NERC CIP Compliance Made Easy for the Entire Supply Chain
Choose a fully customizable solution for your Utility
Fortress Platform Enables CIP Automation
Designed to enable utilities to reduce their O&M spend on compliance through automation, orchestration and predefined workflow templates that can be modified to reflect internal processes.
Fortress Platform implementation services are designed to quickly create a centralized, enterprise security management data repository and dashboard.
A strength of the Fortress Platform is its ability to flexibly ingest various sources of IT and OT data, providing customized views of prioritized event data and alerts.
Security & Compliance Combined
On-premise deployments for high and medium impact BCS Entities. Outsource compliance with the low-impact cloud deployment option for reduced costs.
Compliance Automation Components
Workflow & Automation
- Security nomenclature based on the MITRE ATT&CK Matrix (Q4 2020)
- Compliance Workflows – based on NERC CIP Standards and the NERC Evidence Request Tool
- Custom workflow integration based on internal policy and procedure language and controls structure
Asset & Vendor Management – CIP-002 Integration
- Asset Identification
- Asset Classification
- Asset Management & Monitoring
- CIP-013 Compliance Management
- 3rd Party Risk Management
- Enterprise Vendor Management
Threat Monitoring & Mitigation
- Fortress-tailorable workflow allows you to integrate your existing threat mitigation into the tool, enabling you fine-grain control over your identification, reporting and resolution cycles
- Respond to threats by assessing inventory to see if the threat is applicable and perform remediation
- Known vulnerabilities and threats analyzed against the inventory to determine susceptibility based on CVE/CWE/ICS vulnerability vs asset in inventory and presenting action to be performed
Vulnerability & Patch Management
- ICS/OT patch management & governance
- Baseline configuration for each in-scope asset stored in the AM Module
- Ports and services inventories tied to the AM Module
- Known vulnerabilities linked with each asset within the AM Module
- Using the A2V model, patch testing and validation services can be leveraged against other utilities using the same technology footprint for lower costs
- Using Scanning or OT management software to determine versions and susceptibility
- FP tracks compliance status for the NERC CIP program & remediation efforts
- Presenting Compliance Artifacts in a manner consistent with NERC, FERC and Regions
- Heavy focus on Evidence Request Repository Consistency
- RSAW-based internal assessment reviews
- Compliance Performance Activity Dashboard – indicate where possible noncompliance is occurring in real-time
- Any compliance risk transfer will be coordinated with NERC and Regions prior to contract execution to maximize transparency in the process
- Compliance with CMMC
- Compliance with Executive Order and 889b
- Integration with IDM and other access management platforms
- Tracing access rights in relation to CIP Applicable Assets and Compliance Artifacts
- Workflow templates designed to ensure access compliance traceability and artifact review activities
FORTRESS IN THE NEWS
President Biden's $2.25 trillion infrastructure plan does not include any funds to protect critical infrastructure against cyberattacks, even as the threat grows against targets like the electric grid.
State of the Electric Utility 2021: Utilities’ cybersecurity approach shows cause for concern, experts say
Power companies are more focused than ever on cybersecurity, and experts say results of Utility Dive's 8th annual State of the Electric Utility (SEU) survey show an industry working to better secure the grid. But they also say the responses reveal...
President Biden on Wednesday announced a $2 trillion infrastructure plan, offering a broad range of spending targets – including fixing roads and bridges, planting a nationwide electric vehicle charging network, greening the power grid, and...
Get in touch
Want to find out how Fortress can solve problems specific to your business? Let’s connect.