e-DMZ Security has announced its Total Privileged Access Management suite helps utility and other energy enterprises meet compliance with The North American Electric Reliability Corp. Critical Infrastructure Protection reliability standards mandated by the Federal Energy Regulatory Commission to address privileged access security concerns. The NERC CIP standards are designed to help ensure that the bulk electric system in North America is reliable, adequate and secure.

The NERC CIP standard has eight sections from CIP-002 through CIP-009, which provide a cyber security framework for the identification and protection of critical cyber assets to support reliable operation of the bulk electric system. Of these CIP sections, TPAM offers a strong compliance solution to meet several specific items that can be found in CIP-005 (Electronic Security Perimeter(s)) and CIP-007 (Systems Security Management).

  • Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. TPAM offers a range of features to support compliance with section (CIP005/R2) Electronic Access Controls and (CIP005/R3) Monitoring Electronic Access. These features include: Session Proxy, Session Monitoring, Session Recording, Session Playback, Dual Access Authorization Controls, Extensive Audit, Reporting and Alerting.
  • Standard CIP-007 requires responsible entities to define methods, processes and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets with the Electronic Security Perimeter(s). TPAM offers a range of features to support compliance with section (CIP007/R2) Ports and Services and (CIP007/R5) Account Management. These features include: Life-cycle management of shared/system/generic accounts from storage, release controls and change controls; as well as dual (or more) password release authorization controls, Role and Policy driven account access, configurable password construction rules, full audit, reporting, alerting and more.

e-DMZ Security’s TPAM suite is a robust collection of integrated and modular technologies designed specifically to meet the complex and growing security and compliance requirements associated with privileged identity management and privileged access controls within the enterprise including NERC CIP. The focus of TPAM is to provide the enterprise a cost-effective modular platform from which they can enable various privilege control functions as required based on current or future privileged access control requirements.