NERC CIP Compliance
In order to ensure the reliability of power generation and transmission systems, North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) mandates a broad range of both technical and procedural controls that must be implemented and well-documented.
Compliance with NERC CIP involves specific technical security controls as well as procedural controls around training, policy enforcement, access (both physical and cyber), and more. Compliance with NERC CIP also requires extensive documentation.
Our solutions can assist you in attaining and maintaining NERC CIP compliance as cost-effectively and simply as possible by providing specific capabilities in a number of areas:
- Change detection–Having the ability to "identify, control and document all entity or vendor-related changes to hardware and software" is an essential component in protecting systems and information. Our solutions can baseline a system and provide real-time file integrity monitoring, configuration assessment, change reporting, and privileged-user activity monitoring. Required for CIP 003 and CIP 007.
- Configuration assessment–Determining if systems are in compliance, and where there are vulnerabilities, misconfigurations, missing patches, and unmanaged changes provides the fastest way to ensure that critical infrastructure and data are secured. Required for CIP 003 and CIP 007.
- Log and event management–Tracking and correlating events, reporting on trends and threats, and securely storing logs provides the ability to identify risks and respond before a breach occurs, as well as help ensure compliance. Required for CIP 007.
- Personnel training and awareness–Providing the right training and ensuring access is granted only once training is complete, helps remove the biggest risk of non-compliance with NERC CIP and the greatest threat to your systems and data. Our solutions can provide an integrated way to ensure users get the training they need before they get access to systems. Required for CIP 004.
- Access controls–Reducing the number of overly-privileged users and ensuring access is in line with the demands of the organization, helps enforce a 'least-privileges' model, which can prevent accidental or malicious damage to systems and critical data breaches. Our solutions can help you securely delegate only the privileges needed to get the job done. Required for CIP 003 and CIP 005.
- User account management–Providing integrated and automated provisioning, delegation, training, and de-provisioning of rights across Windows, UNIX, Linux, VMware ESX, and Mac OS reduces risk and improves administration efficiency. Required for CIP 004.
- Automated workflows–Automating workflows that integrate technical and non-technical assessments, controls, and reporting streamline compliance with NERC CIP, simplify reporting, and help keep audit workload and costs to a minimum-while improving security and reliability.
Our NERC CIP Solutions
We provide you with an integrated range of solutions for NERC CIP compliance. These include:
- Security Manager–Industry-leading Security Information and Event Management (SIEM) solution that provides secure log management, event correlation, and threat detection.
- Secure Configuration Manager–Award-winning security configuration assessment solution that comes with pre-built NERC CIP compliance checks and reporting.
- Directory and Resource Administrator–Secures privileged delegation for cross-platform user management, reducing the number of administrators and simplifying audit reporting.
- Vigilent Policy Center–Enables enterprise policy, standards, and procedures development and management.
- Aegis–Provides automated workflows, integration of security and compliance tools, and automated escalation, reporting, and documentation.