supply chain risk management - texasre.org chain risk... · supply chain risk management plan(s)...
TRANSCRIPT
![Page 1: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/1.jpg)
Kenath Carver — Manager, CIP Compliance Monitoring
Supply Chain Risk Management
Effective July 1, 2020
Meeting Title
Date
![Page 2: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/2.jpg)
2
SUPPLY CHAIN RISK MANAGEMENT
PLAN(S)
CIP-013-1
Spring Standards and Compliance Workshop
April 25, 2019
![Page 3: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/3.jpg)
3
CIP-013-1 Applicability
Spring Standards and Compliance Workshop
April 25, 2019
BES Cyber Systems
High Medium
Contracts
No renegotiation or abrogation
Beyond the scope of R2
Actual terms and conditions
Vendor performance
and adherence
![Page 4: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/4.jpg)
4
CIP-013-1 R1 Discussion
Spring Standards and Compliance Workshop
April 25, 2019
NERC Supply Chain Report
EACMS
Excluding monitoring and logging
PACS
Excluding alarming and
logging
PCA
No modification
needed
Low impact BES Cyber Systems
Voluntary
![Page 5: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/5.jpg)
5
CIP-013-1 R1 1.1
Spring Standards and Compliance Workshop
April 25, 2019
Identify and Assess Cyber Security Risk(s)
Planning Procurement of BES Cyber Systems
Vendor products or services
• (i) Procuring and installing vendor equipment and software
• (ii)Transitions from one vendor(s) to another vendor(s)
![Page 6: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/6.jpg)
6
CIP-013-1 R1 1.1 Discussion
Spring Standards and Compliance Workshop
April 25, 2019
Existing Inventory
Restocking Inventory
Emergency Purchases
Upgrades
• Software
• Hardware
![Page 7: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/7.jpg)
7
CIP-013-1 R1 1.1 Audit Approach
Does the Entity Have Process(es)?
Does the Process(es) Address How the Entity Will Identify and Assess Cyber Security Risk(s)?
• Framework
Does the Process(es) Address How the Entity Will Mitigate These Risks when Planning for BES Cyber Systems?
Spring Standards and Compliance Workshop
April 25, 2019
![Page 8: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/8.jpg)
8
CIP-013-1 R1 1.1 and R2 Audit Approach
Is the Entity Planning to Procure BES Cyber Systems?
What Cyber Security Risk(s) Were Identified and Assessed?
Were the Cyber Security Risk(s) Mitigated?
Is the Entity Monitoring Cyber Security Risk(s)?
Contracts
Spring Standards and Compliance Workshop
April 25, 2019
![Page 9: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/9.jpg)
9
CIP-013-1 R1 1.1 and R2 Audit Approach
Is There a Project Plan and/or Change Request?
• Detailed description
• Equipment
• Software
• Vendor(s) transitions
• Essential dates
• Start
• End
Sample Sets
Spring Standards and Compliance Workshop
April 25, 2019
![Page 10: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/10.jpg)
10
CIP-013-1 R1 1.2
Spring Standards and Compliance Workshop
April 25, 2019
Notification
Vendor-identified incidents
Remote or onsite access should no longer be granted
Coordination
Vendor-identified incidents
Disclosure
Known vulnerabilities
Verification
Integrity and authenticity of all
software and patches
![Page 11: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/11.jpg)
11
CIP-013-1 R1 1.2 Discussion
When is Procurement Completed?
• Bidding process complete and terms agreed
• Contract(s) approved
• Project plan/change request completed
Applicable after Procurement?
• Yes
1.2.3
• Electronic or physical
Contracts
Spring Standards and Compliance Workshop
April 25, 2019
![Page 12: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/12.jpg)
12
CIP-013-1 R1 1.2 Audit Approach
Does the Entity Have Process(es)?
Does the Process(es) Address How the Entity Will Implement 1.2.1-1.2.6?
Spring Standards and Compliance Workshop
April 25, 2019
![Page 13: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/13.jpg)
13
CIP-013-1 R1 1.2 and R2 Audit Approach
Is the Entity Procuring BES Cyber Systems?
Has the Entity Procured BES Cyber Systems?
Does the Entity Have Evidence that 1.2 (1.2.1-1.2.6) Was Implemented?
• Correspondence
• Emails
• Notification
• Alerts
• Call logs
• Voicemail
• Contracts
Spring Standards and Compliance Workshop
April 25, 2019
![Page 14: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/14.jpg)
14
CIP-013-1 R1 1.2 and R2 Audit Approach
Is There a Project Plan and/or Change Request?
• Detailed description
• Equipment
• Software
• Vendor(s) transitions
• Essential dates (procuring/procured)
• Start
• End
Sample Sets
Spring Standards and Compliance Workshop
April 25, 2019
![Page 15: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/15.jpg)
15
CIP-013-1 R3
Spring Standards and Compliance Workshop
April 25, 2019
CIP Senior Manager or Delegate Approval
15 calendar months
![Page 16: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/16.jpg)
16
CIP-013-1 R3 Audit Approach
Spring Standards and Compliance Workshop
April 25, 2019
Did a CIP Senior Manager or delegate approve the supply chain cyber security risk management plan(s) on or before July 1, 2020?
Did a CIP Senior Manager or delegate approve the supply chain cyber security risk management plan(s) at least once every 15 calendar months?
![Page 17: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/17.jpg)
17
VENDOR REMOTE ACCESS
CIP-005-6
Spring Standards and Compliance Workshop
April 25, 2019
![Page 18: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/18.jpg)
18
CIP-005-6 Applicability
Spring Standards and Compliance Workshop
April 25, 2019
BES Cyber Systems
HighMedium w/ERC
PCA
![Page 19: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/19.jpg)
19
CIP-005-6 R2 2.4-2.5
Spring Standards and Compliance Workshop
April 25, 2019
![Page 20: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/20.jpg)
20
CIP-005-6 R2 2.4-2.5
Spring Standards and Compliance Workshop
April 25, 2019
![Page 21: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/21.jpg)
21
CIP-005-6 R2 2.4-2.5 Discussion
Parts 2.1-2.3
• Intermediate System
• Encryption that terminates at Intermediate System
• Multi-factor authentication
All Vendor Remote Access Sessions
• User-initiated
• Machine-to-machine
Vendors, Consultants, and Contractors
You Do Not Have to Allow (Interactive Remote Access or System-to-System)
Spring Standards and Compliance Workshop
April 25, 2019
![Page 22: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/22.jpg)
22
CIP-005-6 R2 2.4-2.5 Discussion
System-to-System Remote Access
• Not defined
• Could be non-routable protocol
• Scripts, batch jobs, cron jobs (Linux), executables, custom software
• Encryption
• Multi-factor authenticationSpring Standards and Compliance Workshop
April 25, 2019
![Page 23: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/23.jpg)
23
CIP-005-6 R2 2.4-2.5 Discussion
Disable?
•No longer needed
•System breach
•Compromise
•DisruptionSpring Standards and Compliance Workshop
April 25, 2019
![Page 24: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/24.jpg)
24
CIP-005-6 R2 2.4-2.5 Audit Approach
Does the Entity Have Process(es)?
Does the Process(es) Address How the Entity Will Implement 2.4 and 2.5?
Sample Sets
Does the Entity Have Evidence the Methods are Enabled or Implemented?
• Configurations
• Firewall, switch, router, Intermediate System, etc.
• Software
• Remote access tools
• ACLs, rules
• IDS/IPS
• Ports and services
• Multi-factor authentication
• Permissions
• Network Access Control (NAC)
Spring Standards and Compliance Workshop
April 25, 2019
• Logs
• Alerts
• Screenshots
• Video
• Audio
• Change request tickets
![Page 25: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/25.jpg)
25
SOFTWARE AND PATCH INTEGRITY
AND AUTHENTICITY
CIP-010-3
Spring Standards and Compliance Workshop
April 25, 2019
![Page 26: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/26.jpg)
26
CIP-010-3 R1 Applicability
Spring Standards and Compliance Workshop
April 25, 2019
BES Cyber Systems
High Medium
![Page 27: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/27.jpg)
27
CIP-010-3 R1 1.6
Spring Standards and Compliance Workshop
April 25, 2019
!ABC123# !ABC123#
![Page 28: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/28.jpg)
28
CIP-010-3 R1 1.6 Discussion
Spring Standards and Compliance Workshop
April 25, 2019
1.1.1. Operating system(s)
(including version) or firmware where
no independent operating system
exists;
1.1.2. Any commercially
available or open-source application software (including
version) intentionally
installed;
1.1.5. Any security patches applied.
![Page 29: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/29.jpg)
29
CIP-010-3 R1 1.6 Discussion
Change Requests
• Essential dates
• Screenshots
• Completed forms
• Reports
• Approvals
Third-Party Accreditation
Open-Source May Be Difficult to Verify
Spring Standards and Compliance Workshop
April 25, 2019
![Page 30: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/30.jpg)
30
CIP-010-3 R1 1.6 Discussion
Spring Standards and Compliance Workshop
April 25, 2019
Part 1.1
Baseline configuration
Part 1.2
Authorized and documented change
Part 1.4
Prior to the change
Determine cyber security controls
Part 1.5
Prior to the change
Test in test environment or
production
Document the results and any
differences between test and production
Part 1.6
Prior to the change
Verify identity of source and integrity
of software
Part 1.4
Following the change
Verify cyber security controls are not
adversely affected
Document the results
Part 1.3
Baseline configuration
updated within 30 days of change
High and medium BCS,
EACMS, PACS, PCA
High BCS High and medium
BCSHigh and medium BCS,
EACMS, PACS, PCA
![Page 31: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/31.jpg)
31
CIP-010-3 R1 1.6 Audit Approach
Does the Entity Have Process(es)?
Does the Process(es) Address How the Entity Will Implement 1.6?
Sample Sets
Does the Entity Have Evidence That 1.6 Was Implemented?
• Vendor Chain of Custody forms
• Vendor documentation
• Digital Certificates
• Encrypted transmission
• Hash/Checksum value verification
Spring Standards and Compliance Workshop
April 25, 2019
• Signed Code
• Vulnerability management tools
• Whitelisting tools
• Baseline tools
![Page 32: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/32.jpg)
32
CIP-010-3 R1 1.6 Audit Approach
If the Method to Do So Is Unavailable, Does the Entity Have Evidence?
• Logs
• Reports
• Screenshots
• Change request details
Spring Standards and Compliance Workshop
April 25, 2019
![Page 33: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/33.jpg)
33
SUPPLY CHAIN MANAGEMENT
POTENTIAL RELATIONSHIPS
Spring Standards and Compliance Workshop
April 25, 2019
![Page 34: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/34.jpg)
34
Verification of Software and Patches
CIP-013-1 R1
• 1.2.5
CIP-007-6 R2
• 2.1-2.4
CIP-010-3 R1
• 1.1-1.6
Spring Standards and Compliance Workshop
April 25, 2019
![Page 35: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/35.jpg)
35
Vendor Remote Access
Spring Standards and Compliance Workshop
April 25, 2019
CIP-013-1 R1 1.2.6
CIP-004-6 R1-R5
CIP-005-6 R2 2.1-2.5
CIP-007-6 R4
CIP-007-6 R5
CIP-010-3 R4 Sections 1, 2,
and 3 (TCA and RM)
![Page 36: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/36.jpg)
36
CIP Senior Manager or Delegate
Spring Standards and Compliance Workshop
April 25, 2019
CIP-013-1 R3
CIP-003-7 R3 and
R4
![Page 37: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/37.jpg)
37
Replacement or Upgrade of SCADA
Spring Standards and Compliance Workshop
April 25, 2019
TOP
CIP-013-1
Certification
![Page 38: Supply Chain Risk Management - texasre.org Chain Risk... · SUPPLY CHAIN RISK MANAGEMENT PLAN(S) CIP-013-1 Spring Standards and Compliance Workshop April 25, 2019 . 3 CIP-013-1 Applicability](https://reader036.vdocument.in/reader036/viewer/2022062414/5f021c097e708231d4029e1a/html5/thumbnails/38.jpg)
38
Questions?
Spring Standards and Compliance Workshop
April 25, 2019