FERC/NERC COMPLIANCE

 


What is FERC/NERC?

The NERC (North American Electric Reliability Corporation) is a self-regulatory body responsible for ensuring energy industry compliance with Critical Infrastructure Protection (CIP) standards. These rules require organizations that deliver bulk electricity to the North American electrical power grid to identify and protect critical cyber assets. FERC (Federal Energy Regulatory Commission) oversees the power industry, but gives NERC the responsibility for maintaining and complying with CIP standards.

 

Bulk power suppliers must define methods, processes, and procedures for securing critical cyber assets, as well as the non-critical cyber assets within the electronic security perimeter. "Cyber assets" are loosely defined as all "programmable electronic devices and communication networks including hardware, software, and data."


Basic rules on FERC/NERC compliance:

 
  • Continuously monitor electronic access to critical cyber assets
  • Create and maintain a cyber security policy
  • Maintain documentation of the security perimeter, all interconnected cyber assets, and all electronic access points
  • Identify and implement electronic access controls for access to critical cyber assets within the electronic security perimeter, maintain documentation of the electronic access controls, and update that documentation at least annually
  • Protect information associated with critical cyber assets, plus policies and practices used to keep them secure
  • Establish system management policies and procedures for configuring and securing critical cyber assets
  • Document electronic incident response actions, including roles and responsibilities assigned by individual or job function.

GTB’s Data Loss Prevention solutions provide comprehensive NERC CIP data loss prevention for any energy company, utility or independent system operator that must protect its valuable cyber assets. Advantages include:

 

Detection Accuracy:  GTB’s AccuMatch™ detection suite, recognized as having the highest accuracy in the industry . 

Monitor and prevent sensitive data usage – Network & Endpoint: GTB Technologies provides the ability to monitor and block data loss on ANY PROTOCOL (including email, IM, Web, Secure Web (HTTP over SSL), FTP, P2P, and generic TCP. Endpoint protection includes storage devices such as USB drives, CD/DVDs, etc. 

Internal controls: GTB Technologies allows organizations to demonstrate internal controls to comply with FERC/NERC requirements.  These requirements mandate the establishment, documentation, and maintenance of electronic access to critical cyber assets.

 


5 Essential Ingredients to a Data Loss Prevention System
GTB DLP Solution
Brochure


Follow GTB Tweets
11/17/2011
GTB's Latest Release Addresses Key Secuity Threats and Concerns
08/15/2011
GTB positioned as a Visionary Quadrant in the 2011 Gartner Magic Quadrant for Content-Aware Data Loss Prevention
07/06/2011
GTB Technologies Latest Release - a Game Changer
04/04/2011
GTB Technologies Expands Its Product Portfolio to Support Virtualized Data Centers & Cloud Service Models
03/07/2011
Donations of Data at Rest Scanners for HIPAA HITECH Compliance
01/11/2011
Frost & Sullivan DLP Innovation Product Award
11/01/2010
GTB Releases: The GTB SSL Proxy
09/27/2010
GTB Announces First Deployments' of DLP for Intellectual Property Protection

09/22/2010
GTB Announces Continued Momentum in International Markets
05/10/2010
Data Loss Prevention DLP Download

12/09/2009
GTB Announces the Availability of the latest release of GTB Content eDiscovery as well as a new Centralized Console
 

GTB Technologies, Inc.
5000 Birch St. Suite 3000
Newport Beach, CA 92660
Toll Free Number: (800) 507-9926
Telephone : (949) 783-3359
info@gttb.com


Interested in a Free 30 day "Content-Aware" DLP Download?  Click here
 
Copyright GTB Technologies Inc. A Data Loss Prevention Company 2009. All rights reserved.