Any company which has been or is subject to the NERC CIP Standards knows the volume of resources needed for effective path management. It can be difficult to track releases of security patches from approved sources every 35 calendar days, evaluate the applicability of the patches, test the patches prior to application within the production environment, and to apply or mitigate the patches within the specified time-frame within the established configuration change management procedures.
This is followed up by the necessary updating of the baselines and baseline monitoring system to ensure ongoing compliance. Please note that the majority of successful network intrusions normally take advantage of un-patched vulnerabilities.
CRSI’s industry experts can alleviate this burden by managing the patching process for you. CRSI has experience addressing many of the pitfalls in this procedure and can help with any part of the patch management process, from monitoring lists to efficiently using configuration change management procedures. We can even help with self-report mitigation plans. CRSI can effectively monitor for patch releases from product vendors and notify clients of applicable security patches.Read More
The CRSI team’s ability to guide testing procedures allows for minimal testing to determine whether or not a security patch should be applied. CRSI can write mitigation plans for entities which specify adequate methods to mitigate the risk in a manner that provides compensating measures while meeting the intentions of NERC mitigation strategies.
If there is any question to the status of your patch program, let CRSI evaluate your process and current patch progress. This will either provide assurance of a strong program and offer additional process improvement recommendations or will clearly indicate the trouble areas and provide suggestions which will help you correct the discovered issues. Once completed, you will have a clear path to improve your existing program and make either a weak program into a strong program or make a strong program even stronger.
CRSI strategically partnered with more than 250 electric utilities in the last five (5) years for their NERC CIP Compliance Solutions. To find out more about how to create your Security Compliance Roadmap, call us today to schedule a free, no obligation consultation.