CEII Coordinator to determine whether another individual
is an authorized Recipient of the identical CEII.
4. If any Recipient submits information to the Commission that includes CEII obtained under
these provisions, the portions of the filing containing CEII must be submitted in accordance
with 18 C.F.R. § 388.113(d)(1).
5. A Recipient of CEII may use CEII as foundation for advice provided to others but may not
disclose CEII to another individual unless that individual is an authorized Recipient of the
identical CEII.
6. A Recipient may only use CEII for the purpose for which it was requested and must not
use CEII for an illegal or illegitimate purpose.
7. All CEII shall be maintained by the Recipient in a secure place in a manner that conforms
with industry standards, such as those specified by the National Institute of Standards and
Technology (NIST), to prevent unauthorized electronic or physical access, 1 and only made
accessible to other authorized Recipients of the identical CEII. Within 5 business days of
a request from Commission staff, the Recipient will provide details on the Recipient’s
methods of securely maintaining and safeguarding CEII.
8. Recipients may make copies of CEII, but such copies of CEII are subject to the restrictions
specified herein. Recipients may make notes concerning CEII, which shall be subject to
the restrictions herein if such notes contain CEII.
9. A Recipient must notify the Commission of any unauthorized disclosure of CEII or any
data breach or other security incident that may involve Commission provided CEII within
2 business days of the data breach or knowledge thereof, and the recipient agrees to provide
the Commission an incident management report describing Recipient’s response to the data
breach and all corrective action that has or will be taken within 5 business days.
10. CEII provided pursuant to the agreement is not subject to release under either the Freedom
of Information Act or other Sunshine Laws.
11. Recipients must return CEII to the CEII Coordinator or destroy CEII within fifteen days of
a written request by the CEII Coordinator to do so, except that CEII notes may be retained
in accordance with Paragraph 7, above. Within such time period, each Recipient, if
requested to do so, shall also submit to the CEII Coordinator an affidavit stating that, to the
best of his or her knowledge, all CEII has been returned or destroyed and that CEII notes
have either been returned, destroyed or are being maintained by Recipient in accordance
with Paragraph 7.
12. The Recipient is obligated to protect the CEII, even after designation period has lapsed,
until the CEII Coordinator determines the information should no longer be designated as
CEII under 18 C.F.R. § 388.113(e)(2), or a court of competent jurisdiction finds that the
information does not qualify as CEII.
13. The Recipient must promptly notify the Commission if any conditions, such as a change in
employment, have occurred.
14. The Commission may audit the Recipient’s compliance with this non-disclosure; agreement,
and Recipient agrees to fully cooperate with the Commission in any compliance monitoring
and auditing processes.
15. I hereby certify my understanding that access to CEII is provided to me pursuant to the
terms and restrictions of the above provisions, that I have been given a copy of and have
read the provisions, and that I agree to be bound by them. I understand that the contents of
the CEII, any notes or other memoranda, or any other derivative form of information that
copies or discloses CEII shall not be disclosed to anyone other than another person who
has been granted access to these same materials by the Commission.
16. If Recipient fails to comply with any of the provisions of this Agreement, the Commission
reserves the right to suspend Recipient’s ability to appear before the Commission pursuant
to 18 C.F.R. § 385.2102 and may require the immediate destruction or return of the
information, as well as taking any other legally available action. To that end, Recipient
acknowledge that a violation of this non-disclosure agreement may result in criminal
sanctions (including a fine of up to $25,000 per day per offense pursuant to Section 316(b)
of the Federal Power Act, 16 U.S.C. § 825o(b)), or civil sanctions under Section 316A of
the Federal Power Act, 16 U.S.C. § 825o-1.
 
 

¹ See NIST Special Publication (SP) 800-171“Protecting CUI in Nonfederal Systems and
Organizations” and 800-172 “Enhanced Security Requirements for Protecting Controlled
Unclassified Information - A Supplement to NIST Special Publication 800-171”. A summary of
NIST security requirements 3.8.1 through 3.8.9 are attached hereto as Appendix A. Compliance
measures include access control, awareness and training, audit and accountability, configuration
management, identification and authentication, incident response, maintenance, media protection,
personnel security, physical protection, risk assessment, security assessment, system and
communications protection and system and information integrity.

Appendix A

NIST Basic Security Requirements and Derived Security Requirements

Basic Security Requirements

3.8.1 Protect (i.e., physically control and securely
store) system media containing CUI, both paper and
digital.
3.8.2 Limit access to CUI on system media to
authorized users.
3.8.3 Sanitize or destroy system media containing
CUI before disposal or release for reuse.

 

Derived Security Requirements

3.8.4 Mark media with necessary CUI markings and
distribution limitations.
3.8.5 Control access to media containing CUI and
maintain accountability for media during transport
outside of controlled areas.
3.8.6 Implement cryptographic mechanisms to
protect the confidentiality of CUI stored on digital
media during transport unless otherwise protected by
alternative physical safeguards.
3.8.7 Control the use of removable media on system
components.
3.8.8 Prohibit the use of portable storage devices
when such devices have no identifiable owner.
3.8.9 Protect the confidentiality of backup CUI at
storage locations. 


 

This NDA concerns a matter within the jurisdiction of an agency of the United States.
Anyone who knowingly and willfully executes a false, fictitious, or fraudulent NDA may be
criminally prosecuted under 18 U.S.C. § 1001.

CRITICAL ENERGY/ ELECTRIC INFRASTRUCTURE INFORMATION MEDIA NON-DISCLOSURE AGREEMENT

  1. These provisions govern the use of Critical Energy / Electric Infrastructure Information (CEII) provided to a Media Requester who files a request for access to CEII pursuant to 18 C.F.R. § 388.113.
  2. Definitions – For purposes of these provisions:
    • The term "CEII Coordinator" refers to the Federal Energy Regulatory Commission (Commission) official designated as the CEII Coordinator, with delegated authority under 18 C.F.R. 375.313 to make determinations with respect to requests for CEII and make determination as to whether particular information fits within the definition of CEII.
    • The terms "non-disclosure agreement" and "NDA" mean this agreement by which requesters certify their understanding that access to CEII is provided pursuant to the terms and restrictions of these provisions, and that such requesters have read the provisions and agree to be bound by them.
    • The term "Recipient" means someone who receives CEII in accordance with the provisions of 18 C.F.R. § 388.113.
    • The term "Media Recipient" means a Recipient who is a representative of the news media as defined in 18 C.F.R. § 388.109(b)(1)(iv).
    • The term "Requester" means someone who requests access to CEII in accordance with the provisions of 18 C.F.R. § 388.113(d).
    • The term "Media Requester" means a Requester who is a representative of the news media as defined in 18 C.F.R. § 388.109(b)(1)(iv).
  3. A Media Requester shall not be permitted to inspect or gain access to CEII unless the Media Requester has first executed a Media non-disclosure agreement.
  4. A Media Recipient may only discuss CEII with another authorized Recipient of the identical CEII. A Media Recipient may check with the CEII Coordinator to determine whether another individual is an authorized Recipient of the identical CEII.
  5. Before publishing any story using CEII obtained under these provisions, a Media Recipient is strongly encouraged to consult with the Federal Energy Regulatory Commission’s General and Administrative Law legal staff to insure against inadvertent disclosure of CEII.
  6. All CEII shall be maintained by Media Recipient in a secure place in a manner that would prevent unauthorized access. Access to those materials shall be limited to Recipients of the identical material. Media Recipients may make copies of CEII, but such copies become CEII and subject to these same procedures. Media Recipients may make notes of CEII, which shall be treated as CEII notes if they contain CEII.
  7. CEII provided pursuant to the agreement is not subject to release under either the Freedom of Information Act or other Sunshine Laws.
  8. Recipients must return CEII to the CEII Coordinator or destroy CEII within fifteen days of a written request by the CEII Coordinator to do so, except that CEII notes may be retained in accordance with Paragraph 6, above. Within such time period, each Recipient, if requested to do so, shall also submit to the CEII Coordinator an affidavit stating that, to the best of his or her knowledge, all CEII has been returned or destroyed and that CEII notes have either been returned, destroyed or are being maintained by Recipient in accordance with Paragraph 6.
  9. The Media Recipient is obligated to protect the CEII, even after the designation period has lapsed, until the CEII Coordinator determines the information should no longer be designated as CEII under 18 C.F.R. § 388.113(e)(2), or a court of competent jurisdiction finds that the information does not qualify as CEII.
  10. The Commission may audit the Recipient’s compliance with this non-disclosure agreement.
  11. The Recipient is required to promptly report all unauthorized disclosures of CEII to the Commission.
  12. Violation of this non-disclosure agreement may result in criminal or civil sanctions against the Recipient.
  13. I hereby certify my understanding that access to CEII is provided to me pursuant to the terms and restrictions of the above provisions, that I have been given a copy of and have read the provisions, and that I agree to be bound by them. I understand that the contents of the CEII, any notes or other memoranda, or any other form of information that copies or discloses CEII shall not be disclosed to anyone other than another person who has been granted access to these same materials by the Commission.

CRITICAL ENERGY / ELECTRIC INFRASTRUCTURE INFORMATION FEDERAL AGENCY ACKNOWLEDGMENT AND AGREEMENT

The undersigned employee with ____________________________ [agency] has requested certain documents from the Federal Energy Regulatory Commission (Commission) that contain Critical Energy/Electric Infrastructure Information (CEII) as defined in 18 C.F.R. §388.113. To obtain access to CEII, “an agency employee must sign an acknowledgement and agreement.”

  1. Pursuant to 18 C.F.R. § 388.113(g)(2), the undersigned “will protect the CEII in the same manner as the Commission and will refer any requests for the information to the Commission.”
  2. CEII disclosed under this agreement is also subject to 44 U.S.C. § 3510(b), which provides the following:
    • (b)(1) If information obtained by an agency is released by that agency to another agency, all the provisions of law (including penalties) that relate to the unlawful disclosure of information apply to the officers and employees of the agency to which information is released to the same extent and in the same manner as the provisions apply to the officers and employees of the agency which originally obtained the information.
    • (2) The officers and employees of the agency to which the information is released, in addition, shall be subject to the same provisions of law, including penalties, relating to the unlawful disclosure of information as if the information had been collected directly by that agency.
  3. CEII is not subject to release under either the Freedom of Information Act (FOIA) or other Sunshine Laws. See Fixing America’s Surface Transportation Act, Pub. L. No. 114-94, section 61,003, 129 Stat. 1312, 1773-1779 (2015) (codified at 16 U.S.C. 824o-1). If the_______________________ [agency] receives a FOIA request, under 5 U.S.C. § 552, for CEII provided to it by the Commission, consistent with Department of Justice guidance, the request will be referred to the Commission's FOIA office for processing. The undersigned also agrees to have the __________________ [agency] consult with the CEII Coordinator and the Commission’s Associate General Counsel for General and Administrative Law or their designees prior to making any other release of related information or information generated from FERC CEII.
  4. All CEII shall be managed and maintained in a secure place in a manner that would prevent unauthorized access and is consistent with federal law. The undersigned will promptly report any unauthorized disclosures of CEII to the Commission.
  5. The undersigned is obligated to protect the CEII, even after CEII designation period has lapsed, until the CEII Coordinator determines the information should no longer be designated as CEII under 18 C.F.R. § 388.113(e)(2), or a court of competent jurisdiction finds that the information does not qualify as CEII.
  6. The undersigned agrees to either: (a) maintain a list of all agency recipients that require access to the CEII, or (b) ensure that each agency recipient that requires access to the CEII signs a separate acknowledgement and agreement, which the undersigned will maintain. The Commission may review, upon request, the list of agency recipients or any additional executed acknowledgment and agreement(s). The undersigned therefore acknowledges and agrees, as an employee of ____________________________ [agency], to the foregoing.

CRITICAL ENERGY / ELECTRIC INFRASTRUCTURE INFORMATION STATE AGENCY EMPLOYEE - NON-DISCLOSURE AGREEMENT

  1. These provisions govern the use of Critical Energy / Electric Infrastructure Information (CEII) provided to a State agency Requester who files a request for access to CEII pursuant to 18 C.F.R. § 388.113.
  2. Definitions - For purposes of these provisions:
    • The term "CEII Coordinator" refers to the Federal Energy Regulatory Commission (Commission) official designated as the CEII Coordinator, with delegated authority under 18 C.F.R. 375.313 to make determinations with respect to requests for CEII and make determination as to whether particular information fits within the definition of CEII.
    • The terms "Non-Disclosure Agreement" and "NDA" mean this agreement by which requesters certify their understanding that access to CEII is provided pursuant to the terms and restrictions of these provisions, and that such requesters have read the provisions and agree to be bound by them.
    • The term "Recipient" means someone who receives CEII in accordance with the provisions of 18 C.F.R. § 388.113.
    • The term "State agency Requester" means someone who requests access to CEII as an employee of a State agency in accordance with the provisions of 18 C.F.R. § 388.113(d).
  3. A State agency Requester shall not be permitted to inspect or gain access to CEII unless the State agency Requester has first executed a State agency Non- Disclosure Agreement.
  4. Any information provided under this agreement is on loan to the State agency, and must be returned to the Federal Energy Regulatory Commission upon request. CEII provided pursuant to the agreement is not subject to release under either the Freedom of Information Act or other Sunshine Laws.
  5. The State agency Requester agrees to notify the Federal Energy Regulatory Commission’s Associate General Counsel for General and Administrative Law immediately upon State agency receipt of a request for the information provided under this agreement.
  6. This information will be returned to the Federal Energy Regulatory Commission prior to the State agency Requester leaving the employment of the State agency.
  7. A Recipient may only discuss CEII with another authorized Recipient of the identical CEII. A Recipient may check with the CEII Coordinator to determine whether another individual is an authorized Recipient of the identical CEII.
  8. If a Recipient submits information to the Commission that includes CEII obtained under these provisions, the portions of the filing containing CEII must be submitted in accordance with 18 C.F.R. § 388.113(d)(1).
  9. All CEII shall be maintained by Recipient in a secure place in a manner that would prevent unauthorized access. Access to those materials shall be limited to other authorized Recipients of the identical material. Recipients may make copies of CEII, but such copies become CEII and subject to these same restrictions. Recipients may make notes of CEII, which shall be treated as CEII if they contain CEII.
  10. Recipients must return CEII to the CEII Coordinator or destroy CEII within fifteen days of a written request by the CEII Coordinator to do so. Within such time period, each Recipient, if requested to do so, shall also submit to the CEII Coordinator an affidavit stating that, to the best of its knowledge, all CEII has been returned or destroyed and that CEII notes have either been returned, or destroyed.
  11. The Recipient is obligated to protect the CEII, even after the designation period has lapsed, until the CEII Coordinator determines that information should no longer be designated as CEII under 18 C.F.R. 388.113(e)(2), or a court of competent jurisdiction finds that the information does not qualify as CEII.
  12. The Recipient is required to promptly report all unauthorized disclosures of CEII to the Commission.
  13. The Commission may audit the Recipient’s compliance with this non-disclosure agreement.
  14. Violation of this non-disclosure agreement may result in criminal or civil sanctions against the Recipient.
  15. I hereby certify my understanding that access to CEII is provided to me pursuant to the terms and restrictions of the attached CEII Consultant Provisions, that I have been given a copy of and have read the above provisions, and that I agree to be bound by them. I understand that the contents of the CEII, any notes or other memoranda, or any other form of information that copies or discloses CEII shall not be disclosed to my clients, co-workers, or anyone other than another person who has been granted access to these same materials by the Commission. I acknowledge that a violation of this agreement may result in criminal or civil sanctions, including suspension of my ability to appear before the Commission pursuant to 18 C.F.R. § 385.2102.

CRITICAL ENERGY / ELECTRIC INFRASTRUCTURE INFORMATION CONSULTANT NON-DISCLOSURE AGREEMENT

  1. These provided to a Consultant who files a request for access to Critical Energy / Electric Infrastructure Information (CEII) pursuant to 18 C.F.R. § 388.113.
  2. Definitions - For purposes of these provisions:
    • The term "CEII Coordinator" refers to the Federal Energy Regulatory Commission (Commission) official designated as the CEII Coordinator, with delegated authority under 18 C.F.R. § 375.313 to make determinations with respect to requests for CEII and make determination as to whether particular information fits within the definition of CEII.
    • The terms "non-disclosure agreement" and "NDA" mean this agreement by which requesters certify their understanding that access to CEII is provided pursuant to the terms and restrictions of these provisions, and that such requesters have read the provisions and agree to be bound by them.
    • The term "Recipient" means someone who is approved to receive CEII in accordance with the provisions of 18 C.F.R. § 388.113.
    • The term "Consultant" means one who is hired to provide advice to another.
    • The term "Client" means one who hires a Consultant for advice.
  3. A Consultant shall not be permitted to inspect or gain access to CEII unless the Consultant has been approved as a Recipient, and has executed a consultant non-disclosure agreement.
  4. A Recipient may only discuss CEII with another authorized Recipient of the identical CEII. A Recipient may check with the CEII Coordinator to determine whether another individual is an authorized Recipient of the identical CEII.
  5. If any Recipient submits information to the Commission that includes CEII obtained under these provisions, portions of the filing containing CEII must be submitted in accordance with 18 C.F.R. § 388.112(b).
  6. A Consultant who is a Recipient of CEII may use CEII as foundation for advice provided to his or her Clients, but may not disclose CEII to a Client unless the Client is an approved Recipient of the same CEII.
  7. A Consultant may only use CEII for the purpose for which it was requested and must not use CEII to provide advice to a client for an illegal or illegitimate purpose.
  8. All CEII shall be maintained by the Recipient in a secure place in a manner that would prevent unauthorized access. Access to those materials shall be limited to other authorized Recipients of the identical material. Recipients may make copies of CEII, but such copies become CEII and subject to these same restrictions. Recipients may make notes of CEII, which shall be treated as CEII, if they contain CEII.
  9. CEII provided pursuant to the agreement is not subject to release under either the Freedom of Information Act or other Sunshine Laws.
  10. Recipients must return CEII to the CEII Coordinator or destroy CEII within fifteen days of a written request by the CEII Coordinator to do so, except that CEII notes may be retained in accordance with Paragraph 8, above. Within such time period, each Recipient, if requested to do so, shall also submit to the CEII Coordinator an affidavit stating that, to the best of his or her knowledge, all CEII has been returned or destroyed and that CEII notes have either been returned, destroyed or are being maintained by Recipient in accordance with Paragraph 8.
  11. The Recipient is obligated to protect the CEII, even after the designation period has lapsed, until the CEII Coordinator determines that information should no longer be designated as CEII under 18 C.F.R. 388.113(e)(2), or a court of competent jurisdiction finds that the information does not qualify as CEII.
  12. The Commission may audit the Recipient's compliance with the non-disclosure agreement.
  13. The Recipient is required to promptly report all unauthorized disclosures of CEII to the Commission.
  14. Violation of the non-disclosure agreement may result in criminal or civil sanctions against the Recipient.
  15. I hereby certify my understanding that access to CEII is provided to me pursuant to the terms and restrictions of the attached CEII Consultant Provisions, that I have been given a copy of and have read the above provisions, and that I agree to be bound by them. I understand that the contents of the CEII, any notes or other memoranda, or any other form of information that copies or discloses CEII shall not be disclosed to my clients, co-workers, or anyone other than another person who has been granted access to these same materials by the Commission. I acknowledge that a violation of this agreement may result in criminal or civil sanctions, including suspension of my ability to appear before the Commission pursuant to 18 C.F.R. § 385.2102.
Note: Typed characters constitute a signature pursuant to 18 CFR 385.2005(c)
3 + 5 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.