FEATURED SOLUTION
CIP Foundations For Critical Infrastructure
From Your Ops-Friendly CIP-Compliance & Cyber Security Partner
Fortress brings agility to compliance & security with cost-effective solutions. Traditional challenges are overcome by leveraging technology, analytics and services to break down silos and create risk-based prioritization and workflow. Fortress specializes in helping critical infrastructure organizations navigate their digital transformation — using technology, analytics and services in ways that let our clients focus on the mission. We are a trusted partner to 10% of U.S. power generation.
Here is a closer look at our CIP Foundations Solution:
Program Review & Implementation
Program, Policy and Procedure Analysis & Development • Compliance Assessment & Audit Readiness
Total Managed Solution – Identification, Monitoring & Remediation
Third-Party / Vendor • Operational Technology (ICS, SCADA, PLC, IoT, etc.) • Information Technology • Patch, Vulnerability & Threat for OT & IT • Physical Security
The Unifying, Fortress Platform
Enables Visibility Across Existing Tools • Compliance & Efficiency through Prioritization & Workflow • Best-in-Class Data Discovery & Visualization
Applicability to the Energy Grid
Security Solutions Tailored to CIP Standards
Collaborating with large and small clients in Electrical Power Generation, Transmission and Distribution, Fortress designs security solutions that precisely map to their business and operational mission. Our fully-integrated and data-driven solution provides holistic visibility of emerging risks, so you have assured reliability and compliance with CIP standards by managing and automating risk reduction with the proper combination of processes, resources and technology.
Foundations
CIP 002—BES Cyber System Categorization
- Identify and Certify BES Assets
- Impact Ratings
CIP 003—Security Management Controls
- Security Awareness
- Physical
- Electronic Access
- CSIRT
CIP 004—Personnel & Training
- Security Awareness
- Identity Confirmation
- Min. Access
Cyber Security Protection
CIP 005—Electronic Security Perimeter
- Perimeter Isolation
- Remote Access
- Monitoring
CIP 007—System Security Management
- Network Access
- Patch Management
- Malware Prevention
- Event Monitoring
- Access Control
CIP 010—Config. Change Mgmt. and Vuln. Assessments
- Configuration Baseline
- Change Monitoring
- Vulnerability Assessments
Incident Response
CIP 008—Incident Reporting & Response Planning
- Processes to Identify, Classify & Respond
- Incident Response Group Roles
CIP 009—Recovery Plans for BES Cyber Systems
- Conditions for Activation of Recovery Plans
- Responder Responsibilities
Physical and Supply Chain
CIP 006—Physical Security BES Cyber Systems
- Define Controls
- Monitor access
- Controls for Authorized, Unescorted Physical Access
- Alert System
CIP 011—Information Protection
- Identify BES Cyber System Information
- Procedures to Protect Information Storage, Transit & Use
CIP 013—Supply Chain Risk Management
- Vendor Risk Mgmt. Plans
- Remote Access
- Software Integrity
- Known Vulnerabilities
- Security Incidents & Exposures
CIP 014—Physical Security
- Risk Assessments of Transmission Stations
- Third Party Verification
- Threats & Vulnerability Analysis
the approach

Methodology
Our CIP Compliance Solutions methodically combine industry-leading GRC, Supply Chain Risk and Vulnerability Management technology to capture, track, analyze and inform stakeholders about risks, program status, documentation and preparation for the audit process. Our subject matter experts specialize in critical infrastructure security, power grid operations, CIP compliance and more. When coupled with our threat and vulnerability analysts, we provide a deep bench of experts on hand to support your program.
Enabling Your Mission
Every customer is at a different point of their CIP compliance journey. Some are just starting, some have an existing program and some – based on registered entity role, size or criticality of infrastructure – may have different requirements. Regardless of where you are, Fortress has a solution.
Typically, we start with a Foundational approach that not only maps to what small utilities must address, but also provides a strong basis for any CIP Compliance program. As we mature the program, we may decide to slightly reorder things depending on where the biggest risks reside. We know there is no “one size fits all” approach and we take the time to learn your operation and tailor our approach to what you need. Additionally, our vendor-neutral Fortress Platform open architecture integrates with the security products you have already invested in. This ensures that your resources are used effectively and maximizes the return on your security dollar.
our expertise

Industrial Control Systems
FortressSecurity Architects are experts in Operational Technologies and understand that IT-centric strategies are doomed to fail in critical infrastructure scenarios like the electric power grid. Our highly-trained staff of in-house security practitioners, as well as an extensive network of contractors, ensure we always have the right resources for your program and can rapidly scale to meet surges in demand. Our unique staffing model ensures we provide dedicated teams for critical projects and guarantee our customers are top priority. Fortress leverages a combination of technology, analytics and services to deliver Consulting and Managed Services, which are supported by the proprietary Fortress Platform to deliver solutions for our customers.
industries
Unlike every other tools-centric cyber security vendor, Fortress has deep, combined expertise in both cyber security and your specific industry to provide solutions that specifically tie into your business processes. You can’t take a security posture without knowing the business — and that’s what we pride ourselves on. Fortress has developed best practices for Top-10 companies in finance, energy, oil & gas, manufacturing and healthcare.
189 S. Orange Avenue, Ste 1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com
COPYRIGHT © 2020. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY