{"id":2759,"date":"2021-04-12T18:18:10","date_gmt":"2021-04-12T18:18:10","guid":{"rendered":"https:\/\/itegriti.com\/kw022024\/?p=2759"},"modified":"2021-04-13T13:26:58","modified_gmt":"2021-04-13T13:26:58","slug":"6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist","status":"publish","type":"post","link":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/","title":{"rendered":"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-one-full fusion-column-first fusion-column-last\" style=\"--awb-bg-size:cover;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-column-wrapper-legacy\"><div class=\"fusion-text fusion-text-1\"><p>In our previous blog, we had introduced the <a href=\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/an-introduction-to-nerc-cip-013-1\/\" target=\"_blank\" rel=\"noopener noreferrer\">NERC CIP 013-1<\/a>, whose purpose is to address the vulnerabilities and threat vectors that external third parties in the supply chain can have on the Bulk Electric System (BES). The standard was enforced on July 1<sup>st<\/sup>, 2020, and Responsible Entities have 18 months from the effective date to prove compliance, increased monitoring, and oversight over their supply chains.<\/p>\n<p>The following image, courtesy of <a href=\"https:\/\/www2.deloitte.com\/us\/en\/pages\/advisory\/articles\/implementing-cip-013-compliance.html\">Deloitte<\/a>, provides a quick refresher on the Reliability Standard\u2019s requirements.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-2760 size-full lazyload\" data-src=\"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/CIP-013_requirements.jpg\" alt=\"\" width=\"600\" height=\"375\" data-srcset=\"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/CIP-013_requirements-200x125.jpg 200w, https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/CIP-013_requirements-400x250.jpg 400w, https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/CIP-013_requirements.jpg 600w\" data-sizes=\"(max-width: 600px) 100vw, 600px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 600px; --smush-placeholder-aspect-ratio: 600\/375;\" \/><\/p>\n<h2>CIP-013-1 compliance: A strategic choice<\/h2>\n<p>CIP-013-1 only addresses high- and medium-risk BES cyber systems and does not provide any recommendations or best practices on how to meet compliance with the requirements. Responsible entities must make strategic decisions regarding the extent of compliance. These decisions could range from simply becoming and remaining compliant, to rolling out compliance more broadly, encompassing low-impact BES as well, and potentially including the whole enterprise.<\/p>\n<p>The strategy towards achieving CIP-013-1 compliance should include all supply chain stakeholders. Maintaining CIP-013-1 compliance requires collaboration and information sharing between all partners and vendors. It also requires dedication and resources. Therefore, all organizations need to ensure and allocate enough time and personnel to define and implement the new controls, and to demonstrate evidence of compliance within the enforcement timeframe.<\/p>\n<p>It is also advisable to align the compliance efforts and to further strengthen the CIP-013-1 requirements with strategies and practices of other cybersecurity and risk frameworks and programs, such as the NIST Cybersecurity Framework and the IEC\/ISA 62443 standards. In addition to the CIP-013-1 requirements, Responsible Entities may enhance their supply chain policies by implementing the measures in <a href=\"https:\/\/www.nerc.com\/pa\/Stand\/Reliability%20Standards\/CIP-005-6.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">CIP-005-6<\/a> (Part 2), and <a href=\"https:\/\/www.nerc.com\/pa\/Stand\/Reliability%20Standards\/CIP-010-3.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">CIP-010-3<\/a> (Section 1.6), (regarding the governance of vendor remote access and the verification of the source and integrity of procured software, respectively.)<\/p>\n<h2>Checklist for NERC CIP-013-1 compliance<\/h2>\n<p>The best way to maintain compliance with the CIP-013-1 requirements is to understand the risk associated with the software supply chain. Having this knowledge is key to ensuring that security measures and mitigations are proportionate, effective, and responsive. Responsible Entities should perform the following steps to assess their level of software supply chain risk.<\/p>\n<ol>\n<li><strong>Have visibility<\/strong><\/li>\n<\/ol>\n<p>The first step is to have complete visibility into the software components used in all applications. To achieve that, you should create a <a href=\"https:\/\/www.ntia.gov\/SBOM\" target=\"_blank\" rel=\"noopener noreferrer\">Software Bill of Materials<\/a> (SBOM), and investigate each potentially dangerous component. SBOM is a nested inventory, listing all software components making up applications.<\/p>\n<p>SBOMs are great sources for vulnerability management and asset management processes, and they can be used to quickly identify software dependencies and supply chain risks. Using the SBOM inventory, the entities can identify the developers of the components and determine the name of the product associated with the software along with the version.<\/p>\n<ol start=\"2\">\n<li><strong>Verify authenticity and validity<\/strong><\/li>\n<\/ol>\n<p>Following the identification of all software components, the second step is to verify their authenticity by searching the code signing certificates for identification information. These code signing SSL\/TLS certificates are issued only after thorough investigations of the identity of the software developer in accordance with the Certification Authority Browser Forum (CA\/Browser Forum) guidelines.<\/p>\n<p>Based on the information provided in the certificate, the Entities can verify the validity of the digital certificate and confirm that the vendor and source location information match what was agreed to during the procurement discussions. As an overarching rule, source locations that lack SSL digital certificates or contain discrepancies in their certification should never be trusted.<\/p>\n<p>In addition to the authenticity of the software source, Entities should look for any expired certificates and the expiration date of the digital certificate. Even if digital certificates lifecycles have shortened to almost a year, software components signed with certificates that are nearing their expiration dates might not be trustworthy. Checking the timestamp is a good practice to verify the age of a certificate.<\/p>\n<ol start=\"3\">\n<li><strong>Scan for malware<\/strong><\/li>\n<\/ol>\n<p>Responsible Entities should perform a malware scan using trusted and up-to-date antivirus software. Malware scans should be performed outside the production or operational environment. Any discovered malware or vulnerability risks must automatically result in a trust score of zero. Malware is a deliberate, malicious action by adversaries to implant software in a victim\u2019s computing ecosystem to gain presence and to further launch attacks to disrupt the reliable and safe operations of the Entity.<\/p>\n<ol start=\"4\">\n<li><strong>Scan for vulnerabilities<\/strong><\/li>\n<\/ol>\n<p>While malware is an intentional action, vulnerabilities are unintentional software flaws that adversaries exploit to gain access to a target\u2019s cyber-enabled infrastructure. Entities should scan their software components for known vulnerabilities and exploits. To gain intelligence on known vulnerabilities, it is advised to sign up to receive CISA alerts and advisories, or search known vulnerability databases, such as the MITRE <a href=\"https:\/\/cve.mitre.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Common Vulnerabilities and Exposure<\/a> (CVE) notices, and the NIST <a href=\"https:\/\/nvd.nist.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\">National Vulnerability Database<\/a> (NVD).<\/p>\n<ol start=\"5\">\n<li><strong>Keep an updated baseline<\/strong><\/li>\n<\/ol>\n<p>Based on the findings of the previous steps, Responsible Entities should generate a trustworthy baseline. This baseline should be updated on a frequent basis to adapt to the changing environment and threat landscape. Updates should be based on intelligence or advisories received by NERC or other federal agencies and organizations.<\/p>\n<ol start=\"6\">\n<li><strong>Develop quality evidence<\/strong><\/li>\n<\/ol>\n<p>During the NERC CIP audits, Responsible Entities need to demonstrate the existence of evidence to prove compliance with the CIP standards. All findings and actions described in the previous steps should be saved in meaningful evidence files. It is also worth noting that evidence of compliance will become extremely useful in the unfortunate event of a cyber incident.<\/p>\n<h2>How ITEGRITI helps<\/h2>\n<p>Besides the aforementioned recommendations, the best practice Responsible Entities can follow to protect themselves against supply chain attacks is to apply due diligence. If a breach occurs in your company, then it is you who will be held accountable for the damage and costs to recover, along with any non-compliance fines. Not the software vendor or supplier.<\/p>\n<p>As this standard is fairly new, organizations need to consider the risks associated with non or partial compliance of the standard.\u00a0 They may want to consider the services of organizations, such as ITEGRITI, that are well-versed in the interpretation and implementation of NERC CIP regulations. You can read more <a href=\"https:\/\/itegriti.com\/kw022024\/CIPGSD\/\">here<\/a>.<\/p>\n<p>ITEGRITI helps protect some of the nation\u2019s most critical infrastructure, serving clients in energy, healthcare, transportation, education, retail and financial sectors.\u00a0 We develop and implement programs that mitigate cyber and compliance risk, supported by internal controls to measure, monitor, and report ongoing program effectiveness. Our programs help companies avoid hacks and minimize business impact during a cybersecurity event.<\/p>\n<\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Maintaining NERC CIP-013-1 compliance requires collaboration and information sharing between all partners and vendors. The best way to maintain compliance with the CIP-013-1 requirements is to understand the software supply chain&#8217;s risk.<\/p>\n","protected":false},"author":10,"featured_media":2764,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2179],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.0 (Yoast SEO v23.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist - kw022024<\/title>\n<meta name=\"description\" content=\"Maintaining NERC CIP-013-1 compliance requires collaboration and information sharing between all partners and vendors. The best way to maintain compliance with the CIP-013-1 requirements is to understand the software supply chain&#039;s risk.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist\" \/>\n<meta property=\"og:description\" content=\"Maintaining NERC CIP-013-1 compliance requires collaboration and information sharing between all partners and vendors. The best way to maintain compliance with the CIP-013-1 requirements is to understand the software supply chain&#039;s risk.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/\" \/>\n<meta property=\"og:site_name\" content=\"kw022024\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/itegriti\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-12T18:18:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-13T13:26:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Anastasios Arampatzis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TassosAramp\" \/>\n<meta name=\"twitter:site\" content=\"@itegriti\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Anastasios Arampatzis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/\"},\"author\":{\"name\":\"Anastasios Arampatzis\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/#\/schema\/person\/6fa12fbccd5abc86c2ce14ffbb619673\"},\"headline\":\"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist\",\"datePublished\":\"2021-04-12T18:18:10+00:00\",\"dateModified\":\"2021-04-13T13:26:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/\"},\"wordCount\":1335,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/#organization\"},\"image\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg\",\"articleSection\":[\"Compliance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/\",\"url\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/\",\"name\":\"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist - kw022024\",\"isPartOf\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg\",\"datePublished\":\"2021-04-12T18:18:10+00:00\",\"dateModified\":\"2021-04-13T13:26:58+00:00\",\"description\":\"Maintaining NERC CIP-013-1 compliance requires collaboration and information sharing between all partners and vendors. The best way to maintain compliance with the CIP-013-1 requirements is to understand the software supply chain's risk.\",\"breadcrumb\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#primaryimage\",\"url\":\"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg\",\"contentUrl\":\"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/itegriti.com\/kw022024\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/#website\",\"url\":\"https:\/\/itegriti.com\/kw022024\/\",\"name\":\"ITEGRITI\",\"description\":\"cybersecurity | compliance | managed services\",\"publisher\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/itegriti.com\/kw022024\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/#organization\",\"name\":\"ITEGRITI CORPORATION | Cybersecurity | Compliance | Managed Services\",\"url\":\"https:\/\/itegriti.com\/kw022024\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2016\/06\/ItegritiLogo_600x100.png\",\"contentUrl\":\"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2016\/06\/ItegritiLogo_600x100.png\",\"width\":600,\"height\":100,\"caption\":\"ITEGRITI CORPORATION | Cybersecurity | Compliance | Managed Services\"},\"image\":{\"@id\":\"https:\/\/itegriti.com\/kw022024\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/itegriti\",\"https:\/\/x.com\/itegriti\",\"https:\/\/www.linkedin.com\/company\/itegriti\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/#\/schema\/person\/6fa12fbccd5abc86c2ce14ffbb619673\",\"name\":\"Anastasios Arampatzis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/itegriti.com\/kw022024\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/adff645e812a27c2d07dd3c43fc9cd32?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/adff645e812a27c2d07dd3c43fc9cd32?s=96&d=mm&r=g\",\"caption\":\"Anastasios Arampatzis\"},\"description\":\"Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years\u2019 worth of experience in managing IT projects and evaluating cybersecurity. During his service in the Armed Forces, he was assigned to various key positions in national, NATO and EU headquarters and has been honoured by numerous high-ranking officers for his expertise and professionalism. He was nominated as a certified NATO evaluator for information security. Anastasios\u2019 interests include among others cybersecurity policy and governance, ICS and IoT security, encryption, and certificates management. He is also exploring the human side of cybersecurity - the psychology of security, public education, organizational training programs, and the effect of biases (cultural, heuristic and cognitive) in applying cybersecurity policies and integrating technology into learning. He is intrigued by new challenges, open-minded and flexible. Currently, he works as a cybersecurity content writer for Bora - IT Security Marketing. Tassos is a member of the non-profit organization Homo Digitalis.\",\"sameAs\":[\"http:\/\/www.welcometobora.com\",\"https:\/\/www.linkedin.com\/in\/anastasiosarampatzis\/\",\"https:\/\/x.com\/TassosAramp\"],\"url\":\"https:\/\/itegriti.com\/kw022024\/author\/anastasios-arampatiz\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist - kw022024","description":"Maintaining NERC CIP-013-1 compliance requires collaboration and information sharing between all partners and vendors. The best way to maintain compliance with the CIP-013-1 requirements is to understand the software supply chain's risk.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/","og_locale":"en_US","og_type":"article","og_title":"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist","og_description":"Maintaining NERC CIP-013-1 compliance requires collaboration and information sharing between all partners and vendors. The best way to maintain compliance with the CIP-013-1 requirements is to understand the software supply chain's risk.","og_url":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/","og_site_name":"kw022024","article_publisher":"https:\/\/www.facebook.com\/itegriti","article_published_time":"2021-04-12T18:18:10+00:00","article_modified_time":"2021-04-13T13:26:58+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg","type":"image\/jpeg"}],"author":"Anastasios Arampatzis","twitter_card":"summary_large_image","twitter_creator":"@TassosAramp","twitter_site":"@itegriti","twitter_misc":{"Written by":"Anastasios Arampatzis","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#article","isPartOf":{"@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/"},"author":{"name":"Anastasios Arampatzis","@id":"https:\/\/itegriti.com\/kw022024\/#\/schema\/person\/6fa12fbccd5abc86c2ce14ffbb619673"},"headline":"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist","datePublished":"2021-04-12T18:18:10+00:00","dateModified":"2021-04-13T13:26:58+00:00","mainEntityOfPage":{"@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/"},"wordCount":1335,"commentCount":0,"publisher":{"@id":"https:\/\/itegriti.com\/kw022024\/#organization"},"image":{"@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg","articleSection":["Compliance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/","url":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/","name":"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist - kw022024","isPartOf":{"@id":"https:\/\/itegriti.com\/kw022024\/#website"},"primaryImageOfPage":{"@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#primaryimage"},"image":{"@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg","datePublished":"2021-04-12T18:18:10+00:00","dateModified":"2021-04-13T13:26:58+00:00","description":"Maintaining NERC CIP-013-1 compliance requires collaboration and information sharing between all partners and vendors. The best way to maintain compliance with the CIP-013-1 requirements is to understand the software supply chain's risk.","breadcrumb":{"@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#primaryimage","url":"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg","contentUrl":"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2021\/04\/itegriti-6-steps-to-NERC-CIP-compliance.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/itegriti.com\/kw022024\/2021\/compliance\/6-steps-to-nerc-cip-013-1-compliance-the-ultimate-checklist\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/itegriti.com\/kw022024\/"},{"@type":"ListItem","position":2,"name":"6 Steps To NERC CIP-013-1 Compliance: The Ultimate Checklist"}]},{"@type":"WebSite","@id":"https:\/\/itegriti.com\/kw022024\/#website","url":"https:\/\/itegriti.com\/kw022024\/","name":"ITEGRITI","description":"cybersecurity | compliance | managed services","publisher":{"@id":"https:\/\/itegriti.com\/kw022024\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/itegriti.com\/kw022024\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/itegriti.com\/kw022024\/#organization","name":"ITEGRITI CORPORATION | Cybersecurity | Compliance | Managed Services","url":"https:\/\/itegriti.com\/kw022024\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/itegriti.com\/kw022024\/#\/schema\/logo\/image\/","url":"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2016\/06\/ItegritiLogo_600x100.png","contentUrl":"https:\/\/itegriti.com\/kw022024\/wp-content\/uploads\/2016\/06\/ItegritiLogo_600x100.png","width":600,"height":100,"caption":"ITEGRITI CORPORATION | Cybersecurity | Compliance | Managed Services"},"image":{"@id":"https:\/\/itegriti.com\/kw022024\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/itegriti","https:\/\/x.com\/itegriti","https:\/\/www.linkedin.com\/company\/itegriti\/"]},{"@type":"Person","@id":"https:\/\/itegriti.com\/kw022024\/#\/schema\/person\/6fa12fbccd5abc86c2ce14ffbb619673","name":"Anastasios Arampatzis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/itegriti.com\/kw022024\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/adff645e812a27c2d07dd3c43fc9cd32?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/adff645e812a27c2d07dd3c43fc9cd32?s=96&d=mm&r=g","caption":"Anastasios Arampatzis"},"description":"Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years\u2019 worth of experience in managing IT projects and evaluating cybersecurity. During his service in the Armed Forces, he was assigned to various key positions in national, NATO and EU headquarters and has been honoured by numerous high-ranking officers for his expertise and professionalism. He was nominated as a certified NATO evaluator for information security. Anastasios\u2019 interests include among others cybersecurity policy and governance, ICS and IoT security, encryption, and certificates management. He is also exploring the human side of cybersecurity - the psychology of security, public education, organizational training programs, and the effect of biases (cultural, heuristic and cognitive) in applying cybersecurity policies and integrating technology into learning. He is intrigued by new challenges, open-minded and flexible. Currently, he works as a cybersecurity content writer for Bora - IT Security Marketing. Tassos is a member of the non-profit organization Homo Digitalis.","sameAs":["http:\/\/www.welcometobora.com","https:\/\/www.linkedin.com\/in\/anastasiosarampatzis\/","https:\/\/x.com\/TassosAramp"],"url":"https:\/\/itegriti.com\/kw022024\/author\/anastasios-arampatiz\/"}]}},"_links":{"self":[{"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/posts\/2759"}],"collection":[{"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/comments?post=2759"}],"version-history":[{"count":4,"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/posts\/2759\/revisions"}],"predecessor-version":[{"id":2765,"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/posts\/2759\/revisions\/2765"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/media\/2764"}],"wp:attachment":[{"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/media?parent=2759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/categories?post=2759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itegriti.com\/kw022024\/wp-json\/wp\/v2\/tags?post=2759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}