Compliance

Keeping our customers secure and compliant.

compliance solutions.

With more than 16,500 Common Vulnerabilities and Exposures (CVE) published in 2018, it’s clear why keeping up with patches and updates can be time-consuming and disruptive to organizations, not to mention the NERC CIP requirements for the electricity industry. Add in the risk of operational down time to your business based on always changing vulnerabilities and the ROI associated with patching an asset is easy to see.

FoxGuard offers a comprehensive, risk-based suite of Vulnerability and Patch Management Solutions to overcome weaknesses and vulnerabilities that could allow security breaches in critical infrastructure markets. Our Patch & Update Management Program (PUMP) was the result of a four year cooperative project with the Department of Energy.

 NERC CIP  NERC CIP-007, CIP-010, CIP-013

FoxGuard has proven excellence in meeting NERC CIP compliance requirements by solving functional issues and security vulnerabilities. Our field experienced security experts have over one hundred and fifty years of patch management experience in OT and IT systems and plants. We understand the complexities of industrial control systems in critical infrastructure environments.

North American Electric Reliability Corporation Critical infrastructure Protection is focused on preparedness and responsiveness for electric utility system assets that are part of the bulk electric system (BES). FoxGuard Solutions has over 10 years of experience working with electric utilities to support, create efficiencies, and improve quality of NERC CIP programs. These programs have been proven through successful audits in all six of the electric reliability regions dating back to 2016 version 6 audit cycles. FoxGuard specializes in patching of BES high and medium systems, software integrity, and software authenticity. FoxGuard Solutions years of experience can enable a more streamlined approach to meeting NERC CIP requirements a few of our most popular programs are listed below.

  • NERC CIP-007-6 R2.1 – 35 Day Patch Availability
  • NERC CIP-007-6 R2.2 – Security Patch Evaluation
  • NERC CIP-007-6 R2.3 – Patch Deployment
  • NERC CIP-010-3 R1.6 – Configuration Change Management and Vulnerability Assessments
  • NERC CIP-013-1 – Supply Chain Risk Management

 NUCLEAR COMPLIANCE  NEI 08-09, NEI 13-10 and NEI 10-09 guidance

In today’s digital age, many critical energy-related operations take place in cyberspace. In 10 CFR 73.54, the Nuclear Regulatory Commission (NRC) requires nuclear utilities to take measures to protect operational technology and information technology assets from cyber attacks. To support uniform implementation of these cybersecurity measures, the NRC endorsed the NEI 08-09, NEI 13-10 and NEI 10-09 guidance. These cybersecurity measures, however, are constantly evolving based on the ever-changing nature of cyber threats and the evolving regulatory frameworks that drive enhanced cyber protection.

FoxGuard Solutions / Framatome team is highly experienced in all facets of 10 CFR 73.54, NEI 08-09, NEI 13-10 and NEI 10-09, can help nuclear utilities keep up with the evolving cybersecurity regulatory requirements. Since 2012, our team has been supporting utilities worldwide in the development and implementation of cybersecurity programs. Our cybersecurity experience in the US Nuclear industry includes supporting more than 12 utilities, 20 plants and 33 units with all facets of their cybersecurity program. The scope of our support services include Program Assessment, Critical Digital Asset (CDA) Assessments, Vulnerability Assessments, Program Implementation, Procurement Support, Plant Modifications, Regulatory Support, Procedure and Policy Development, and Full Program Implementation.

 NIST 800-53  RISK MANAGEMENT FRAMEWORK (RMF) CONTROLS

NIST SP 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations – contains a catalog of controls for agencies to use to develop security policies and processes for its organization and its information systems. The document is a key component of NIST’s Risk Management Framework (RMF) and the Federal Information Security Management Act of 2002 (FISMA). The controls are designed to be tailored to parameters applicable to the organization and each specific system that stores, processes, or transmits Federal information, in order to protect the Confidentiality, Integrity, and Availability (CIA) of the information.

The policies and procedures must reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. The policies can be included as part of the general information security policy for organization or, conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. Procedures should address the security program in general, and for particular information systems, if needed.

FoxGuard’s information security policies and procedures adhere to applicable requirements in the following control families found in NIST SP 800-53:

  • Access Control
  • Awareness & Training
  • Audit & Accountability
  • Security Assessment & Authorization
  • Configuration Management
  • Contingency Planning
  • Identification & Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Physical & Environmental Protection
  • Planning
  • Personnel Security
  • Risk Assessment
  • System & Services Acquisition
  • System & Communications Protection
  • System & Information Integrity
  • Program Management

 NIST 800-171  MANAGEMENT OF CONTROLLED, UNCLASSIFIED INFORMATION (CUI) – NIST SP 800-171

NIST SP 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations – contains a catalog of controls for agencies to use to develop security policies and processes for its organization and its information systems. The document is a key component of NIST’s Risk Management Framework (RMF) and the Federal Information Security Management Act of 2002 (FISMA). The controls are designed to be tailored to parameters applicable to the organization and each specific system that stores, processes, or transmits Federal information, in order to protect the Confidentiality, Integrity, and Availability (CIA) of the information.

The policies and procedures must reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. The policies can be included as part of the general information security policy for organization or, conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. Procedures should address the security program in general, and for particular information systems, if needed.

FoxGuard’s information security policies and procedures adhere to applicable requirements in the following control families found in NIST SP 800-53:

  • Access Control
  • Audit & Accountability
  • Awareness & Training
  • Configuration Manangement
  • Identification & Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Physical Protection
  • Personnel Security
  • Risk Assessment
  • Security Assessment
  • System & Communications Protection
  • System & Information Integrity

Additionally, FoxGuard is following the development of RMF 2.0, which integrates privacy management controls, enhances its focus on secure supply chain management, highlights preparation steps for implementing the original six RMF steps, and maps RMF requirements with NIST’s Cybersecurity  Framework (CSF).

FoxGuard provides solutions that are “Built for Security” and built in a secure environment!

We like to eat cookies.

This site uses cookies to ensure
the best user experience. 

Thank you for visiting our site.

About Cookies  |  Privacy Policy

Thank you for visiting our site!