On March 16, 2023, the Federal Energy Regulatory Commission (FERC) issued its Order Approving Reliability Standard CIP-033-9 in Docket No. RD23-3-000.
The FERC News Release states in part:
The new standard, proposed by the North American Electric Reliability Corporation (NERC) in December 2022, requires entities with bulk electric system facilities whose assets are designated low-impact to have methods for determining and disabling vendor remote access. Generally, low-impact assets are generation or transmission facilities that pose a lower risk to the bulk electric system if they are compromised.
This standard improves the reliability of the grid by expanding existing security controls to provide greater visibility into electronic communication between low-impact bulk electric system cyber systems and vendors. These security controls will allow detection and the ability to disable vendor remote access in the event of a known or suspected malicious communication.
See FERC’s News Release here: https://www.ferc.gov/news-events/news/ferc-approves-extending-risk-management-practices-low-impact-cyber-systems
See FERC Order here: https://www.ferc.gov/media/e-1-rd23-3-000