NERC CIP

Secure privileged and remote access to the electric grid and utilities

For energy utilities, meeting NERC compliance for privileged accounts can be demanding due to the size and complexity of Industrial Control Systems. Adding to the challenge, version 5 of the standard expands the scope to include new elements and requirements around the use of privileged accounts in critical cyber entities.

With CyberArk, electric utilities can put the solutions in place to meet the NERC compliance for privileged access control, remote access management and access revocation.  In Industrial Control Systems (ICS), CyberArk Privileged Account Security protects both internal access as well as remote vendor access, allowing all parties to connect to target systems securely, without disclosing the privileged account credential and introducing new risks to the organization. The solution integrates with a range of systems, devices and applications in the organization, creating accountability, operational efficiency and a tamper-proof audit trail across the entire industrial control infrastructure.

Key Benefits:

• Achieve NERC CIP compliance by ensuring accountability for every use of privileged or shared accounts
• Secure remote access for external contractors with “over the shoulder” real-time session monitoring
• Record every privileged session for context-based playback
• Isolate privileged sessions from targeted and sophisticated attacks without exposing the privileged credential
• Secure privileged credentials and session recordings in a tamper-proof and patented Digital Vault
• Centrally enforce policies and access workflows which are flexible enough to meet diverse business processes
• Audit and track every privileged account and activity with built-in or customized reports