Would be interesting to know why US DOE CESER chose to endorse the IEC 62443 Cybersecurity Framework when many US Electric Grid Operators have already implemented NIST's Cybersecurity Framework V 1.1 and related NIST standards covering the software supply chain SP 800-161r1 and cybersecurity guidelines for ICS/OT environments: SP 800-83 R3