NERC Compliance Solutions
North American Electric Reliability Corporation (NERC) is a non-profit organization formed to promote reliability of power lines and transmissions in the U.S. NERC issues a number of regulations for power generators and suppliers regarding the security and reliability of critical infrastructure. To comply with these requirements, expensive dedicated security software is often needed. NERC IT compliance requirements cover the identification of critical assets followed by risk assessment and monitoring.
Ekran System is a user monitoring solution that can be effectively used as part of a NERC compliance software suite, providing you with the ability to continuously monitor, control, and audit actions performed on critical assets based on Windows, Linux / Unix, and Citrix platforms. Ekran System offers a number of NERC compliance solutions including secondary authentication for shared accounts, a detailed report generating tool and forensic export.
Ekran System uses a per-Client licensing scheme which makes meeting NERC requirements cost-effective.
Requirement CIP-003: Security Management Controls
Complete requirement text:
Ekran System can help you ensure the protection of critical cyber assets. It records everything a user sees on the screen regardless of applications or services used. This includes mouse movements in an advanced video format indexed with text log data including application names, names of active windows, visited URLs, entered keystrokes, etc. Every instance of access to critical data and every change made can be clearly viewed and tied to the corresponding user. A secondary level of authentication will also help you provide better access control by allowing you to distinguish shared account users.
Requirement CIP-004: Training and Personnel Security
Complete requirement text:
Secondary level of authentication will allow you to control access to critical cyber assets. Every video recording is clearly identified with a specific user even if he or she used a shared administrator account. Ekran System can also issue a variety of different reports, allowing you to audit the proper use of critical cyber assets.
Requirement 164.414 – Administrative Requirements and Burden of Proof
§ 164.414 Administrative requirements and burden of proof.
(a) Administrative requirements. A covered entity is required to comply with the administrative requirements of § 164.530(b), (d), (e), (g), (h), (i), and (j) with respect to the requirements of this subpart.
(b) Burden of proof. In the event of a use or disclosure in violation of subpart E, the covered entity or business associate, as applicable, shall have the burden of demonstrating that all notifications were made as required by this subpart or that the use or disclosure did not constitute a breach, as defined at § 164.402.
Additional authentication and session recording will provide undisputable proof of certain user actions. Ekran System also feature internal user monitoring tool that will log every action taken by the user of Ekran System administration components.
Ekran System is a reliable and flexible security solution that will help you meet NERC requirements at minimum cost.