In our last blog, we discussed one of the less technical (but still critical) benefits of an automated workflow solution: how to create a culture of compliance. Today, we’ll go in a more tactical direction: how SigmaFlow enhances your NERC compliance capabilities with integrated baseline validation.
Many utilities use a solution like our partner Tripwire to collect the “as provisioned” ports and services data on their systems and cyber assets. This provisioned data monitoring provides clear visibility into the state of your infrastructure – what ports are open, what services are on them, what software patches are installed etc. Solutions like Tripwire streamline the process of creating and managing your baseline, but on their own, don’t facilitate the ability to take action on the data.
That’s where SigmaFlow comes in. Through our integrations with Tripwire and similar systems, SigmaFlow provides a real-time solution for both monitoring your cyber asset baseline and automatically reacting to changes. Working together, SigmaFlow and your cyber asset monitoring system can seamlessly compare your current state with your approved baseline, then quickly and efficiently mitigate any discrepancies or changes while collecting (or generating) the necessary evidence (more about how SigmaFlow and Tripwire work together on compliance evidence here.)
In traditional siloed systems, you may be able to report on your baseline and see that things don’t match, but you must implement processes manually to fix it. That’s not a big deal if it’s just one change, but quickly becomes overwhelming at scale. In an organization with numerous assets – hundreds of assets and hundreds of people with access rights, for instance – a deviation from the approved baseline may result in the need to manually open 100 change tickets. The issues with time, resource management, efficiency, and accuracy here are obvious. If just one of those tickets gets missed or mishandled, you’re out of compliance. (Learn more about the difference between approved and provisioned data.)
SigmaFlow’s integrated provisioned data for baseline validation enables you to react to changes identified in monitoring reports and kick off NERC policies based on data – not manual processes. The system monitors reports to look for baseline variations and automatically addresses them when they’re found. For each variation that requires attention, SigmaFlow initiates a configuration change request ticket, updates the baseline, and/or creates a mitigation plan. That plan may involve immediate changes that can be pre-approved or dictate what needs to happen moving forward to address the issue. As a result, you always know if you are in compliance or if there are mismatches between approved and provisioned data that need further attention (more on how SigmaFlow and Tripwire address data validation here.)
In addition to integrations with cyber asset monitoring systems like Tripwire and Industrial Defender, SigmaFlow also offers database and file server integrations. If you have custom PowerShell scripts for collecting data, for example, SigmaFlow can receive that data to perform the same type of baseline validations described above. This may apply even if you rely on a tool like Tripwire for the majority of your monitoring, such as the use of custom scripts to access assets in secure areas that can’t be reached by a cyber asset monitoring system.
Integrated baseline validation from SigmaFlow and its partners like Tripwire help you save time and reduce the resources required to manage your NERC compliance program. Learn more about the integration between the Tripwire NERC Solution Suite and SigmaFlow’s NERC CIP Compliance Manager:
SigmaFlow is a leading provider of Process Execution solutions. The company’s NERC Compliance Solution is a real-time, evidentiary based software solution that solves the challenges of CIP & 693 Compliance. The SigmaFlow Compliance Solution manages all documents, data, and work activities while automatically collecting and building the evidence for NERC compliance in a real-time repository. SigmaFlow products place a strong emphasis on embedding domain knowledge through a process-driven template-based-architecture. Contact us at firstname.lastname@example.org to learn more.