How CimTrak Helps with NERC-CIP
Secure, Meet, & Maintain NERC-CIP Compliance.
HUNDREDS OF HOURS ELIMINATED
CimTrak's reporting can take the number of hours organizations spend renewing deviations from a manual process by more than half.
CONTINUOUS COMPLIANCE
Managing configuration and changes from a trusted baseline, CimTrak can automatically restore or deny and prevent changes from happening via a closed-loop change control process.
COMPLETE PERIMETER PROTECTION
Monitor your NERC-CIP environment. Don't let unauthorized access occur with your routers, firewalls, and network devices.
Savings At A Glance
CimTrak has helped organizations save hours (and dollars) in meeting NERC-CIP Compliance.
We've experienced massive growth with efficiency in terms of how we're managing our systems and much desirable cost-savings, both in terms of "people time" and of what we have to invest in the licensing for our software. — Tacoma Power
CimTrak's System Integrity Assurance Platform
- CISA or a DISA STIG benchmark support and integration.
- Real-Time change monitoring and detection to identify all changes within the environment.
- Collection and storage of forensic evidence and detail for every change, including the source IP, user, time, and process.
- Reconciliation and curation between observed changes against authorized/approved changes.
- Categorization (i.e. whitelist/allowlist and blacklist/deny list) of changes as good, bad, or unknown.
- Alerting for unknown changes that require human intervention.
- Prevention of disallowed changes to critical assets.
- Rollback and remediation (A.K.A. ‘self-healing’ or resiliency) of disallowed changes to other asset groups.
- Baseline updates to include new file hashes and configurations categorized as good.
- Embedded ticketing functionality to enable workflow automation and control or integration with traditional ITSM tools
- Integrates with a wide variety of Security Information Event Management (SIEM) technologies
NERC-CIP-007 - Ports Services Inventory/Monitoring
CimTrak easily allows for all system ports and services be documented and any change to their status to be detected, alerted, and reported on. This not only greatly simplifies proving compliance with NERC-CIP-007 but also allows for fast action should a critical port or services status change in an unexpected manner.
NERC-CIP-008 - Incident Reporting & Response Planning
CimTrak has the capability to dynamically baseline and restore configurations when it detects changes (unauthorized) to the baseline. Any unauthorized modifications of any of these resources are tracked and can be used to roll-back or leveraged to alert on security incidents affecting integrity events. Events can also be sent to a SIEM as well as an ITSM platform to manage the process of classifying and approving changes.
NERC-CIP-009 - Cybersecurity/Recovery Plans for BES Cyber-Systems
CimTrak can function as a point backup solution by storing incremental baselines of files and configurations as they change. Imperative to NERC-CIP 009, you have the ability to re-deploy any previous baseline - at any time - to recover from malicious or accidental changes.
NERC-CIP-010 - Configuration Change Management
NERC-CIP standards provide a framework to identify and protect critical infrastructure assets. A key tenet to this framework is ensuring system integrity. As in any critical environment, security controls are put in place to minimize unauthorized access and changes that can have a negative effect on operations.
With CimTrak’s fully integrated ticketing functionality, baseline changes can be planned, allowing other baseline deviations to quickly surface. This allows fast response to configuration changes that are unintended and potentially malicious. Additionally, the CimTrak Ticketing Module also assures compliance with CIP-010-2 Part 1.2, which requires utilities to “authorize and document changes that deviate from the existing baseline configuration,” by giving users the ability to both control exactly which changes are promoted and allowing those changes to be documented directly in the solution.
