| Your Challenge: | Meet the requirements of the North American Electric Reliability Corporation's (NERC) Critical Infrastructure Protection (CIP) plan to detect vulnerabilities and threats and prevent attacks against critical information security assets while preserving operational integrity and avoiding costly and disruptive downtime. |
FERC and NERC mandated timetables are bringing significant changes to utility networking and computing infrastructure. Perceived and real threats from hackers and cyber terrorists, legislative mandates with the promise of fines for non-compliance, and the opportunity to upgrade network infrastructure are all driving compliance with NERC CIP.
Compliance efforts have been varied depending on the size of the utility, maturity of its infrastructure, and security posture and attitudes. Meeting full compliance with NERC CIP is a governance, administration, and technical challenge. Often NERC CIP compliance efforts can best be optimized when combined with automation and control updates to infrastructure to both meet compliance as well as “smart grid” and “intelligent utility” objectives.
The definition and architecture of electronics security perimeters (ESP) is an opportunity to take a holistic, risk-based approach to building and implementing a comprehensive security program that includes secure remote engineering, access, and administration. The result is a more reliable and resilient network that delivers operational efficiencies and cost savings.
Integration of access management systems (AMS) with security log monitoring ensure that user identity information can be correlated to network device, platform, and application logging.
| The Solution: | ActiveGuard managed services; SaaS self-service assessment; and security consulting services tailored for NERC CIP compliance. |
| Assess & Measure Gaps: | NERC CIP risk assessments performed by experienced, certified security professionals experienced in dealing with new and legacy industrial control environments; prioritized and actionable recommendations; peer benchmarking. |
| Remediate & Enhance: | Experienced, certified security professionals, security program, policy, and procedures design, services, tools, and process implementation. |
| Execute & Monitor: | NERC CIP compliant log management, log monitoring, vulnerability management, and security device management. |
| Demonstrate Compliance: | Standard and customizable reporting, secure evidence repository for all NERC CIP compliance related assessments, results, and reports; integrated ticketing with assignment, tracking, and journaling. |
Solutionary has:
- A track record of delivering managed and security consulting services that meet NERC CIP requirements
- A staff of experienced, certified security and compliance professionals
- Participation in utility industry and regional groups
- Proven managed and consulting services to get you compliant and keep you compliant
- Certified security experts (HITRUST CSF, CISSP, CISA, CISM, GCIA, CSOA, QSA and others)
Select from any of our NERC CIP compliance services:
- ActiveGuard Log Monitoring & Log Management
- Vulnerability Management
- Security Device Management
- Onsite NERC CIP Risk Assessments, Compliance Assessments and Gap Analysis Services
- SecurCompass SaaS Self-Assessment Tools
| Compliance Activity | Solutionary Services / Capabilities | Regulatory Mapping |
| Assess; Measure Gaps | SecurCompass SaaS self-assessment; Security consulting services; Certified security professionals | CIP-002-3 CIP-003-3 CIP-004-3 |
| Remediation; Enhancement | Security consulting services; Certified security professionals; Authorized partner consulting services | CIP-003-3 CIP-007-3 CIP-008-3 CIP-009-3 |
| Execute and Monitor Security Program | ActiveGuard Log Management; ActiveGuard Log Monitoring; ActiveGuard Vulnerability Management; Authorized partner consulting services; ActiveGuard Security Device Management | CIP-002-3 CIP-003-3 CIP-005-3 CIP-007-3 CIP-008-3 CIP-009-3 |
| Demonstrate Compliance | ActiveGuard Evidence Repository; ActiveGuard Security & Compliance Reporting; SecurCompass SaaS self-assessment; Security consulting services | CIP-002-3 CIP-003-3 CIP-004-3 CIP-005-3 CIP-007-3 CIP-008-3 CIP-009-3 |
