As discussed in the previous article, SigmaFlow manages and demonstrates compliance for approvals, while Tripwire collects and reports on what has actually been implemented (provisioned). The next challenge is validation.
A mismatch between approved and provisioned data is a compliance concern that can easily qualify as compliance nonconformance. This requires that the approved and provisioned evidence not only be collected, but validated as well.
SigmaFlow provides API integration to Tripwire so that the provisioned data that Tripwire collects can be pulled by the SigmaFlow solution as actual data, not just a report. This facilitates the validation of approved versus provisioned evidence in SigmaFlow, and the solution is designed to do so automatically. The result is that the utility always knows if they are in compliance or if there are mismatches between approved and provisioned data that need further attention.
The other advantage of this approach comes from the retention and access to history. The Tripwire solution is primarily focused on what is happening now – not what happened the week, month or year prior. SigmaFlow is designed to provide easy access to all history, giving utilities the ability to report on baselines and access rights for any given date or date range in the past. This is particularly important during an audit when the compliance evidence being reviewed covers multiple years.
When the complementary SigmaFlow and Tripwire solutions are used together, they offer a uniquely compelling solution for NERC CIP Compliance. SigmaFlow’s focus on comprehensive evidence management for all CIP Standards in addition to the work management platform for all CIP Requirements makes it the most comprehensive NERC CIP Compliance solution available today. The capabilities of Tripwire to access and report on provisioned data from the cyber assets themselves fill an important gap that is often overlooked in compliance approaches.
SigmaFlow’s integration to Tripwire maximizes the value and leverages automation to ensure that all provisioned data is properly collected, stored and validated.
For more information on SigmaFlow’s integration with Tripwire:
- Download the technical datasheet – SigmaFlow and Tripwire | Solving NERC CIP Compliance
- Watch the recording of our recent webinar: SigmaFlow’s Integration with Tripwire: Solving NERC CIP Compliance
- Visit the SigmaFlow & Tripwire web portal for additional resources