NERC Alliance Network
Tripwire's NERC Alliance Network collaboratively brings companies together who offer high quality energy sector and NERC-focused solutions, services, and technologies. These offerings automate and simplify NERC CIP compliance and technology challenges in the power and utility industry.
Join the NERC Alliance Network
The goals for the NERC Alliance Network include:
- Collaboration among qualified vendors
- Education between NERC Alliance Network members and potential joint certification programs
- Marketing and Promotions may be jointly created
- Lead-sharing may occur as appropriate
- Demos & Proof of Concept (POC) as appropriate
Current NERC Alliance Partners
AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems for true prevention of insider threat, fraud, theft, sabotage and acts of terrorism. AlertEnterprise delivers Enterprise IAM, industry-specific Operational Compliance Management, as well as Situational Awareness with continuous monitoring and incident management for effective response to critical threats and protection of critical infrastructure for various sectors including pharmaceutical/healthcare, utilities, oil and gas, airports, federal agencies, and many other industries.
The Anfield Group
When it comes to Critical Infrastructure, there is no substitute for experience. Not only have the consultant professionals at The Anfield Group played a key role in creating several regulations designed to protect Critical Infrastructures, they have also participated in hundreds of security and reliability improvement projects.
The cyber threat to Critical Infrastructure is real and growing daily. Reliability now includes robust compliance-based programs above and beyond typical operations. Whether it's regulatory compliance, security program development or product selection consultation, The Anfield Group's hands-on, real-world experience is unmatched.
Archer Security Group
Archer is the only firm with the expertise and insight to successfully advance your organization to a state that is both compliant – and secure.
Archer’s Regulatory Compliance Practice is comprised of all ex-utility staff, six former Regional Entity auditors, and a former FERC staffer – each with extensive utility-centric expertise in the NERC CIP Standards since their inception. Every one of our consultants has participated in the NERC CIP drafting teams, implemented the standards at utilities (Registered Entities) or held responsibility for auditing the standards as the compliance enforcement authority (Regional Entities). Our experts are carefully selected for their complementary skill sets, deep knowledge of the industry and respective regulations as well as their ability to maintain the highest degree of integrity in their professional conduct.
Archer Security Group is an international security consulting firm with a focus on mission-critical cyber and physical security. Archer's security consultants have vast experience in critical infrastructure security in electric, oil and gas, transportation, finance, critical manufacturing, food and beverage, and many other sectors.
Curricula provides the most effective and innovative educational solution for NERC CIP Compliance Training. Curricula’s CIP Training can be delivered as a turnkey hosted service or managed on the client’s own learning platform to automate CIP-004 R2. Using story-based learning techniques, Curricula breaks down complex CIP compliance topics into relative, easy to understand concepts.
Curricula Aware is designed to improve an organization’s security culture and increase the effectiveness of security awareness training. Aware is developed to automate CIP-004 R1 by delivering turnkey quarterly cyber security awareness campaigns. Aware’s administration dashboard allows organizations to view beautifully designed analytics and campaign performance data.
From their prior experience working at NERC, Curricula demonstrates the art of NERC CIP Compliance expertise. By combining playful imagery with delightful animation, Curricula provides an educational experience that is fun, engaging, and effective. With a comprehensive focus on user experience and attention to detail, Curricula brings cyber security training to life.
FoxGuard Solutions develops customized cyber security, compliance, and industrial computing solutions. As a leading operational technology company they deliver reliable, secure and configurable solutions:
FoxGuard provides several cyber security solutions, including Patch & Update Management Services, including asset analysis and monthly patch reporting, Security Services, Hardware/Software Solutions and Field Services.
Their industrial turnkey computing solutions for mission-critical applications are designed to fit a customer’s intended use, expected life-cycle and desired price point. In addition to providing hardware platforms, they provide a host of value-added services that truly make their computer products “plug and play” ready.
GarrettCom, a Belden brand, designs, manufactures, and markets industrial networking products for specialty and stressed applications in the US and internationally. Heavy duty products include managed and unmanaged switches, media converters, fiber links, multi-protocol routers and terminal servers, and cyber security solutions. The Company’s products are used in applications where high reliability under harsh conditions is a primary consideration. These include power utility substations and similar Smart Grid operations centers, surveillance and physical security, transportation facilities, industrial and factory automation, telecommunications, water treatment, and outdoor applications. Founded in 1989, GarrettCom, a wholly-owned subsidiary of Belden Inc., sells its products to sophisticated end users and through a network of system integrators, original equipment manufacturers and international distributors.
GarrettCom’s competitive advantage is based on its full range of Ethernet, serial, and routing products, its complete line of fiber products with a broad range of power options, its private label program, and its superior quality and service. The quality and service are measured by customer and reseller response, and value pricing. The company has an installed base of more than 10 million node connections. GarrettCom products are designed and manufactured in the U.S.A. ; the company is ISO 9001:2008 certified for networking products design, marketing and manufacturing.
ICF International provides professional services and technology solutions that deliver beneficial impact in areas critical to the world's future. ICF is fluent in the language of change, whether driven by markets, technology, or policy. Since 1969, we have combined a passion for our work with deep industry expertise to tackle our clients' most important challenges. We partner with clients around the globe—advising, executing, innovating—to help them define and achieve success. Our more than 4,500 employees serve government and commercial clients from more than 60 offices worldwide. Download Datasheet
NovaTech (Lenexa, KS) provides CIP-compliant Remote Access and Administration of IEDs, including Password and Connections Management. Solutions include role-based authentication, centralized authentication, secure access to substation assets and automatic password changing. Our complete compliance solutions include partner products for Inventory, Configuration Management, Change Control, Event Logging and CIP Reporting for substation assets. Solution have been tailored to meet the latest NERC CIP Version 5 requirements. Download Datasheet
RedSeal provides a cybersecurity analytics platform to Global 2000 organizations that helps maximize digital resilience against cyber events. RedSeal’s advanced analytics engine creates functioning network models, tests networks to identify security risks, prioritizes needed actions, and provides critical information to quickly remediate issues. The result: measurable reduced cybersecurity risk and lower incident response and maintenance costs. With operations in North America, Europe, and Asia, RedSeal customers include leaders in finance, retail, technology, utilities, service providers, and government, all served by RedSeal’s channel partner network. Download Datasheet
Rkneal is a world-class engineering firm specializing in industrial control systems (ICS), cyber security and technical services. Our extensive ICS background eventually led to the development of our flagship product, the Verve Security Center. Verve is a centralized security suite that consolidates antivirus, application whitelisting, change management, security information & event management (SIEM), patch management, vulnerability scans, intrusion detection and backup management technologies into a unified management console. The plug and play feature of Verve works across the heterogeneous control system environment and supports multiple DCS, PLC and SCADA platforms.
SigmaFlow's NERC Compliance Management Solution for CIP & 693 - A real-time, evidentiary NERC compliance management software solution that solves the challenges of CIP Compliance unmet by traditional GRC approaches. The SigmaFlow Compliance Manager solution manages all documents, data, and work activities while automatically collecting and building the evidence for NERC compliance in a real-time repository.
The NERC CIP solution collects and manages compliance evidence through data management, document management, tasks, and procedures for NERC CIP-002 through CIP-009. The NERC 693 solution collects and manages evidence through document management and internal controls that simplify, organize, and execute the many task workflows required by the 693 Reliability standards.
These solutions are configured on the same compliance platform, providing comprehensive compliance evidence collection, management and reporting that simplifies NERC Compliance while building the real-time evidence that demonstrates NERC CIP and NERC 693 compliance. Download Datasheet
The electrical, environmental, and operational requirements of SCADA and process control systems can make traditional IT-focused security solutions unsuitable for industrial networks. As a result, many critical systems operate with little protection against accidental or malicious cyber events. Entire plants have been shut down by an infected USB key or a misconfigured network device.
The Tofino Xenon Security Appliance (Tofino SA) is ideal for control professionals because it is a Plug-n-Protect™ product, designed to be installed in a live network with no pre-configuration, no network changes, and no plant downtime. It provides a simple and cost-effective way to create zones of security − tailored protection for groups of PLCs, DCS, RTUs, IEDs, and HMIs − as recommended by ISA/IEC-62443 Standards.
Tofino is designed with the environments, staff skills, and needs of industry in mind. It protects better and is easier to install than IT firewalls and other security products.
WhiteScope is a free service that compares file contents and file hashes with "known good" files from ICS/SCADA installation media.
WhiteScope maintains a database of file hashes, registry changes, processes, and loaded modules for ICS/SCADA software. These artifacts were gathered from installation media and running systems. The whitelists can be used for initial triage during incident response engagements, security assessments, and intrusion detection/prevention products.
Cyberwiz-Pro (CWP) is built specifically to help companies reduce cost and build a sustainable NERC CIP V5 compliance program. CWP has a built-in CIP V5 business process that guides and aides the user through each CIP standard (002-011) with an easy-to-use and customizable workflow. CWP deploys an agent (or integrates with agents from other vendors such as Tripwire) that automates the asset discovery process that reduces the time and cost of building a sustainable baseline. CWP includes a robust change management workflow process designed specifically to keep the baseline current and approved. Housing the assets and attributes in a robust relational database allows for strong evidence gathering and reporting capabilities with the ability to look at the overall status of the CIP program as well as drill down into the details for analysis, evaluation, and auditing.
CWP integrates with cyber asset security tools such as patch management, log management, and integrity monitoring in the plant’s Operational Technology as well as the IT environment. This integrated approach to compliance helps mitigate the challenges in maintaining NERC CIP compliance with a higher level of accuracy and efficiency.