The Federal Energy Regulatory Commission (FERC) has approved a new cybersecurity standard proposed by the North American Electric Reliability Corporation (NERC) to address supply chain risks in the nation's bulk electric system (BES). The standard, called Reliability Standard CIP-003-9, focuses on "low-impact" assets within the BES and requires responsible entities to include vendor electronic remote access security controls in their cybersecurity policies. It also mandates methods for determining and disabling vendor electronic remote access and detecting malicious communications. This new standard expands on the previous standard, which only covered high- and medium-impact assets.

While access management is already part of GridSecurity’s standard full scope offering, those entities that elect GridSecurity’s lowest tier of managed services (i.e. CIP low-impact compliance mgmt. only), will have additional requirements and revenue to those sites.

View the article here: FERC Approves New Cybersecurity Standards for Low Impact Electric Assets