The newly approved cybersecurity standard was proposed by the North American Electric Reliability Corporation (NERC) in December 2022. Under the standard, entities with bulk facilities whose assets are designated low-impact are required to have procedures for determining and disabling vendor remote access.

This standard is designed to enhance the reliability of the grid by broadening current security controls, providing greater visibility into electronic communication between low-impact BES cyber systems and vendors. These security controls will proffer alerts and the ability to disable vendor remote access in the event of potential malicious communication. 

For more information, see the Order Approving Reliability Standard on the FERC’s website.

Source:

FERC Approves Extending Risk Management Practices to Low-Impact Cyber Systems (ferc.gov)