R1 - Supply Chain Cyber Security Risk Management Plan

CIP-013 R1 requires bulk power entities to create a Supply Chain Cyber Security Risk Management Plan that identifies and assesses cyber-related risks associated with equipment, services, and personnel sourced from third parties. The plan must define mitigation strategies, assign responsibilities, and establish ongoing monitoring and review processes to protect critical infrastructure from supply-chain threats.