The SAFE Solution offers industry-specific modules designed to maximize efficiency and security for businesses in a variety of industries. From aviation to government to healthcare and many more, SAFE offers solutions created to meet each industry’s unique needs.
Energy and power facilities represent a very complex environment in which to cost-effectively manage operations and security. High levels of employee safety are a must, requiring that identities and related-area access be managed in a real-time fashion across a massive physical infrastructure. A strong dependence on contractors, sub-contractors and other vendors can create a litany of “un-trusted” identities across the organization. Corporate governance, documentation and reporting have become paramount, as organizations struggle to stay ahead of the latest regulatory and environmental restrictions. And lastly, downsizing and/or mergers in the industry represent massive challenges from a security operations standpoint.
Quantum Secure’s SAFE Enterprise can help automate key processes and internal controls, helping security practitioners streamline their security operations and compliance reporting.
The result? Reduced time, effort and operating costs related to the management of identities across the facility, and a security operations center that is contributing directly to the bottom line.
With a robust approach to end-to-end identity management, compliance and reporting, a utility facility can have a better understanding of their entire operation, knowing precise information regarding workers, vendors and other third parties and their related-area access.
The chart below reviews the specific NERC requirements and how SAFE Enterprise addresses each:
|Requirement||Description||Quantum Secure SAFE Compliance|
|CIP 004 R3||Requires criminal background checks for all cardholders requiring access to critical cyber asset||SAFE ensures as policy/rules that background checks are performed for continued physical security access across multiple PACS|
|CIP 004 R4||Requires update of any changes in personnel or access rights to physical access of critical cyber asset with in seven business days||SAFE, through its policy/rules regulation, ensures a real-time update across multiple physical security systems and applications|
|CIP 004 R4.2||Revoking access to critical cyber assets within 24 hours for personnel terminated and within 7 days if terminated without cause||SAFE automates the termination process (connected with HR/LDAP systems) and its reporting for audit purposes in real time, achieving full compliance with this regulation. Revocation records are made available in real time for auditors|
|CIP004 R2||Requires parties to establish, maintain, and document an annual cyber security training program for personnel having authorized cyber or authorized unescorted physical access to critical cyber assets, and review the program annually and update as necessary||SAFE has a built-in training module that periodically send information/training material to all cardholders having physical access to critical asset and obtain their acknowledgement about compliance|
|CIP 006 R1||Maintaining and documenting a process for reviewing and revoking physical access and authorization. Processes, tools, and procedures to monitor physical access to the perimeter(s) for employees, contractors and visitors (pass management)||SAFE maintains & documents the process for reviewing and revoking access and authorization in its system and executes it in real-time when needed. SAFE provides a process driven tool/ application to monitor physical access to the perimeter(s) in real –time across multiple PACS. SAFE has built-in Visitor Management system to manage visitors including response to loss, and prohibition of inappropriate use of physical access controls|
|CIP 006 R2||Requires the entity to document and implement the operational and procedural controls to manage physical access at all access points to the Physical Security Perimeter(s) twenty four hours a day, seven days a week for card key access, metal key access, security personnel managing operations and for authentication devices like biometric, keypad, etc that control access to physical location points||SAFE implements operational and procedural controls to manage physical access at all access points to the Physical Security Perimeter(s) in real-time including management of metal keys, card lifecycle management, role based management of personnel connected with giving access to such perimeters and full integration with authentication devices like biometric, keypad, etc that control access to physical location points|
|CIP 006 R3||Requires a system quickly respond to the alarm generated by PACS system for unauthorized access||SAFE has a built in event response system to handle such situations in real time by alerting appropriate security operators via multiple means|
|CIP 006 R4||Requires entity to record sufficient information to uniquely identify individuals and the time of access twenty-four hours a day, seven days a week||SAFE has built-in database to record all information to uniquely identity individuals and their access records across multiple PACS starting from their first day of employment. Records are not purged unless authorized by someone|
|CIP 006 R5||The responsible entity shall retain physical access logs for at least 90 calendar days||SAFE has built-in database to record all information to uniquely identity individuals and their access records across multiple PACS starting from their first day of employment. Records are not purged unless authorized by someone|