Symantec Corp. has announced a comprehensive IT compliance solution to help electric utility firms comply with the North American Electric Reliability Council’s Critical Infrastructure Protection (NERC CIP) standards. The NERC CIP solution combines consulting services, strategic compliance architecture, and automated policy management technologies to help assure the safe configuration and operation of information systems underpinning the electric utility industry.
Designed to maintain the integrity of North America’s interconnected electrical systems, NERC CIP standards establish minimum requirements for cyber security programs protecting electric control and transmission functions. NERC recommends utilities undergo comprehensive asset and risk assessments from unbiased, third-party experts, as the first step in the NERC CIP compliance process. Symantec Consulting Services is helping organizations understand their current state of readiness through its NERC CIP Readiness Assessment services.
During each assessment, Symantec consultants determine a customer’s initial compliance posture based on NERC CIP standards, information security disciplines, electric utilities’ operations, and leading vendors’ control system products. Symantec then provides a detailed view of current measures toward compliance, identifies compliance gaps and best practices for fully meeting each standard, and provides prioritized recommendations for efficiently achieving full compliance in a timely manner.
Comparing existing security policies with NERC CIP standards, gathering required compliance documentation, and reporting on compliance levels across distributed energy networks are necessary compliance management functions, and frequently labor and capital intensive tasks. Symantec solutions are available to reduce the complexity of compliance management and accurately maintain auditable records. These technologies and services support organization efforts to lower compliance costs by automating the assessment of enterprise security policies against industry regulations and best practices. Additionally, these solutions fulfill organizational and regulatory requirements by generating proof-of-compliance documentation. These reports communicate current levels of compliance and trending during external and internal auditing, and guide implementation of management controls through integration with both Symantec and third-party infrastructure assessment software.
To increase the value of these policy management products for electric utility enterprises, Symantec is scheduled to make add-on NERC CIP compliance modules available for its existing toolset. The new modules will permit electric utilities to perform thorough compliance checks against NERC CIP standards, in addition to other regulatory and internal policy frameworks.
