Tripwire, Inc. has announced the integration of Tripwire IP360 into their NERC Solution Suite version 2.0, a powerful combination of customized tools and services designed to help utilities automate, achieve and maintain compliance with all approved versions of North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP).
The NERC CIP is a set of requirements designed to secure the assets required for operating North America's bulk electrical system (BES). The recently updated plan consists of 10 standards and 32 requirements that cover the security of electronic perimeters, the protection of critical cyber assets, security management, personnel training and disaster recovery planning. Organizations with NERC CIP compliance violations can be fined up to $1 million per day, and over the past four years, NERC CIP fines have totaled more than $150 million.
Achieving and maintaining compliance with new versions of NERC CIP requires continuous monitoring of critical assets as well as periodic collection of detailed audit evidence. The steps necessary to pass NERC CIP audits can be extremely time consuming, are often done manually and can be error-prone. New requirements in NERC CIP version 5 include security configuration change management, vulnerability management for BES Cyber Assets, and information protection, making the compliance process for BES organizations even more complex.
The NERC Solution Suite combines Tripwire Enterprise, Tripwire IP360 and Tripwire Log Center, award-winning security configuration management, vulnerability management and incident detection solutions. The solution also includes specialized intelligence including policy rules, correlation rules, tools, templates, customized reports and dashboards derived through work with over 100 NERC Registered Entities and the NERC Regional Auditor community. Together with customized services from NERC-experienced consultants, the NERC Solution Suite dramatically reduces the time and resources required to pass NERC CIP audits and minimize audit findings.
Key features include:
- Auto-discovery of all BES Cyber Assets, including hardware and software to ensure all critical assets are protected.
- Continuous monitoring that rapidly detects detailed status information across a wide range of critical cyber assets, from computer systems and network devices to SCADA and other industrial control systems to identify early indications of breach activity.
- Whitelisting capability for monitoring ports, services, software versions, and local user credentials.
- Audit-ready reports and dashboards that deliver evidence of compliance conveniently grouped by CIP requirement.
“The expanded coverage of all approved CIP requirements in the new version of the Tripwire NERC Solution Suite enhances our customers’ ability to improve power generation and transmission reliability by automating the audit process,” said Jeff Simon, director of service solutions at Tripwire. “Our extensive NERC-specific reports and dashboards in combination with our deep domain expertise help us deliver customized solutions for clients working toward CIP versions three and five compliance as well as stronger cybersecurity.”
