The NERC CIP-013 standard focuses on mitigating cybersecurity risks in the Bulk Electric System (BES) by enforcing supply chain risk management controls for BES Cyber Systems. It requires utilities to establish, implement, and periodically review supply chain risk management plans, emphasizing communication and coordination with vendors and technical verification of software integrity. Enforcement began in 2020, applying to high- and medium-impact systems. Fortra’s Tripwire supports compliance through automated hash verification, file monitoring, and consulting expertise, helping utilities strengthen IT/OT security and maintain reliable power operations.

Join for free to read