​NRECA and the American Public Power Association (APPA) issued a white paper (PDF) in response to a North American Electric Reliability Corporation (NERC) Board of Trustees resolution to address the best and leading cybersecurity supply chain risk management practies with a focus on small registered entities. This white paper identifies a catalog of practices reflecting the result of extensive interviews of nine NRECA and APPA members and shows that small registered entities with only low-impact Bulk Energy System (BES) Cyber Systems can - and do - implement appropriate supply chain management measures. These measures help mitigate supply chain risk and can be considered best practices commensurate with the low risk that small entities pose to BES reliability.