NERC Supply Chain Requirements deadline Delay Confirmed

5 Facts you need to know

1. Due to the impact of the COVID-19 coronavirus outbreak, as of April 17, FERC has accepted a request from NERC for a three-month delay of the implementation of the seven reliability standards.

2. NERC CIP-005-6, CIP-010-3 and CIP-013-1 are all included in this decision to delay.

3. The deadline for implementation of NERC CIP-005-6, CIP-013-1 and CIP-010-3 was originally July 1, 2020.

4. The deadline for compliance with these regulations has been moved back three months to October 1, 2020. 

5. With the extra time to prepare, Fortress is inviting companies to join our exclusive Asset to Vendor Network (A2V) to help you reduce costs and ease the burdn of compliance with NERC CIP-010-3 and CIP-013-1.

Fortress Asset to Vendor Network offers a turn-key solution.

  • Standardized vendor and product assessments to lower costs and comply with NERC CIP-013-1
  • File Integrity Assurance in compliance with CIP-010-3
  • Modular platform orchestration Platform to manage remediation and workflows.

Set Up a 15 Minute Consultation to Discuss Your Approach


New NERC CIP Standards

CIP-013-1 supply chain security

CIP-013 requires that you have a plan in place to assess the risk presented by vendors and products that have access to medium- and high-risk BES assets.

  • Sort vendor populations to identify high risk vendors
  • Conduct vendor and product cybersecurity controls assessments
  • Remediate findings from vendor and product assessments.

CIP-010-3 File Integrity validation

New CIP-010 requirements mandate that you verify the source authenticity and file integrity of software assets installed in medium- and high-impact BES systems. 

  • Verify the identity of the software source
  • Verify the integrity of the software

Introducing the Asset to Vendor Network (A2V)
A mutual assistance platform for third party and asset risk management teams

Asset to Vendor Network is a mutual assistance platform for utilities who share the cost of vendor risk assessments and cyber asset vulnerability patches and solutions to reduce duplication and meet compliance requirements. Visit the Asset to Vendor website to learn more.

» Records are created once, shared with many
» Automatic risk ranking & prioritization
» Continuous operational monitoring
» Less burdensome for vendors

NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 1

Asset to Vendor Network for Utilities

Security, Not Just Compliance

For a detailed explanation of the rationale and strategy of the Asset to Vendor Network for Utilities, visit the website

 

Request a Demo

Request to speak to a solution specialist or schedule a demonstration.


A2V Connects Assets and Vendors in a Holistic Approach
in Compliance with NERC CIP-013-1 and CIP-010-3.

NERC CIP Supply Chain Security Standards

 This webinar event originally broadcast live on May 29, 2019.

Summary

In this webinar, we will discuss the new requirements from NERC CIP-013-1, Cyber Security Supply Chain Risk Management. Join us as we address requirements from the Standard that address security objectives, including: (1) software integrity and authenticity, (2) vendor remote access, (3) information system planning and (4) vendor risk management and procurement controls. We will also discuss a practical approach toward achieving compliance, as well as a data-driven approach toward vendor management that will prove useful.

 

Specific topics covered will include:

  • Considerations in implementing a comprehensive cyber security solution
  • How to identify threats, risks and gaps in control from internal and third parties and the proposed CIP-013-1 Reliability Standard
  • Best practices in cyber security incident handling and response management

Target AUDIENCE 

  • CIOs, Plant Managers, IT, Operations & Supply Chain managers from:
    • Utility and Independent Power Producers 
    • Project Developers
    • Original Equipment Manufacturer (OEM)
    • Refineries & Petrochemical plants
    • A&E & EPC Firms

PRESENTERs

Steve Earley | Vice President, Third Party Risk Operations, Fortress Information Security

  • Steve leads the supply chain risk consulting business for Fortress, working with clients in several critical infrastructure industries, including the Power industry.

Jeffrey Sweet | Manager, Cyber Security Testing and Assessments, American Electric Power

  • Jeffrey is a proven leader in the Cyber Security field, and also served as an observer on the committee to draft the CIP-013-1 standard

 

NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 4

Webinar Document

NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 5

NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 6 NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 7 NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 8

189 S. Orange Avenue, Ste 1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2020. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

DOWNLOAD THE FULL

THREAT INTELLIGENCE REPORT

ORACLE LINUX 7 REPOSITORIES INFECTED WITH “HTML.EXPLOIT.C99-24” EXPLOIT

DOWNLOAD THE FULL

THREAT INTELLIGENCE REPORT

ZOOM VIDEO CONFERENCING AND COMMUNICATIONS

THREAT INTELLIGENCE REPORT

Windows CryptoAPI Vulnerability

White Paper

Asset to Vendor Network for Power Utilities

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

No, thanks!

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS