ADDITIONAL INFORMATION WILL BE POSTED AS IT BECOMES AVAILABLE
May 14, 2020 - Cyber Security Supply Chain Risks Webinar
NERC's Supply Chain Risk Mitigation Program webpage offers a summary of resolutions and actions to assist in the implementation and evaluation of the Supply Chain Standards, and a list of resources covering background, Compliance, discussions, implementation guides and webinars.
NERC’s Supply Chain Working Group (SCWG) offers a list of guidelines and resources.
American Public Power Association and National Rural Electric Cooperative Association
APPA and NRECA offer a summary of best practices that are currently in use by one or more of their members that have only low-impact BES Cyber Systems.
American Public Power Association, the Large Public Power Council, and the Transmission Access Policy Study Group
These groups collaborated on a guide that provides guidance for how to design, develop, implement, manage, or mature cyber supply chain security and risk management programs.
Department of Energy
Department of Energy Office of the Chief Information Officer (OCIO) Supply Chain Risk Management (SCRM) Resource Center developed and assembled these documents to introduce DOE employees to the basic terms and concepts of the technology supply chain and associated threats.
Department of Homeland Security
DHS offers links to fact sheets and other resources regarding Supply Chain.
- Information & Communications Technology (ICT) Supply Chain Risk Management
- CISA Supply Chain Risk Management Essentials
- ICT Supply Chain Risk Management Fact Sheet
Edison Electric Institute
The model procurement contract language in this document provides registered entities a consistent set of provisions to address CIP-013-1 security controls within their own respective contractual forms.
Electric Power Research Institute
This technical report describes the lessons learned and recommendations from a series of cyber security procurement pilot applications involving nuclear utilities and a controls vendor that were part of Phase 4 of a multi-phase project to develop an effective cyber security procurement methodology.
Federal Emergency Management Agency
This FEMA document provides recommendations on how to analyze supply chains to enhance supply chain resilience, and identifies how the results of the supply chain resilience process can inform logistics planning.
National Institute of Standards and Technology
This document provides guidance on identifying, assessing, selecting, and implementing risk management processes and mitigating controls throughout organizations to help manage ICT supply chain risks.
North American Generator Forum
This white paper identifies examples for generation entities to consider when developing and implementing a risk-based cyber security supply chain risk management plan.
- North American Transmission Forum
Provides information on the collaborative work conducted by NATF subject-matter experts, industry organizations (including trade and forums), key suppliers, and third-party assessors on this important topic.