Resilient. Secure. Compliant. NERC CIP and ICS/OT Security. We keep you ahead of your adversaries - and your auditors.

CIP-010.R3 Cyber Vulnerability Assessment

 
hydro-lines-219926.jpg
 

CIP-010 CVA

 
 

Why choose Ampyx Cyber for your CVA?

Audit-Ready Documentation

Your CVA documentation will impress auditors with the attractive format and easy to digest layout - as well as the attention to detail and helpful direct references to the CIP standard. In addition to the reports and data sets, we even include a ready-to-use “action plan” as required by the standard.

 

Senior-Level Staff

Ampyx Cyber uses only the most senior-level staff in the conduct of your CVA – serious professionals with decades of information security and extensive compliance experience, multiple certifications, and the ability to work smoothly, efficiently, intelligently, and diplomatically across multiple layers of your organization.  The quality of our work is unmatched. See our credentials here.

 

fast and efficient

Most of our CVAs take a maximum of two weeks or less - from initial data request to outbriefing. We have a light touch with minimal impact to staff that won’t waste your time or consume resources.

No Surprises

We communicate regularly and consistently with your staff throughout the CVA at a detailed level.  Any findings and concerns are fully discussed and validated before becoming part of the report.  You will also receive an on-site (or off-site, if preferred) outbriefing that includes a summary of the CVA results and the opportunity for further discussion.

 

On or Off-Site – The Same High Quality

While an on-site visit is always preferable for the purposes of performing visual inspections, walk-downs, and communicating with your staff, Ampyx Cyber realizes that on-site visits may be restricted for a variety of reasons.  In the event that an on-site visit is unadvisable, Ampyx Cyber’s off-site CVA methodologies will still provide you with the same high standards of quality and the same senior-level staff. We don’t take shortcuts just because we’re off-site.

 

Fully Customizable

Ampyx Cyber’s CVA format and methodology is easily customizable to suit your specific needs and expectations.  At the start of every engagement a kick-off meeting is conducted where the scope of work is confirmed and all CVA elements verified.  You’ll know exactly what to expect, and how the work will be performed from start to finish.

 

all sizes, all functions, all types

We have experience with the smallest cooperatives, constrained municipalities and large complex investor owned utilities. Whether GO, GOP, TO, TOP, IA/IC, BA or RC - we understand your functions. Your CVA will fit your business because we customize it to match your unique compliance profile.

Network Devices comprehensively Evaluated

Your CVA includes a detailed, in-depth analysis of your in-scope firewalls, routers, and switches, and a separate report is included with your CVA documentation.  Ampyx Cyber utilizes safe, world-renowned evaluation tools that analyze the device configuration files offline – safely, accurately, and thoroughly. 

 

optional firmware vulnerability analysis

If you want, we can go all the way down to the firmware level. Ampyx Cyber has partnered with several firmware analysis platforms to give you the option of knowing the vulnerabilities in your embedded, OT and ICS devices such as relays, PLCs, RTUs, comm equipment and similar technologies that are often overlooked by traditional vulnerability assessment tools (e.g. scanners).

just the right amount of above and beyond

Ampyx Cyber’s CVA process strikes the perfect balance of “above and beyond” to ensure your CVA strictly and squarely meets the NERC CIP requirements, satisfying the pickiest of auditors - but also provides you with real value and meaningful, actionable results - without adding risk from too much information. Our CVAs are designed to meet the compliance bar, and also deliver true security benefit.

 

CIP Consulting Included

Ampyx Cyber CVA professionals are highly experienced with the NERC CIP standards and, while engaged in your CVA, are available to answer to your CIP compliance questions. The benefit of having one Ampyx Cyber consultant on your project means you have immediate access to the full body of knowledge of our entire team.

 

Gain Efficiency Year Over Year

Should you choose to use Ampyx Cyber for your CVA every year, you’ll gain enormous efficiencies and potential cost benefits.  Once our professionals are familiar with your systems, performing next year’s CVA can be a snap.

CIP Compliance CVA coverage range

  • CIP-005 Part 1.1: Ensuring that all applicable Cyber Assets connected to a network via a routable protocol reside within a defined ESP.

  • CIP-005 Part 1.2: Ensuring that all External Routable Connectivity is through an identified Electronic Access Point.

  • CIP-005 Part 1.3: Ensuring that inbound and outbound access permissions are in place, that those permissions are documented (including the reasons for granting access), and that all other access is denied by default.

  • CIP-005 Part 1.4: Ensuring that, where technically feasible, authentication is performed when establishing Dial-Up connectivity with applicable Cyber Assets.

  • CIP-005 Part 1.5: Ensuring that one or more methods are in place for detecting known or suspected malicious communications for both inbound and outbound communications.

  • CIP-005 Part 2.1: Ensuring that an intermediate system is utilized such that the Cyber Asset initiating Interactive Remote Access does not directly access an applicable Cyber Asset.

  • CIP-005 Part 2.2: Ensuring that for all Interactive Remote Access sessions, encryption is utilized that terminates at an Intermediate System.

  • CIP-005 Part 2.3: Ensuring that multi-factor authentication is utilized for all Interactive Remote Access sessions.

  • CIP-005 Part 2.4: Ensuring that one or more methods are in place for determining active vendor remote access sessions.

  • CIP-005 Part 2.5: Ensuring that one or more methods are in place for disabling active vendor remote access.

  • CIP-007 Part 1.1: Ensuring that, where technically feasible, only logical network accessible ports that have been determined to be needed are enabled.

  • CIP-007 Part 1.2: Ensuring that unnecessary physical input/output ports used for network connectivity, console commands, or removable media are protected against use.

  • CIP-007 Part 2.1: Ensuring that a patch management process exists for tracking, evaluating, and installing cyber security patches for applicable Cyber Assets.

  • CIP-007 Part 3.1: Ensuring that methods are deployed to deter, detect, or prevent malicious code, and that the threat of detected malicious code is mitigated.

  • CIP-007 Part 3.3: Ensuring that, for those methods identified in Part 3.1 that use signatures or patterns, a process exists for the update, testing, and installation of the signatures or patterns.

  • CIP-007 Part 4.1: Ensuring that events are logged for the identification of, and after the fact investigation of, Cyber Security Incidents, which includes successful login attempts, detected failed access and failed login attempts, and detected malicious code.

  • CIP-007 Part 4.2: Ensuring that alerts are generated for security events that includes, at a minimum, detected malicious code and detected failure of event logging.

  • CIP-007 Part 4.3: Ensuring that applicable event logs are retained for at least the last ninety (90) calendar days.

  • CIP-007 Part 5.1: Ensuring that a method exists to enforce authentication of interactive user access (where technically feasible).

  • CIP-007 Part 5.2: Ensuring that all known enabled default or other generic account types have been identified and inventoried.

  • CIP-007 Part 5.3: Ensuring that individuals who have authorized access to shared accounts are identified.

  • CIP-007 Part 5.4: Ensuring that known default passwords have been changed.

  • CIP-007 Part 5.5: Ensuring that password length and complexity meet the NERC CIP requirements spelled out in this Part.

  • CIP-007 Part 5.6: Ensuring that, where technically feasible, password changes are either technically or procedurally enforced and occur at least once every fifteen (15) calendar months.

  • CIP-007 Part 5.7: Ensuring that, where technically feasible, the number of unsuccessful authentication attempts are limited, or alerts are generated after a threshold of unsuccessful authentication attempts.