NERC CIP Compliance Made Easy for the Entire Supply Chain

Choose a fully customizable solution for your Utility

Fortress Platform Enables CIP Automation via IRM

Compliance Management

Designed to enable utilities to reduce their O&M spend on compliance through automation, orchestration and predefined workflow templates that can be modified to reflect internal processes.

Implementation

Fortress Platform implementation services designed to quickly create a centralized, enterprise security management data repository and dashboard

Integration

A strength of Fortress Platform is its ability to flexibly ingest various sources of IT and OT data provide customized views of prioritized event data and alerts

Security & Compliance Combined

On-premise deployments for high and medium impact BCS Entities, Compliance Outsource low-impact cloud deployment option for reduced costs

Integration Risk Management Core Components

Integrated Risk Management 3

Workflow & Automation

  • Security nomenclature based on the MITRE ATT&CK Matrix (Q4 2020)
  • Compliance Workflows – based on NERC CIP Standards and the NERC Evidence Request Tool
  • Custom workflow integration based on internal policy and procedure language and controls structure

Asset & Vendor Management – CIP-002 Integration

  • Asset Identification
  • Asset Classification
  • Asset Management & Monitoring
  • CIP-013 Compliance Management
  • 3rd Party Risk Management
  • Enterprise Vendor Management

Threat Monitoring & Mitigation

  • Fortress-tailorable workflow allows you to integrate your existing threat mitigation into the tool, enabling you fine-grain control over your identification, reporting and resolution cycles
  • Respond to threats by assessing inventory to see if the threat is applicable and perform remediation
  • Known vulnerabilities and threats analyzed against the inventory to determine susceptibility based on CVE/CWE/ICS vulnerability vs asset in inventory and presenting action to be performed

Vulnerability & Patch Management

  • ICS/OT patch management & governance
    • Baseline configuration for each in scope asset stored in AM Module
    • Ports and services inventories tied to the AM Module
    • Known vulnerabilities linked with each asset within the AM Module
    • Using the A2V model, patch testing and validation services can be leveraged against other utilities using the same technology footprint for lower costs
  • Using Scanning or OT management software to determine versions and susceptibility
  • FP tracks compliance status for the NERC CIP program & remediation efforts

Compliance Management

  • Presenting Compliance Artifacts in a manner consistent with NERC, FERC and Regions
    • Heavy focus on Evidence Request Repository Consistency
    • RSAW-based internal assessment reviews
  • Compliance Performance Activity Dashboard – indicate where possible noncompliance is occurring in real-time
  • Any compliance risk transfer will be coordinated with NERC and Regions prior to contract execution to maximize transparency in the process
  • Compliance with CMMC
  • Compliance with Executive Order and 889b

Access Management

  • Integration with IDM and other access management platforms
  • Tracing access rights in relation to CIP Applicable Assets and Compliance Artifacts
  • Workflow templates designed to ensure access compliance traceability and artifact review activities

FORTRESS IN THE NEWS

Get in touch

Want to find out how Fortress can solve problems specific to your business? Let’s connect.

Integrated Risk Management 4407.573.6800

 For Human Resources, please call  855.367.8737

Integrated Risk Management 5sales@fortressinfosec.com

 

Contact Sales


Integrated Risk Management 6
Integrated Risk Management 7 Integrated Risk Management 8 Integrated Risk Management 9

189 S Orange Ave #1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2019. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

DOWNLOAD THE FULL

THREAT INTELLIGENCE REPORT

ORACLE LINUX 7 REPOSITORIES INFECTED WITH “HTML.EXPLOIT.C99-24” EXPLOIT

DOWNLOAD THE FULL

THREAT INTELLIGENCE REPORT

ZOOM VIDEO CONFERENCING AND COMMUNICATIONS

THREAT INTELLIGENCE REPORT

Windows CryptoAPI Vulnerability

White Paper

Asset to Vendor Network for Power Utilities

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

No, thanks!

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS