NERC Compliance Solutions


North American Electric Reliability Corporation (NERC) is a non-profit organization formed to promote the reliability of power lines and transmissions in the U.S. NERC issues a number of regulations for power generators and suppliers regarding the security and reliability of critical infrastructure. To comply with these requirements, expensive dedicated security software is often needed. NERC IT compliance requirements cover the identification of critical assets followed by risk assessment and monitoring.


Ekran System® is a user activity monitoring and access management solution that can be effectively used as part of a NERC compliance software suite, providing you with the ability to continuously monitor, control, and audit actions performed on critical assets based on Windows, Linux/Unix, macOS, and Citrix platforms. Ekran System offers a number of NERC compliance solutions including multi-factor authentication, secondary authentication for shared accounts, PAM solutions, a detailed report generating tool and forensic export.


Ekran System uses a flexible licensing scheme which makes meeting NERC requirements cost-effective.


Requirement CIP-003: Security Management Controls

Complete requirement text:


Ekran System can help you ensure the protection of critical cyber assetsby recording everything a user sees on the screen regardless of the applications or services used. This includes mouse movements in an advanced video format indexed with text log data including application names, names of active windows, URLs visited, keystrokes entered, etc. Every instance of access to critical data and every change made can be clearly viewed andassociated with the corresponding user.


An inbuilt set of tools for identity and access management helps build a reliable system of user identification, granular access permission management, temporary credentials management, and emergency access to critical digital assets.


Requirement CIP-004: Training and Personnel Security

Complete requirement text:


A secondary level of authentication allows you to control access to critical cyber assets. Every video recording is clearly associated with a specific user even if they used a shared administrator account. Ekran System can also issue a variety of different reports, allowing you to audit the use of critical assets according to your security policy.


Requirement 164.414 – Administrative Requirements and Burden of Proof

§ 164.414 Administrative requirements and burden of proof.


(a) Administrative requirements. A covered entity is required to comply with the administrative requirements of § 164.530(b), (d), (e), (g), (h), (i), and (j) with respect to the requirements of this subpart.


(b) Burden of proof. In the event of a use or disclosure in violation of subpart E, the covered entity or business associate, as applicable, shall have the burden of demonstrating that all notifications were made as required by this subpart or that the use or disclosure did not constitute a breach, as defined at § 164.402.


Apart from the wide range of user activity recording tools, Ekran System also includes a user messaging feature that allows custom messages to be delivered to users before the start of a session. Such messages may include notifications about monitoring and a set of security policies and restrictions applicable in the current situation. When receiving such a message, users have to explicitly confirm that they have read it to continue with the session.


Moreover, the platform includes a feature for automatically invoking user notification about potentially dangerous actions they are performing. Such notifications also require the user to acknowledge their actions.


The platform itself includes an internal activity log where all actions performed by specialists and administrators of Ekran System are recorded.


All session records in the platform can be exported in an independent forensic format for further investigations.


Ekran System is a reliable and flexible security solution that will help you meet NERC requirements at minimum cost.