Keeping our customers secure and compliant.
With more than 16,500 Common Vulnerabilities and Exposures (CVE) published in 2018, it’s clear why keeping up with patches and updates can be time-consuming and disruptive to organizations, not to mention the NERC CIP requirements for the electricity industry. Add in the risk of operational down time to your business based on always changing vulnerabilities and the ROI associated with patching an asset is easy to see.
FoxGuard offers a comprehensive, risk-based suite of Vulnerability and Patch Management Solutions to overcome weaknesses and vulnerabilities that could allow security breaches in critical infrastructure markets. Our Patch & Update Management Program (PUMP) was the result of a four year cooperative project with the Department of Energy.
FoxGuard has proven excellence in meeting NERC CIP compliance requirements by solving functional issues and security vulnerabilities. Our field experienced security experts have over one hundred and fifty years of patch management experience in OT and IT systems and plants. We understand the complexities of industrial control systems in critical infrastructure environments.
North American Electric Reliability Corporation Critical infrastructure Protection is focused on preparedness and responsiveness for electric utility system assets that are part of the bulk electric system (BES). FoxGuard Solutions has over 10 years of experience working with electric utilities to support, create efficiencies, and improve quality of NERC CIP programs. These programs have been proven through successful audits in all six of the electric reliability regions dating back to 2016 version 6 audit cycles. FoxGuard specializes in patching of BES high and medium systems, software integrity, and software authenticity. FoxGuard Solutions years of experience can enable a more streamlined approach to meeting NERC CIP requirements a few of our most popular programs are listed below.
- NERC CIP-007-6 R2.1 – 35 Day Patch Availability
- NERC CIP-007-6 R2.2 – Security Patch Evaluation
- NERC CIP-007-6 R2.3 – Patch Deployment
- NERC CIP-010-3 R1.6 – Configuration Change Management and Vulnerability Assessments
- NERC CIP-013-1 – Supply Chain Risk Management
In today’s digital age, many critical energy-related operations take place in cyberspace. In 10 CFR 73.54, the Nuclear Regulatory Commission (NRC) requires nuclear utilities to take measures to protect operational technology and information technology assets from cyber attacks. To support uniform implementation of these cybersecurity measures, the NRC endorsed the NEI 08-09, NEI 13-10 and NEI 10-04 guidance. These cybersecurity measures, however, are constantly evolving based on the ever-changing nature of cyber threats and the evolving regulatory frameworks that drive enhanced cyber protection.
FoxGuard Solutions / Framatome team is highly experienced in all facets of 10 CFR 73.54, NEI 08-09, NEI 13-10 and NEI 10-04, can help nuclear utilities keep up with the evolving cybersecurity regulatory requirements. Since 2012, our team has been supporting utilities worldwide in the development and implementation of cybersecurity programs. Our cybersecurity experience in the US Nuclear industry includes supporting more than 12 utilities, 20 plants and 33 units with all facets of their cybersecurity program. The scope of our support services include Program Assessment, Critical Digital Asset (CDA) Assessments, Vulnerability Assessments, Program Implementation, Procurement Support, Plant Modifications, Regulatory Support, Procedure and Policy Development, and Full Program Implementation.
The National Institute of Standards and Technology (NIST) Special Publication 800-171 focuses on safeguarding Controlled Unclassified Information (CUI) within nonfederal information systems and organizations, with a focus on the confidentiality arena of the CIA Triad. Examples of CUI include controlled procurement and acquisition, and technical information. A complete listing of CUI categories can be found in the National Archives CUI Registry (https://www.archives.gov/cui/registry/category-list).
FoxGuard provides solutions that are “Built for Security” and built in a secure environment!
NIST SP 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations – contains a catalog of controls for agencies to use to develop security policies and processes for its organization and its information systems. The document is a key component of NIST’s Risk Management Framework (RMF) and the Federal Information Security Management Act of 2002 (FISMA). The controls are designed to be tailored to parameters applicable to the organization and each specific system that stores, processes, or transmits Federal information, in order to protect the Confidentiality, Integrity, and Availability (CIA) of the information.
Soon to be included as a requirement in DoD contracts and subcontracts, this emerging program has been designed to enhance the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in the DoD supply chain. The program utilizes five levels of cybersecurity maturity, ranging from “Basic Cybersecurity Hygiene” to “Advanced/Progressive”. Requirements from various standards and regulations, including FAR 52.204-21, DFARS 252.204-7012, ISO 27001:2013, CSF (Cybersecurity Framework), CIS Controls, CERT-RMM, and others, are combined to address “Cybersecurity Oversight as Part of a Contractor’s Purchasing System Review”, the subject of an early 2019 memo from the Under Secretary of Defense (Acquisition and Sustainment).