Federal: FERC/NERC

Federal Energy Regulatory Commission (FERC) / North American Electric Reliability Corporation (NERC)

NERC is a self-regulatory body charged with ensuring industry compliance with Critical Infrastructure Protection (CIP) standards that require organizations that deliver bulk electricity to the North American electrical grid to identify and protect critical cyber assets. FERC oversees the power industry, but gives to NERC the responsibility for maintaining and complying with CIP.
Download FERC/NERC datasheet

Key facts and data security requirements you should know

Responsible entities must define methods, processes, and procedures for securing those systems determined to be critical cyber assets, as well as the non-critical cyber assets within the electronic security perimeter. "Cyber assets" are loosely defined as all "programmable electronic devices and communication networks including hardware, software, and data."
To comply, organizations must:
- Create and maintain a cyber security policy
- Maintain documentation of the security perimeter, all interconnected cyber assets, and all electronic access points
- Identify and implement electronic access controls for access to critical cyber assets within the electronic security perimeter, maintain documentation of the electronic access controls, and update it at least annually
- Continuously monitor electronic access to critical cyber assets
- Protect information associated with critical cyber assets, plus policies and practices used to keep them secure
- Establish system management policies and procedures for configuring and securing critical cyber assets
- Define and document electronic incident response actions, including roles and responsibilities assigned by individual or job function.

^ back to top

Proven data loss prevention for NERC CIP

Vontu solutions enable energy and utility companies and independent system operators to demonstrate compliance with NERC CIP.
A large regional electric utility company wanted to position itself as the data security leader in its industry by developing and enforcing policies and processes to minimize the risk of confidential data loss. The company selected the entire Vontu suite after a Vontu Risk Assessment revealed company IP as well as sensitive customer and employee data exiting the network. The utility can now discover unsecured sensitive customer, employee, or company data across its enterprise and move it to protected file shares. It can also prevent confidential strategic or financial documents from being transmitted through unsecured channels. This helps the company not only demonstrate compliance with NERC CIP standards, but also identify business processes that create risk and implement alternative practices for employees, enabling it to project itself as the leader in data security among energy companies.

Vontu solutions enable energy and utility companies and independent system operators to demonstrate compliance with NERC CIP.

A large regional electric utility company wanted to position itself as the data security leader in its industry by developing and enforcing policies and processes to minimize the risk of confidential data loss. The company selected the entire Vontu suite after a Vontu Risk Assessment revealed company IP as well as sensitive customer and employee data exiting the network. The utility can now discover unsecured sensitive customer, employee, or company data across its enterprise and move it to protected file shares. It can also prevent confidential strategic or financial documents from being transmitted through unsecured channels. This helps the company not only demonstrate compliance with NERC CIP standards, but also identify business processes that create risk and implement alternative practices for employees, enabling it to project itself as the leader in data security among energy companies.

^ back to top

How Vontu solutions demonstrate compliance with FERC/NERC CIP Standards

Vontu solutions provide comprehensive NERC CIP data loss prevention for any energy company, utility, or independent system operator that must protect its valuable cyber assets. Advantages include:

Pre-defined NERC policy template with Vontu's TrueMatch™ detection suite for the highest accuracy in the industry
Discover and protect confidential data exposed on file servers, databases, Microsoft SharePoint®, Lotus Notes®, Documentum®, LiveLink®, web servers, Microsoft Exchange®, and other data repositories
Monitor and prevent confidential data loss on the network including email, IM, Web, Secure Web (HTTP over SSL), FTP, P2P, and generic TCP
Discover confidential data stored on the endpoint, such as desktops and laptops, and prevent this data from being inappropriately used, sent out, or copied to storage devices such as USB drives, CD/DVDs, or iPods
Demonstrate internal controls: Vontu enables organizations to demonstrate internal controls to comply with NERC CIP requirements that mandate the establishment, documentation, and maintenance of electronic access to critical cyber assets
Role-based access control: Vontu's Role-Based Access Control enables business units and departments to review and remediate only those NERC CIP incidents relevant to their role and privileges.

^ back to top

Related Resources

Prudential Financial case study

"Vontu DLP protects our corporate email and helps us identify and actively address potential exposures."Peter Kuzmiskas
System Technology Specialist,
Prudential Financial

Download case study