NERC Supply Chain Requirements deadline Delay Confirmed
5 Facts you need to know
1. Due to the impact of the COVID-19 coronavirus outbreak, as of April 17, FERC has accepted a request from NERC for a three-month delay of the implementation of the seven reliability standards.
2. NERC CIP-005-6, CIP-010-3 and CIP-013-1 are all included in this decision to delay.
3. The deadline for implementation of NERC CIP-005-6, CIP-013-1 and CIP-010-3 was originally July 1, 2020.
4. The deadline for compliance with these regulations has been moved back three months to October 1, 2020.
5. With the extra time to prepare, Fortress is inviting companies to join our exclusive Asset to Vendor Network (A2V) to help you reduce costs and ease the burdn of compliance with NERC CIP-010-3 and CIP-013-1.
Fortress Asset to Vendor Network offers a turn-key solution.
- Standardized vendor and product assessments to lower costs and comply with NERC CIP-013-1
- File Integrity Assurance in compliance with CIP-010-3
- Modular platform orchestration Platform to manage remediation and workflows.
Set Up a 15 Minute Consultation to Discuss Your Approach
New NERC CIP Standards
CIP-013-1 supply chain security
CIP-013 requires that you have a plan in place to assess the risk presented by vendors and products that have access to medium- and high-risk BES assets.
- Sort vendor populations to identify high risk vendors
- Conduct vendor and product cybersecurity controls assessments
- Remediate findings from vendor and product assessments.
CIP-010-3 File Integrity validation
New CIP-010 requirements mandate that you verify the source authenticity and file integrity of software assets installed in medium- and high-impact BES systems.
- Verify the identity of the software source
- Verify the integrity of the software
Introducing the Asset to Vendor Network (A2V)
A mutual assistance platform for third party and asset risk management teams
Asset to Vendor Network is a mutual assistance platform for utilities who share the cost of vendor risk assessments and cyber asset vulnerability patches and solutions to reduce duplication and meet compliance requirements. Visit the Asset to Vendor website to learn more.
» Records are created once, shared with many
» Automatic risk ranking & prioritization
» Continuous operational monitoring
» Less burdensome for vendors
Asset to Vendor Network for Utilities
Security, Not Just Compliance
For a detailed explanation of the rationale and strategy of the Asset to Vendor Network for Utilities, visit the website
Request a Demo
Request to speak to a solution specialist or schedule a demonstration.
A2V Connects Assets and Vendors in a Holistic Approach
in Compliance with NERC CIP-013-1 and CIP-010-3.
NERC CIP Supply Chain Security Standards
This webinar event originally broadcast live on May 29, 2019.
In this webinar, we will discuss the new requirements from NERC CIP-013-1, Cyber Security Supply Chain Risk Management. Join us as we address requirements from the Standard that address security objectives, including: (1) software integrity and authenticity, (2) vendor remote access, (3) information system planning and (4) vendor risk management and procurement controls. We will also discuss a practical approach toward achieving compliance, as well as a data-driven approach toward vendor management that will prove useful.
Specific topics covered will include:
- Considerations in implementing a comprehensive cyber security solution
- How to identify threats, risks and gaps in control from internal and third parties and the proposed CIP-013-1 Reliability Standard
- Best practices in cyber security incident handling and response management
- CIOs, Plant Managers, IT, Operations & Supply Chain managers from:
- Utility and Independent Power Producers
- Project Developers
- Original Equipment Manufacturer (OEM)
- Refineries & Petrochemical plants
- A&E & EPC Firms
Steve Earley | Vice President, Third Party Risk Operations, Fortress Information Security
- Steve leads the supply chain risk consulting business for Fortress, working with clients in several critical infrastructure industries, including the Power industry.
Jeffrey Sweet | Manager, Cyber Security Testing and Assessments, American Electric Power
- Jeffrey is a proven leader in the Cyber Security field, and also served as an observer on the committee to draft the CIP-013-1 standard