Compliance

Industrial Cybersecurity Compliance

With a suite of built-in industrial cybersecurity compliance reports, Industrial Defender ASM® eliminates certain laborious manual tasks of data collection and report generation.

Comprehensive configuration change management is essential for an efficient and effective compliance program. A truly sound solution for automation systems management must comprehend and manipulate automation system configuration data such as asset identification data, installed software, patch levels, ports, and services, users, and so forth. Also, because a security breach would most likely involve modifications to configuration data, the solution must also compare actual configuration data to a configuration standard or baseline, and then issue an alert when discrepancies or exceptions exist.

The configuration functions support detailed search, analysis, and reporting of the available configuration data by various comparative groupings and for individual assets. Configuration data is also historized (scanned repeatedly over time) to enable change management reporting. A key feature that enables rapid identification of configuration changes that could indicate or warn of security or compliance issues is baselining. When an asset is on-boarded into ASM, it follows a workflow including input, review, and approval as it passes through several stages. Once promoted, the asset’s configuration data becomes authoritative data and becomes a Configuration Baseline. It can then be automatically compared with the actual configuration data collected from other assets by the agents and ASA. The results of the comparison can be presented in a report or displayed in the ASM UI for fast configuration exception identification and response.

With a suite of built-in compliance reports, the Industrial Defender ASM® eliminates certain laborious manual tasks of data collection and report generation. The reporting application allows you to configure report subscriptions for non-privileged users, allowing them to receive reports via email, server share, and SharePoint, enabling the delivery of current information to those who need it the most.

Learn how the largest wind power generator in North America saved $3 million in compliance-driven upgrade costs.
Read White Paper
Learn why Industrial Defender ASM® has become the de facto tool for compliance monitoring for utilities.
Read White Paper

Policy Management

Policy management features automate the enforcement of compliance across your control systems asset base. As a vendor-agnostic solution, policies can be easily created and applied to multiple asset types, saving time, cost, and reducing duplication of effort. In addition to user-created policies, Industrial Defender ASM® includes standard policies for NERC-CIP v3 and v5, Nuclear Energy Institute (NEI) 08-09 cybersecurity standards, and NIST SP 800-82.
Establish compliance and management – Create security
policies and governance standards that cover multiple assets quickly and easily.
Create sustainable compliance programs – Construct a program for NERC-CIP, NIST SP 800-53, ISO 27000, NIS Directive, CIS 20 Compliance and CFATS that is easily sustainable.
Improve visibility to risk – Uncover insufficient policy adherence and potential security and compliance gaps.
Protect against known malware – Check baseline software patch levels for protection via proactive policy rules.
Be audit ready – Link policies to applicable regulations as evidence of compliance in case of audit.

Compliance Reporting

Compliance report management features eliminate the laborious manual task of data collection and report generation, providing a suite of standard reports, including NERC-CIP V3 and V5 reporting packages and a wide range of reports encompassing assets, configuration, firewalls, policy, software and patches, and users. Report subscriptions can be configured for non-privileged users, allowing them to receive reports via many alternative methods, ensuring the delivery of the most current information to those who need it most.
NERC-CIP V3 and V5 compliant documentation – Cover all key elements of your NERC-CIP audit need, with over 40+ NERC-CIP reports, including asset baseline vs. actual and user access reports.
Document network controls – Compare changes to ports and services on each asset across your environment, by time interval.
Validate software revision and license inventory baseline – Control cost and understand patch levels for internal audits.
Document user access controls – Comply with NERC-CIP and NIST SP 800-82 via password policy.
Document user account management – Detail asset access controls and failed logins attempts.