Resilient. Secure. Compliant. NERC CIP and ICS/OT Security. We keep you ahead of your adversaries - and your auditors.

Services

 
ventilator-349658_1920.jpg
 

NERC CIP Compliance

Whether you are preparing for your next audit or remediating issues from a previous one, Ampyx Cyber can assist with your most challenging regulatory situations. We’ve seen the NERC CIP compliance world from all sides: as utility compliance staff/management, Regional CIP auditors, and actual drafters of the standards (including interpretations and guidance). We were forged in this industry and we’ve been woven into the NERC CIP fabric since it started. We have deep experience with FERC, NERC and all 6 Regions. We also speak CISA CPGs, ES/ONG-C2M2, CFATS, 62443 and NIS. Compliance is our thing.

Industrial Cybersecurity Programs

Industrial Control Systems (ICS) and Operational Technologies (OT) are our specialty. We are well versed in all of the relevant process engineering concepts, architectures, methodologies, models and frameworks. We won’t launch NMAP on your control network, we come with our own PPE and we’re ready to take your safety training. Most importantly, we approach security problems with the reliability of your operation in mind. We can help you reduce downtime and operational costs through managing your assets, controlling change, greater process efficiency and faster root cause analysis.

Controls Review, Design & Testing

Reliance on manual processes, spreadsheets and Outlook calendars will only get you so far. Automation and controls can give you measurable efficiency improvements while also reducing your audit scope and making your audits less painful. We speak the language with certified auditors who understand control objectives, control design and control testing. Make sure the process happens reliably, the same way, every time - and make it easy to prove to your auditor. Better controls directly translates into lower risk for all areas of the business. Fluent in NERC CIP, ES/ONG-C2M2, NIST CSF/RMF/800, CMMC, TSA SDs, CISA CPGs, CFATS, API 1164, IEC-62443, NIS/NIS2, CRA, CAF, BSI, AESCSF, and more.

Supply Chain Risk Management

Directives are coming from Executive Orders, regulations, legislation, performance goals and stakeholders. But where do you start when you’re facing nation state threat actors, organized crime, and even industrial espionage? Covering your hardware, software and services supply chain risks is a complex problem to solve, with serious potential impact to the business. Ampyx Cyber consultants have been deeply involved in global supply chain security efforts with asset owners, hardware/software vendors and government agencies. From SBOM, HBOM, FBOM, VEX, VDR - we’ve got your SCRM covered.

And There’s More…

Our skills go far beyond just industrial cyber security consulting. Executive and board level briefings, regulatory forecasting, M&A diligence assessments, international standards normalization and mapping, IoT, IIoT, security tools, integration, automation, business process management, organizational change management and project management, are just a few of the other areas we can help you succeed. We can even help you with your IT projects and in a way that won’t impact your OT goals. For anything we don’t do, we have an extensive network of business alliance partners.

 

Ask An Expert

Got a tough question?

 

Sometimes you just need to phone a friend. Ask us anything, any time. You don’t need to be an existing or prospective client. No cost, no hassle and no commitment. We will not put you on a contact list or have the sales team follow up. We will always respect your privacy. We promise. Just real answers from real experts for real problems.

background_gray_square.png