NERC Compliance Featured Article

If you have anything at all to do with NERC compliance, you know that a) we’re not talking about the National Environmental Respiratory Center, although no doubt complying with whatever they cook up would be advisable, and b) it’s getting more and more complex.

The North American Electric Reliability Corporation has actually been around since The Beatles released The White Album, founded as a means of “ensuring the reliability of the bulk power system in North America,” according to NERC’s website, with the mission of developing and enforcing reliability standards and conducting adequacy assessments annually, “via a 10-year forecast and winter and summer forecasts.”

But back in 2007, the U.S. Federal Energy Regulatory Commission gave NERC (News - Alert) legal authority not only to devise mandatory standards for the field, but also to enforce reliability standards on users, owners, and operators in the United States and parts of Canada. Boom. Now you have to pay attention to NERC compliance.

One thing that makes NERC compliance so tricky these days, according to AlertEnterprise officials, is “the combination of IT Security for cyber critical assets, the creation of electronic security perimeters and tracking physical access to critical assets for employees and contractors.”

To that end, then, AlertEnterprise is offering the NERC CIP Compliance Solution, which is designed as a way for security, risk and compliance tasks to be handled – not only to pick up on problems, but to “remediate them in real-time,” as the company explains, giving administrators the ability “to remove physical access to systems and facilities with a single click,” or choose other options under their Active Policy Enforcement.

The benefits of using the product are listed by AlertEnterprise officials, and include having an end to end solution offering total compliance management for NERC-CIP, interactive mapping of critical assets and cyber assets to IT security controls and physical access controls, getting risk modeling showing compliance violations, control system risks, IT security gaps and other physical access risks as well as “automated remediation,” the ability to find and squash security incidents “with or without human intervention,” among other benefits

AlertEnterprise uses a dashboard-based approach for tackling NERC CIP compliance, incorporating all the important controls and security protocols to automate compliance. This then has the overall effect of enhancing security while ensuring compliance, company officials say, “by expanding to cover critical assets, security management, controls, personnel and training, electronic security perimeter, physical security of CAs, system security management, incident response management and recovery planning.”

The list of capabilities the product delivers include: the ability to discover and identify assets and associated criticality, provide visual modeling of risks related to critical assets, aggregate technical controls from security automation tools, detect application security risks from the likes of ERP systems, HR applications and financial systems, as well as the ability to assimilate and reconcile penetration test reports, physical security logs and IT security logs, among other functions.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO East 2012, happening now Jan. 31-Feb. 3 2012, in Miami, FL. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.

Stay in touch with everything happening at ITEXPO. Follow us on Twitter.

Connect with us: