Ampyx Cyber Blog

The Intersection of Regulation & Resilience

FERC Issues Orders on Virtualization and Low Impact: What Changed and What You Need to Do
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

FERC Issues Orders on Virtualization and Low Impact: What Changed and What You Need to Do

FERC unanimously approved Order Nos. 918 and 919 on March 19, 2026, finalizing CIP virtualization standards and new low-impact BES Cyber System controls, plus an updated "Control Center" definition. All CIP-registered entities are affected. Implementation windows are 24 and 36 months respectively. Compliance programs should begin gap assessments now.

Read More
Securing Tomorrow’s Grid: FERC Acts on Low Impact, Virtualization, and Supply Chains
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

Securing Tomorrow’s Grid: FERC Acts on Low Impact, Virtualization, and Supply Chains

FERC’s September 2025 actions reshaped grid reliability standards by tightening security requirements for low-impact assets, adding authentication, encryption, and monitoring; new requirements and new definitions to support secure adoption of virtualization technologies; and expanding supply chain protections to cover Protected Cyber Assets and other connected systems.

Read More