Press Releases

AlgoSec Automates NERC CIP Compliance For The Bulk Electric Systems of North America

Automated NERC CIP Compliance Reports in AlgoSec Firewall Analyzer Lower the Cost of Compliance, Improve Security of Critical Cyber Assets

March 09, 2010

Reston, VA  – AlgoSec®, the leading provider of firewall operations and security risk management solutions, today announced that it has incorporated another layer of compliance reporting into its AlgoSec Firewall Analyzer® with the addition of automated compliance reporting for the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards.

The AlgoSec NERC CIP Compliance Report addresses two major areas: documenting and controlling changes to firewall rules and controlling risk affected by firewall rules. It is offered as part of the award-winning AlgoSec Firewall Analyzer, a firewall operations and security risk management solution that provides automated, non-intrusive firewall, router and VPN audit and analysis.

Tasked with ensuring the reliability of the North American bulk power system, NERC created the CIP Reliability Standards to provide Registered Entities with clear guidance for minimizing vulnerabilities. By June 30, 2010, all Registered Entities must be capable of demonstrating “Auditable [CIP] Compliance” across eight categories of controls for securing critical cyber

assets of which the majority are directly tied to firewall operations.

The technical requirements for CIP compliance as they pertain to firewall operations are multifaceted, time-consuming, expensive and potentially risky operations without advanced processes. Considering this level of complexity and the approaching compliance deadline, AlgoSec has created the AlgoSec NERC CIP Compliance Report to provide Registered Entities with a solution that automates key requirements for CIP firewall auditing and documentation processes.

“Threats to the North American bulk power system are very real and the firewall represents the front line of cyber defense,” said Avishai Wool, CTO and co-founder of AlgoSec. “While terrorist plots and hacks against national utility IT networks are what make the headlines, threats come in a number of forms and can often be self-inflicted by improper and inefficient firewall operations – that’s where a solution like the AlgoSec Firewall Analyzer and its NERC CIP Compliance Reports come in. Remember, meeting compliance for compliance sake is not the point, it’s about protecting the cyber assets that carry power to the homes and businesses of North America.”

Intelligent automation technology in the AlgoSec NERC CIP Compliance Report enables Registered Entities to quickly and cost-effectively surmount the operational hurdles of manually implementing and managing firewall rule changes. It also provides cost-saving opportunities in the rule-change workflow by: eliminating unnecessary work associated with unneeded rule changes; utilizing intelligent decision-support algorithms to automate audits, perform what-if compliance checks, create detailed work orders, and match tickets to audit discovery results; and, streamlining the flow of information between team members by creating a results history for documentation and CIP audit readiness.

Simplifying CIP documentation by automatically aggregating data from all the firewalls and other security devices deployed by a Registered Entity, the AlgoSec NERC CIP Compliance Report eliminates the time traditionally needed for auditors to manually cross-check multiple reports and data elements. Automation of firewall audits also provides instant, real-time snapshots of CIP compliance for all firewalls operated by a Registered Entity.

The AlgoSec NERC CIP Compliance Report presents compliance data in summary form, providing the ability to drill down into data for individual devices, ports and rules to enable accurate, rapid remediation for non-compliant findings. On-demand access to deeper-layer data is also useful for answering pointed questions from auditors about specific firewall rules and their effect on critical cyber assets.

The AlgoSec NERC CIP Compliance Report will be available in the next release of AlgoSec Firewall Analyzer planned for Q2 2010. A white paper detailing the AlgoSec NERC CIP Compliance Report can be found at More information on AlgoSec’s firewall operations and security risk management solutions as well as its compliance tools can be found online Guidelines for CIP compliance are specified in the NERC Compliance Monitoring and Enforcement Program: 2010 Implementation Plan.

Choose a better way to manage your network