SecurityMatters is now part of Forescout
SecurityMatters is now part of 

Stay up to date, subscribe to our blog.

published on November 9, 2018

Top 3 Ways ICS Patrol™ Streamlines NERC CIP Compliance

As SecurityMatters designs and develops new product features, we always strive to further simplify compliance with all NERC CIP requirements which pertain to threat detection, operational awareness and ICS cybersecurity. With the release of ICS Patrol™, our optional selective scanning module, we’ve proven our commitment to innovation and operational excellence.

With ICS Patrol™, customers are now able to achieve a deeper level of visibility not accessible with passive monitoring alone. With the optional ICS Patrol™ module, asset owners can access a host of new tools that help manage compliance with the evolving NERC CIP requirements. Below are just a few of the NERC CIP requirements that ICS Patrol™ helps manage:


1. User Activity - Access Management Program

CIP-004-6 R4.2 and CIP-004 R4.3
Requirement (CIP-004-6 R4.2):
Verify individuals with active electronic access or unescorted physical access have authorization records at least once each calendar quarter.
How ICS Patrol™ Helps:
While SilentDefense provides strong capabilities for identifying users who have logged in using cleartext protocols, ICS Patrol™ allows organizations to document when any user has logged into a Windows system.
Requirement (CIP-004 R4.3):
Verify that all electronic access of all user accounts, user account groups, or user role categories are legitimately assigned to the appropriate responsible entity.


2. System Information – Security Patch Management

CIP-007-6 R2.1
Track, support and manage patching processes for evaluating and installing cybersecurity patches for applicable assets at a minimum of every 35 calendar days. Tracking must include the identification of sources responsible for the release of patches and the applicable cyber assets that are updatable, and for which patching sources exist. This process must be documented into a mitigation plan that specifies planned actions of identified patches and timeframe to complete identified mitigations.
How ICS Patrol™ Helps:
Patch levels are not always communicated across the network. The ability to query which patches have been applied and documenting when they were applied provides important documentation when compliance with regulatory standards is audited.

Many NERC CIP requirements mandate documentation to prove that an organization has been compliant not only at a single point in time, but also that they have been compliant throughout the audit period. The ability to easily generate documentation of compliance through regularly scheduled queries assists with the mitigation plan reporting process and enforcement of policy.


3. Configuration Change Management

CIP-010-2 R2.1
Monitor at least once every 35 calendar days for changes to the baseline configuration, including operating system versions, software installed, and security patches applied. This includes defining processes, procedures and templates for the development and maintenance of baseline configurations.
How ICS Patrol™ Helps:
Queries can be made to document that an asset matches the baseline, or "Golden Image" configuration and to identify when variations exist. While this can be done manually, it’s very time-intensive and subjects the process to human error. The ability to automatically identify these changes using ICS Patrol™ will save organizations time and money by verifying both the configurations and ensuring auditable documentation exists.


ICS Patrol™ is yet another advancement that offers more visibility, control and choice to our customers. Streamlining NERC CIP compliance efforts is just one of the many benefits that ICS Patrol™, and SilentDefense 3.13, offer our customers.  

If you want to learn more about NERC CIP and how SilentDefense streamlines compliance efforts with this ever-changing and critical set of standards, download this eBook.  

New Call-to-action

Join the conversation