On October 18, 2018, FERC issued a final rule approving NERC CIP Standards on supply chain risk management for high and medium impact BES Cyber Systems. This includes new CIP-013-1 requiring applicable entities to develop and implement a supply chain cyber security risk management plan, and new security controls under CIP-005-6 and CIP-010-3. The implementation period set by FERC is 18 months due to the time needed to implement a plan and controls under the new requirements.
GridSME has prepared a short summary of the final rule and these new requirements, which you can read here. GridSME can help you understand the new standards and develop a roadmap to meet the upcoming compliance requirements.