You’ve heard that SigmaFlow and Tripwire can be used together to solve NERC CIP compliance, but you may be wondering how they work together.
If that’s the case, then you’ve come to the right place! This week on the SigmaFlow Blog, we’re diving into this compelling NERC CIP compliance combination.
First, let’s talk about SigmaFlow and Tripwire in their respective spaces.
SigmaFlow provides a NERC CIP solution designed to collect and manage all evidence for NERC CIP reporting, and includes a comprehensive work management platform with preconfigured workflows to support the CIP standards.
Tripwire provides a cyber security and regulatory compliance solution that connects to and manages cyber assets, and includes the ability to report on baselines, validate security controls, and extract events from cyber asset logs to demonstrate compliance.
The two solutions are synergistic, with little to no overlap. However, when used together, they offer a unique value for solving NERC CIP compliance.
For a given audit, there will often be several thousand evidence documents that a utility must provide in order to prove compliance. The SigmaFlow solution serves as the evidence repository for all NERC CIP evidence, which may be internally generated in SigmaFlow, uploaded by people, or may come from Tripwire or other systems of record.
The data and reports that Tripwire is capable of generating covers the majority of what is commonly referred to as provisioned data, including provisioned data for baselines (ports and services, patches, software, and local accounts) and security controls. Provisioned data is drawn directly from the cyber assets, and can be very difficult to access. However, it is an extremely important part of NERC CIP compliance.
Read the next article in this series: SigmaFlow & Tripwire for NERC CIP Compliance: Approved Versus Provisioned Data.
You may also be interested in the recording of our recent webinar: