In the last year, change management has been one of the top challenges customers want to solve. The problem is complex, and integration is essential to producing a sustainable solution. There are multiple drivers behind the challenge. First of all, there must a compliant change management process that produces supporting evidence. For high-impact changes, security controls must be validated and supporting evidence produced. Then, there are baselines, which is the number one area where companies seem to struggle. Baselines are often their own discussion. Maintaining baselines with the supporting evidence to meet the NERC CIP standards is no simple task. The main complication starts with the need to have an approved baseline for each cyber asset or BES cyber system. These approved baselines must also have supporting evidence that shows proper rigor has been applied in the approval process—that means human beings have to look at the baselines, so that each line item can be justified and approved. Compounding the challenge is the need to also show provisioned baselines. Provisioned baseline data must come from the cyber assets or systems themselves. Once the approved and provisioned baseline data has been captured, a comparison must be performed to ensure no unapproved baseline line items exist in the critical infrastructure. If that’s not complicated enough, baselines must also be monitored on a regular basis and all changes to baselines must go through the compliant change process. Fortunately, SigmaFlow and Tripwire have done a great job of automating a lot of the heavy lifting behind this challenge, and that is very good news for the electric industry. If you would like to know more about how SigmaFlow and Tripwire have worked together to solve this challenge, please join us for an informative webinar on this powerful combination on Friday, February 12th at 11:30 AM Central Time. For more information and to register for the webinar, visit the following link: SigmaFlow’s Integration with Tripwire | Solving NERC CIP Compliance
About the Author: Terry Schurter, VP of NERC Solutions at SigmaFlow, has won multiple awards for controls engineering, software development, and thought leadership. He is a noted expert on process analysis and improvement, winning the Global Thought Leadership award from the BPM Group in 2009 and served as the Research Director for Process with Bloor Research. Mr. Schurter was cofounder of the xFactory Manufacturing Execution System and has developed and delivered process improvement training to companies globally. He is a published author/ co-author of multiple books, including Technologies for Government Transformation, Customer Expectation Management, and the Insiders’ Guide to BPM with Peter Fingar. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock
Achieving Resilience with NERC CIP
Explore the critical role of cybersecurity in protecting national Bulk Electric Systems. Tripwire's NERC CIP Solution Suite offers advanced tools for continuous monitoring and automation solutions, ensuring compliance with evolving standards and enhancing overall security resilience.
