Tufin Orchestration Suite Addresses the Security Compliance Needs of NERC CIP V5

By CIOReview | Friday, December 11, 2015

MORRISTOWN, NJ: To become compliant with North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standard Version 5 is not an easy task, because of the complexity of establishing compliance requirements and the Operational Technology (OT)/Information Technology (IT) issues. Also, it is difficult to understand the particular roles and required actions for compliance with V5, reports Richard Jones for intelligent utility.

However, Tufin, provider of Security Policy Orchestration solutions, has managed to address the network security compliance needs of NERC CIP V5 with its Tufin Orchestration Suite. The new Tufin’s Suite, which was launched in mid-October, will become mandatory for NERC CIP V5 from April 1, 2016.

NERC CIP V5 is a set of sophisticated requirements that demand cyber security tools to achieve inflexible compliance objectives for complex power grid networks.

“According to a recent University of Cambridge report, a cyber-attack on the North American power grid ‘could cause between $243 billion to more than $1 trillion in economic damage.’ Tufin not only understands the necessity of NERC CIP V5, but also the pain points that our customers in this industry face when transitioning to and implementing these new cyber security standards. The Tufin Orchestration Suite meets this critical need for network security, automation and continuous compliance by providing the essential tools for a smooth transition to and compliance with NERC CIP V5,” says Reuven Harrison, CTO of Tufin.  

The Tufin Orchestration Suite enables Bulk Electric System (BES) covered units that is fully network compliant with NERC CIP. It delivers visibility and central management of all organizational security policies via a single platform that eases the alignment of Cyber Assets, BES Cyber Systems and Impact Ratings; Application-driven automation and network security change management; and Continuous compliance in physical, virtual and hybrid environments.

In addition, it empowers power companies by providing Enhanced security change process with built-in documentation, auditing and reporting, as well as holding to internal and external regulatory compliances; Rule base clean-up, reporting, auditing and provisioning applied to not only serve day-to-day network management, but also help adhere to NERC CIP compliance. The Orchestration Suite also saves money with network security change management and reduces implementation time and the probability of human error.