NERC CIP-013 Enforcement Date Extended for Entities to Complete Supply Chain Cyber Security Risk Management Programs

CIP-013 Enforcement Date

With the COVID-19 impact on our nation, NERC has delayed the enforcement date of CIP-013 to October 1, 2020, allowing entities an extra three months to prepare their Supply Chain Cyber Security Risk Management programs. Even with the extra three months, the tasks associated with preparing a program to meet compliance with CIP-013 can be quite extensive. If you have not started on your program, PCS recommends you begin as soon as possible in order to be better prepared to address gaps and issues prior to the compliance deadline.

We understand many entities have found that their programs may meet the minimum requirements per the letter of the standard, but are not as seamless as they predicted. Entities are also finding value in providing training and awareness workshops to address their programs and educate their colleagues regarding the expectations and changes that are coming within their organization.

PCS has had the pleasure of working with utilities that have some very creative approaches to meeting both the letter and spirit of the CIP-013 standard, as well as the CIP-005 and CIP-010 changes. Now is a great time to have PCS assist you in the preparation or completion of your program. We are also available to perform a compliance second look, prepare training and awareness tools, or conduct an efficiency and effectiveness review of your program. Let our experienced team bring creative and efficient ideas to your organization and help you move forward with confidence.

For more information, check out our website at You can also contact Dale Zahn at or (262) 436-4116.


More Posts