FEATURED SOLUTION

CIP Foundations For Critical Infrastructure

From Your Ops-Friendly CIP-Compliance & Cyber Security Partner

Fortress brings agility to compliance & security with cost-effective solutions. Traditional challenges are overcome by leveraging technology, analytics and services to break down silos and create risk-based prioritization and workflow. Fortress specializes in helping critical infrastructure organizations navigate their digital transformation — using technology, analytics and services in ways that let our clients focus on the mission. We are a trusted partner to 10% of U.S. power generation.

Here is a closer look at our CIP Foundations Solution:

Program Review & Implementation

Program, Policy and Procedure Analysis & Development • Compliance Assessment & Audit Readiness

Total Managed Solution – Identification, Monitoring & Remediation

Third-Party / Vendor • Operational Technology (ICS, SCADA, PLC, IoT, etc.) • Information Technology • Patch, Vulnerability & Threat for OT & IT • Physical Security

The Unifying, Fortress Platform

Enables Visibility Across Existing Tools • Compliance & Efficiency through Prioritization & Workflow • Best-in-Class Data Discovery & Visualization

Applicability to the Energy Grid

Security Solutions Tailored to CIP Standards

Collaborating with large and small clients in Electrical Power Generation, Transmission and Distribution, Fortress designs security solutions that precisely map to their business and operational mission. Our fully-integrated and data-driven solution provides holistic visibility of emerging risks, so you have assured reliability and compliance with CIP standards by managing and automating risk reduction with the proper combination of processes, resources and technology.

Foundations

CIP 002—BES Cyber System Categorization

Identify and Certify BES Assets
Impact Ratings

CIP 003—Security Management Controls

Security Awareness
Physical
Electronic Access
CSIRT

CIP 004—Personnel & Training

Security Awareness
Identity Confirmation
Min. Access

Cyber Security Protection

CIP 005—Electronic Security Perimeter

Perimeter Isolation
Remote Access
Monitoring

CIP 007—System Security Management

Network Access
Patch Management
Malware Prevention
Event Monitoring
Access Control

CIP 010—Config. Change Mgmt. and Vuln. Assessments

Configuration Baseline
Change Monitoring
Vulnerability Assessments

Incident Response

CIP 008—Incident Reporting & Response Planning

Processes to Identify, Classify & Respond
Incident Response Group Roles

CIP 009—Recovery Plans for BES Cyber Systems

Conditions for Activation of Recovery Plans
Responder Responsibilities

Physical and Supply Chain

CIP 006—Physical Security BES Cyber Systems

Define Controls
Monitor access
Controls for Authorized, Unescorted Physical Access
Alert System

CIP 011—Information Protection

Identify BES Cyber System Information
Procedures to Protect Information Storage, Transit & Use

CIP 013—Supply Chain Risk Management

Vendor Risk Mgmt. Plans
Remote Access
Software Integrity
Known Vulnerabilities
Security Incidents & Exposures

CIP 014—Physical Security

Risk Assessments of Transmission Stations
Third Party Verification
Threats & Vulnerability Analysis

the approach

Methodology

Our CIP Compliance Solutions methodically combine industry-leading GRC, Supply Chain Risk and Vulnerability Management technology to capture, track, analyze and inform stakeholders about risks, program status, documentation and preparation for the audit process. Our subject matter experts specialize in critical infrastructure security, power grid operations, CIP compliance and more. When coupled with our threat and vulnerability analysts, we provide a deep bench of experts on hand to support your program.

Enabling Your Mission

Every customer is at a different point of their CIP compliance journey. Some are just starting, some have an existing program and some – based on registered entity role, size or criticality of infrastructure – may have different requirements. Regardless of where you are, Fortress has a solution.

Typically, we start with a Foundational approach that not only maps to what small utilities must address, but also provides a strong basis for any CIP Compliance program. As we mature the program, we may decide to slightly reorder things depending on where the biggest risks reside. We know there is no “one size fits all” approach and we take the time to learn your operation and tailor our approach to what you need. Additionally, our vendor-neutral Fortress Platform open architecture integrates with the security products you have already invested in. This ensures that your resources are used effectively and maximizes the return on your security dollar.

our expertise

Industrial Control Systems

FortressSecurity Architects are experts in Operational Technologies and understand that IT-centric strategies are doomed to fail in critical infrastructure scenarios like the electric power grid. Our highly-trained staff of in-house security practitioners, as well as an extensive network of contractors, ensure we always have the right resources for your program and can rapidly scale to meet surges in demand. Our unique staffing model ensures we provide dedicated teams for critical projects and guarantee our customers are top priority. Fortress leverages a combination of technology, analytics and services to deliver Consulting and Managed Services, which are supported by the proprietary Fortress Platform to deliver solutions for our customers.

industries

Unlike every other tools-centric cyber security vendor, Fortress has deep, combined expertise in both cyber security and your specific industry to provide solutions that specifically tie into your business processes. You can’t take a security posture without knowing the business — and that’s what we pride ourselves on. Fortress has developed best practices for Top-10 companies in finance, energy, oil & gas, manufacturing and healthcare.