How CimTrak Helps with NERC-CIP
Secure, Meet, & Maintain NERC-CIP Compliance.
HUNDREDS OF HOURS ELIMINATED
CimTrak's reporting can take the number of hours organizations spend renewing deviations from a manual process by more than half.
CONTINUOUS COMPLIANCE
Managing configuration and changes from a trusted baseline, CimTrak can automatically restore or deny and prevent changes from happening via a closed-loop change control process.
COMPLETE PERIMETER PROTECTION
Monitor your NERC-CIP environment. Don't let unauthorized access occur with your routers, firewalls, and network devices.
CimTrak's System Integrity Assurance Platform
- CISA or a DISA STIG benchmark support and integration.
- Real-Time change monitoring and detection to identify all changes within the environment.
- Collection and storage of forensic evidence and detail for every change, including the source IP, user, time, and process.
- Reconciliation and curation between observed changes against authorized/approved changes.
- Categorization (i.e. whitelist/allowlist and blacklist/deny list) of changes as good, bad, or unknown.
- Alerting for unknown changes that require human intervention.
- Prevention of disallowed changes to critical assets.
- Rollback and remediation (A.K.A. ‘self-healing’ or resiliency) of disallowed changes to other asset groups.
- Baseline updates to include new file hashes and configurations categorized as good.
- Embedded ticketing functionality to enable workflow automation and control or integration with traditional ITSM tools
- Integrates with a wide variety of Security Information Event Management (SIEM) technologies
NERC-CIP-007 - Ports Services Inventory/Monitoring
CimTrak easily allows for all system ports and services be documented and any change to their status to be detected, alerted, and reported on. This not only greatly simplifies proving compliance with NERC-CIP-007 but also allows for fast action should a critical port or services status change in an unexpected manner.
NERC-CIP-008 - Incident Reporting & Response Planning
CimTrak has the capability to dynamically baseline and restore configurations when it detects changes (unauthorized) to the baseline. Any unauthorized modifications of any of these resources are tracked and can be used to roll back or leveraged to alert security incidents affecting integrity events. Events can also be sent to a SIEM as well as an ITSM platform to manage the process of classifying and approving changes.
NERC-CIP-009 - Cybersecurity/Recovery Plans for BES Cyber-Systems
CimTrak can function as a point backup solution by storing incremental baselines of files and configurations as they change. Imperative to NERC-CIP 009, you have the ability to re-deploy any previous baseline - at any time - to recover from malicious or accidental changes.
NERC-CIP-010 - Configuration Change Management
NERC-CIP standards aim to protect critical infrastructure assets by implementing security controls to prevent unauthorized access and disruptions to operations.
With CimTrak’s integrated ticketing feature, planned baseline changes can quickly reveal other baseline deviations, allowing for a rapid response to unintended and potentially malicious configuration changes. The CimTrak Ticketing Module also ensures compliance with CIP-010-2 Part 1.2, requiring utilities to authorize and document changes that deviate from the existing baseline configuration. Users can control which changes are promoted and document them directly in the solution.