Fortress Information Security Launches Foundations Program for NERC CIP Compliance Targeting Utilities Seeking to Build or Expand their Compliance Operations
February 6, 2019
Fortress Information Security, Inc (Fortress) announces the launch of the Foundations Program specifically designed to assist utilities of all sizes needing to address compliance with NERC Critical Infrastructure Protection (CIP) standards. Fortress’ Foundations Program provides these utilities with a step-by-step pathway for achieving NERC CIP compliance beginning with Bulk Electric System (BES) cyber security classification (CIP 002), security management controls (CIP 003) and all the way through the newly issued supply chain requirements (CIP 13). The Fortress Foundations Program not only maps what utilities must address at the beginning of their compliance activities, but also helps utilities achieve compliance with specific modules of the NERC CIP standards. Fortress CIP compliance programs — such as its downstream cybersecurity protection, incident response and supply chain risk management solutions — are tailored to suit client organizations’ requirements.
Peter Kassabov, Fortress’ Chairman and Co-Founder, stated that, “Operators of small and mid-size utilities often lack the requisite knowledge or training to navigate the NERC CIP landscape. Many power plants and energy facilities lack the specialized know-how to effectively mitigate, identify and repel a cyberattack, which means there is a need for a comprehensive solution that fills the security gaps for each plant. Our Foundations Program presents the ideal starting point for new registrant entities or for entities currently in various stages of the process, ensuring the safeguarding of compliance with NERC CIP standards.”
Alex Santos, Fortress’ CEO and Co-Founder added, “Effective CIP compliance requires a combination of technology, analytics and people; and, that is a challenge for registrants. Fortress’ Foundations Program is a total solution comprised of the technology, analytics and people you need to be secure and compliant. We deliver the solution with greater speed and expertise than most registrants can do on their own.”
The Fortress Foundations Program usually begins with a NERC gap analysis followed by identification and certification of BES assets, followed by implementation of security management controls oversight of both physical and electronic access. Lastly, protocols are addressed for risk assessment, training and security awareness of personnel including contractors and vendors.
About Fortress Information Security
Fortress Information Security is a security risk intelligence company redefining traditional risk management. We are one of the first security companies to seamlessly bundle innovative technology, risk analytics and service delivery into a single solution. We target industries that comprise our country’s critical infrastructure and partner with companies with highly-regulated, global and distributed networks.