Ampyx Cyber Blog

The Intersection of Regulation & Resilience

FERC Issues Orders on Virtualization and Low Impact: What Changed and What You Need to Do
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

FERC Issues Orders on Virtualization and Low Impact: What Changed and What You Need to Do

FERC unanimously approved Order Nos. 918 and 919 on March 19, 2026, finalizing CIP virtualization standards and new low-impact BES Cyber System controls, plus an updated "Control Center" definition. All CIP-registered entities are affected. Implementation windows are 24 and 36 months respectively. Compliance programs should begin gap assessments now.

Read More
CIP-002-8, Decoded: Who’s In, Who’s Out Under the New 2.12
Deep Dive Patrick Miller Deep Dive Patrick Miller

CIP-002-8, Decoded: Who’s In, Who’s Out Under the New 2.12

Upcoming NERC CIP-002 grid rules change which control centers fall under stricter cybersecurity protections. This post explains the new test in plain language, who is likely covered, and when local, load-serving areas can qualify for an exception. We also share a quick checklist to help utilities document what they have today and avoid surprises later.

Read More