FEATURED SOLUTION

CIP Foundations For Critical Infrastructure

From Your Ops-Friendly CIP-Compliance & Cyber Security Partner

NERC Foundations Solution 1

Fortress brings agility to compliance & security with cost-effective solutions. Traditional challenges are overcome by leveraging technology, analytics and services to break down silos and create risk-based prioritization and workflow. Fortress specializes in helping critical infrastructure organizations navigate their digital transformation — using technology, analytics and services in ways that let our clients focus on the mission. We are a trusted partner to 10% of U.S. power generation.

Here is a closer look at our CIP Foundations Solution:

Program Review & Implementation

Program, Policy and Procedure Analysis & Development • Compliance Assessment & Audit Readiness

Total Managed Solution – Identification, Monitoring & Remediation

Third-Party / Vendor  Operational Technology (ICS, SCADA, PLC, IoT, etc.)  Information Technology  Patch, Vulnerability & Threat for OT & IT • Physical Security

The Unifying, Fortress Platform

Enables Visibility Across Existing Tools  Compliance & Efficiency through Prioritization & Workflow • Best-in-Class Data Discovery & Visualization

Applicability to the Energy Grid

Security Solutions Tailored to CIP Standards

Collaborating with large and small clients in Electrical Power Generation, Transmission and Distribution, Fortress designs security solutions that precisely map to their business and operational mission. Our fully-integrated and data-driven solution provides holistic visibility of emerging risks, so you have assured reliability and compliance with CIP standards by managing and automating risk reduction with the proper combination of processes, resources and technology.

Foundations

CIP 002—BES Cyber System Categorization

  • Identify and Certify BES Assets
  • Impact Ratings

CIP 003—Security Management Controls

  • Security Awareness
  • Physical
  • Electronic Access
  • CSIRT

CIP 004—Personnel & Training

  • Security Awareness
  • Identity Confirmation
  • Min. Access

Cyber Security Protection

CIP 005—Electronic Security Perimeter

  • Perimeter Isolation
  • Remote Access
  • Monitoring

CIP 007—System Security Management

  • Network Access
  • Patch Management
  • Malware Prevention
  • Event Monitoring
  • Access Control

CIP 010—Config. Change Mgmt. and Vuln. Assessments

  • Configuration Baseline
  • Change Monitoring
  • Vulnerability Assessments

Incident Response

CIP 008—Incident Reporting & Response Planning

  • Processes to Identify, Classify & Respond
  • Incident Response Group Roles

CIP 009—Recovery Plans for BES Cyber Systems

  • Conditions for Activation of Recovery Plans
  • Responder Responsibilities

Physical and Supply Chain

CIP 006—Physical Security BES Cyber Systems

  • Define Controls
  • Monitor access
  • Controls for Authorized, Unescorted Physical Access
  • Alert System

CIP 011—Information Protection

  • Identify BES Cyber System Information
  • Procedures to Protect Information Storage, Transit & Use

CIP 013—Supply Chain Risk Management

  • Vendor Risk Mgmt. Plans
  • Remote Access
  • Software Integrity
  • Known Vulnerabilities
  • Security Incidents & Exposures

CIP 014—Physical Security

  • Risk Assessments of Transmission Stations
  • Third Party Verification
  • Threats & Vulnerability Analysis

the approach

NERC Foundations Solution 2

Methodology

Our CIP Compliance Solutions methodically combine industry-leading GRC, Supply Chain Risk and Vulnerability Management technology to capture, track, analyze and inform stakeholders about risks, program status, documentation and preparation for the audit process. Our subject matter experts specialize in critical infrastructure security, power grid operations, CIP compliance and more. When coupled with our threat and vulnerability analysts, we provide a deep bench of experts on hand to support your program.

Enabling Your Mission

Every customer is at a different point of their CIP compliance journey. Some are just starting, some have an existing program and some – based on registered entity role, size or criticality of infrastructure – may have different requirements. Regardless of where you are, Fortress has a solution.

Typically, we start with a Foundational approach that not only maps to what small utilities must address, but also provides a strong basis for any CIP Compliance program. As we mature the program, we may decide to slightly reorder things depending on where the biggest risks reside. We know there is no “one size fits all” approach and we take the time to learn your operation and tailor our approach to what you need. Additionally, our vendor-neutral Fortress Platform open architecture integrates with the security products you have already invested in. This ensures that your resources are used effectively and maximizes the return on your security dollar.

our expertise

NERC Foundations Solution 3

Industrial Control Systems

FortressSecurity Architects are experts in Operational Technologies and understand that IT-centric strategies are doomed to fail in critical infrastructure scenarios like the electric power grid. Our highly-trained staff of in-house security practitioners, as well as an extensive network of contractors, ensure we always have the right resources for your program and can rapidly scale to meet surges in demand. Our unique staffing model ensures we provide dedicated teams for critical projects and guarantee our customers are top priority. Fortress leverages a combination of technology, analytics and services to deliver Consulting and Managed Services, which are supported by the proprietary Fortress Platform to deliver solutions for our customers.

industries

Unlike every other tools-centric cyber security vendor, Fortress has deep, combined expertise in both cyber security and your specific industry to provide solutions that specifically tie into your business processes. You can’t take a security posture without knowing the business — and that’s what we pride ourselves on. Fortress has developed best practices for Top-10 companies in finance, energy, oil & gas, manufacturing and healthcare.

NERC Foundations Solution 4
Utilities
NERC Foundations Solution 5
Transportation
NERC Foundations Solution 6
Healthcare
NERC Foundations Solution 7
Finance
NERC Foundations Solution 8
Energy
NERC Foundations Solution 9
Additional Industries
NERC Foundations Solution 12

NERC Foundations Solution 13 NERC Foundations Solution 14 NERC Foundations Solution 15

189 S. Orange Avenue, Ste 1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2020. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

DOWNLOAD THE FULL

THREAT INTELLIGENCE REPORT

ORACLE LINUX 7 REPOSITORIES INFECTED WITH “HTML.EXPLOIT.C99-24” EXPLOIT

DOWNLOAD THE FULL

THREAT INTELLIGENCE REPORT

ZOOM VIDEO CONFERENCING AND COMMUNICATIONS

THREAT INTELLIGENCE REPORT

Windows CryptoAPI Vulnerability

White Paper

Asset to Vendor Network for Power Utilities

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

No, thanks!

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS