NERC Supply Chain Requirements deadline Delay Confirmed

5 Facts you need to know

1. Due to the impact of the COVID-19 coronavirus outbreak, as of April 17, FERC has accepted a request from NERC for a three-month delay of the implementation of the seven reliability standards.

2. NERC CIP-005-6, CIP-010-3 and CIP-013-1 are all included in this decision to delay.

3. The deadline for implementation of NERC CIP-005-6, CIP-013-1 and CIP-010-3 was originally July 1, 2020.

4. The deadline for compliance with these regulations has been moved back three months to October 1, 2020. 

5. With the extra time to prepare, Fortress is inviting companies to join our exclusive Asset to Vendor Network (A2V) to help you reduce costs and ease the burden of compliance with NERC CIP-010-3 and CIP-013-1.

Fortress Asset to Vendor Network offers a turn-key solution.

  • Standardized vendor and product assessments to lower costs and comply with NERC CIP-013-1
  • File Integrity Assurance in compliance with CIP-010-3
  • Modular platform orchestration Platform to manage remediation and workflows.

Set Up a 15 Minute Consultation to Discuss Your Approach

New NERC CIP Standards

CIP-013-1 supply chain security

CIP-013 requires that you have a plan in place to assess the risk presented by vendors and products that have access to medium- and high-risk BES assets.

  • Sort vendor populations to identify high risk vendors
  • Conduct vendor and product cybersecurity controls assessments
  • Remediate findings from vendor and product assessments.

CIP-010-3 File Integrity validation

New CIP-010 requirements mandate that you verify the source authenticity and file integrity of software assets installed in medium- and high-impact BES systems. 

  • Verify the identity of the software source
  • Verify the integrity of the software

Introducing the Asset to Vendor Network (A2V)
A mutual assistance platform for third party and asset risk management teams

Asset to Vendor Network is a mutual assistance platform for utilities who share the cost of vendor risk assessments and cyber asset vulnerability patches and solutions to reduce duplication and meet compliance requirements. Visit the Asset to Vendor website to learn more.

» Records are created once, shared with many
» Automatic risk ranking & prioritization
» Continuous operational monitoring
» Less burdensome for vendors

NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 1

Asset to Vendor Network for Utilities

Security, Not Just Compliance

For a detailed explanation of the rationale and strategy of the Asset to Vendor Network for Utilities, visit the website


Request a Demo

Request to speak to a solution specialist or schedule a demonstration.

A2V Connects Assets and Vendors in a Holistic Approach
in Compliance with NERC CIP-013-1 and CIP-010-3.

NERC CIP Supply Chain Security Standards

 This webinar event originally broadcast live on May 29, 2019.


In this webinar, we will discuss the new requirements from NERC CIP-013-1, Cyber Security Supply Chain Risk Management. Join us as we address requirements from the Standard that address security objectives, including: (1) software integrity and authenticity, (2) vendor remote access, (3) information system planning and (4) vendor risk management and procurement controls. We will also discuss a practical approach toward achieving compliance, as well as a data-driven approach toward vendor management that will prove useful.


Specific topics covered will include:

  • Considerations in implementing a comprehensive cyber security solution
  • How to identify threats, risks and gaps in control from internal and third parties and the proposed CIP-013-1 Reliability Standard
  • Best practices in cyber security incident handling and response management


  • CIOs, Plant Managers, IT, Operations & Supply Chain managers from:
    • Utility and Independent Power Producers 
    • Project Developers
    • Original Equipment Manufacturer (OEM)
    • Refineries & Petrochemical plants
    • A&E & EPC Firms


Steve Earley | Vice President, Third Party Risk Operations, Fortress Information Security

  • Steve leads the supply chain risk consulting business for Fortress, working with clients in several critical infrastructure industries, including the Power industry.

Jeffrey Sweet | Manager, Cyber Security Testing and Assessments, American Electric Power

  • Jeffrey is a proven leader in the Cyber Security field, and also served as an observer on the committee to draft the CIP-013-1 standard


NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 4

Webinar Document

NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 5

NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 6 NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 7 NERC CIP-013 Deadline Delay: 5 Facts You Need to Know 8

189 S. Orange Avenue, Ste 1950, Orlando, FL 32801
(407) 573.6800


Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

No, thanks!