Tripwire, Inc., a leading global provider of advanced threat, security and compliance management solutions, and SigmaFlow, a leading provider of compliance process execution solutions for NERC Critical Infrastructure Protection (CIP) and 693 compliance management, today announced a technology partnership and solution integration. The collaboration is part of the Tripwire NERC Alliance Network program that has been designed to foster collaboration on critical infrastructure compliance and security solutions that help companies efficiently and effectively achieve NERC CIP compliance.
The integration between the Tripwire NERC Solution Suite and SigmaFlow provides mutual electric utility and renewable energy customers with automated software solutions that drastically reduce the time and resources required to manage NERC compliance and collect comprehensive audit evidence.
The integration brings a consistent approach to the management and maintenance of secure configurations across a wide range of devices, including ICS, SCADA, Microsoft Windows and Windows servers. SigmaFlow’s Closed-Loop Controls Framework™ collects data from the Tripwire® Enterprise solution and then verifies actual practices against policy. Evidence is automatically produced and associated to various NERC compliance standards to ensure an audit-ready state.
“We’re pleased to have SigmaFlow join the NERC Alliance Network,” said Jeff Simon, director of service solutions at Tripwire. “SigmaFlow’s technology integrated with Tripwire’s NERC Solution Suite provides our energy customers with a more comprehensive and efficient solution for achieving and demonstrating NERC CIP Compliance.”
Energy organizations are required to gather, analyze, prioritize and document an overwhelming amount of vulnerability and network data in order to protect their most critical assets and meet compliance requirements. The integration of Tripwire's NERC Solution Suite and SigmaFlow’s Compliance Manager provides customers with a single process that enables continuous monitoring of system changes and rapidly captures detailed status information across an extensive variety of critical cyber assets, from computer systems and network devices to badge entry systems and SCADA devices.
The alliance between Tripwire and SigmaFlow provides utilities with the ability to validate the following controls:
- Logical and physical access rights.
- Security controls.
These controls cover:
- Ports and services.
- Local accounts.
- Password rules.
- Malware status.
- Antivirus status.
- Security patches.
- Log forwarding settings.
- SNMP community strings.
In addition to compliance management, SigmaFlow’s solution provides critical compliance information through real-time dashboards and extensive reporting to help utilities maintain a continuous state of audit readiness.
“The alliance between SigmaFlow and Tripwire solves the top challenges in NERC CIP compliance,” said Terry Schurter, vice president of NERC Solutions at SigmaFlow. “With this offering, utilities no longer have to struggle to ensure that provisioned and approved access rights match, that security control testing is documented, or that baselines are maintained and enforced – the solution does it for them. The result is improved cybersecurity and compliance at a significantly reduced operational cost.”