A PRACTICAL GUIDE – ENERGY SECTOR ASSET MANAGEMENT
Over the past several months, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has been working on a cybersecurity project involving asset management to help energy utilities and the oil the gas industry develop an automated solution to better manage their industrial control system (ICS) assets.
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE has just released draft practice guide NIST Special Publication 1800-23, Energy Sector Asset Management.
This project explores methods for managing, monitoring, and baselining assets and includes information to help identify threats to these OT assets. Both standards and best practices were used to develop reference designs leveraging commercially available technologies. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.
FoxGuard Solutions provides a Patch and Update Management Program (PUMP), which has the capability to produce Patch Availability and Patch Vulnerability reports that have been represented in this Guide. The technology and reporting can stand alone or integrate with other available products to help solve the need that NCCoE and NIST have identified in the Energy Sector. *
To complete this guide, the NCCoE collaborated with other technology vendors, including Dragos, Forescout, KORE Wireless Group, Splunk, TDi Technologies, and Tripwire.*
The NCCoE believes the guide helps meet a critical cybersecurity and economic need, but we want to hear from you. Please share your thoughts on this step-by-step guide to enhance it. Download the draft guide and provide your feedback on the NCCoE comment page. The public comment period closes on November 25, 2019.
*While the example implementation uses certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.
WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.
If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.