“The Federal Energy Regulatory Commission (Commission) proposes to approve seven critical infrastructure protection (CIP) Reliability Standards …
“… the global supply chain also enables opportunities for adversaries to directly or indirectly affect the management or operations of companies that may result in risks to the end user. Supply chain risks may include the insertion of counterfeits,
unauthorized production, tampering, theft, or insertion of malicious software, as well as poor manufacturing and development practices. To address these risks, NIST developed SP 800-161 to provide guidance and controls that can be used to comply with Federal Information Processing Standard 199 Standards for Security Categorization of Federal Information and Information Systems for Federal Government Information Systems. …”
via Federal Register.