NERC CIP
Protect Critical Electrical Infrastructure with Continuous Monitoring
The ongoing growth of cyber threats continues to pose risk to our nation’s critical infrastructure. Electrical utility companies must take special steps to protect themselves – specifically, complying with the standards of the NERC CIP (North American Electric Reliability Corporation critical infrastructure protection). NERC CIP requirements address the physical security and cybersecurity of North America’s electric grid to ensure the reliability of our power system.
Tenable helps utility providers ensure the safety and security of BES (Bulk Electrical System) Cyber Systems and other assets by continuously monitoring their enterprise and SCADA networks for vulnerabilities, threats, and issues in compliance and security.
Tenable helps utility companies meet and maintain NERC CIP compliance with proven products that include Nessus®, the world’s most widely deployed vulnerability scanner, and SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health.
Solutions to Maintain NERC CIP Compliance
- Audit operating systems, network devices and applications for vulnerabilities in environments subject to NERC CIP requirements
- Perform specific vulnerability checks on control systems such as Telvent, Siemens and more
- Perform configuration audits of operating systems and applications specifically used in control systems, such as OSIsoft PI, ABB Ranger and more.
Through Nessus, utilities can access
-
Utilities can use the Nessus Network Monitor (formerly Passive Vulnerability Scanner® or PVS™), utilities can observe any IP-based control system network and monitor changes, discover assets and assess vulnerabilities without affecting network performance.
-
With the Log Correlation Engine® (LCE®), utilities can gather NetFlow data, system logs, employee logins, intrusion detection events, file integrity information, privilege escalation and more across enterprise networks and control system devices for aggregation, correlation, analysis and forensics.