NERC CIP Supply Chain Risk Management

CIP-013 was created to mitigate cyber security risks to the reliable operation of the Bulk Electric System (BES) by implementing security controls for supply chain risk management of BES Cyber Systems.

N&ST will work with the responsible entity’s supply chain subject matter experts through interviews to review the existing components and phases of their current supply chain processes.  These processes could include:

  • Defined requirements,
  • Request for proposal,
  • Bid evaluation,
  • External vendor assessment tools and data,
  • Third party certifications, and
  • Audit reports.

Through the development of CIP-013, several related requirements were changed which would require an assessment of additional current processes for Interactive Remote Access and for patching/upgrading software.

Based on the information gathered, N&ST can propose what effort would be required to develop a CIP-013 Supply Chain Cyber Security Risk Management Plan.