News Release

FERC Acts to Improve Reliability by Closing Supply Chain Cyber Risk Management Gaps _ Federal Energy Regulatory Commission.pdf

FERC-725B, RM24-7 Final Rule, Mandatory Reliability Standards for Critical Infrastructure Protection (CIP)

News Release

OMB: 1902-0248

Document [pdf]
Download: pdf | pdf
NEWS RELEASES

FERC Acts to Improve Reliability by
Closing Supply Chain Cyber Risk
Management Gaps
September 19, 2024

Item E-1 & E-2 | Docket Nos. Dockets: RM24-4; RM24-7
FERC today proposed to require new or modified critical infrastructure (CIP) standards to
address the growing risks posed by malicious actors seeking to compromise the reliable
operation of the bulk-power system. 
The proposal would direct the North American Electric Reliability Corporation (NERC) to
require entities to identify their current supply chain risks to their grid-related cybersecurity
systems at specified intervals; assess and take steps to validate the accuracy of the information
received from vendors during the procurement process; and document, track and respond to
these risks to their systems.  The Commission also would direct NERC to extend the
applicability of the supply chain standards to include a category of products known as
protected cyber assets, or “PCAs.”
NERC would submit responsive new or revised standards within 12 months of the effective
date of a final rule.
Also today, FERC proposed to approve a CIP reliability standard that requires internal network
security monitoring inside an entity’s electronic security perimeter, which NERC had submitted
to comply with FERC Order No. 887. That rule, approved in January 2023, directed NERC to
develop CIP reliability standards requiring internal network security monitoring to provide
greater defense-in-depth for entities’ CIP-networked environments.
FERC also is proposing to direct NERC to develop modifications to the internal network
security monitoring standard to extend those protections outside of the electronic security
perimeter to electronic access control or monitoring systems and physical access control
systems. NERC would submit a responsive revised reliability standard within 12 months of the
effective date of a final rule.
These two orders show FERC’s continued core focus on reliability, and build upon recent
actions taken by the Commission over the past two years.
R24-17

 

Contact Information
News Media
Email: MediaDL@ferc.gov

This page was last updated on December 19, 2024
File Typeapplication/pdf
File TitleFERC Acts to Improve Reliability by Closing Supply Chain Cyber Risk Management Gaps | Federal Energy Regulatory Commission
File Modified2025-07-03
File Created2025-07-03
© 2025 OMB.report | Privacy Policy