AccessPatrol central web console close up

NERC CIP Compliance Software

Protect sensitive BSCI with the robust data loss prevention, endpoint security, and user activity monitoring features in the CurrentWare Suite.

Control Removable Media & Other Peripherals

Prevent the unauthorized use of high-risk wireless and peripheral devices
Endpoint Security Controls for Defense-in-Depth
Minimize the attack surface of endpoints in BES Cyber Systems
Protect Transient Cyber Assets
Monitor and control Windows-based TCAs to limit cybersecurity risks

Start Your Free Trial Today

Trusted by

& many more

Trusted by

and many more

NERC CIP Compliance Requirements You Can Address With CurrentWare

NERC CIP-003-8

NERC CIP-003-8 — Security Management Controls

The purpose of NERC CIP-003-8 is to specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electric System (BES).

CurrentWare’s NERC CIP compliance solutions provide several security controls to mitigate the risk of introducing malicious code to BES Cyber Systems through the use of Transient Cyber Assets or Removable Media.

Requirement

CurrentWare Modules & Features

Cyber Security Awareness
CIP-003-8 R1 (1.2.1)

Each Responsible Entity shall reinforce, at least once every 15 calendar months, cyber security practices.

BrowseReporter

Get alerts when users attempt to visit high-risk websites
Monitor user computer activity for high-risk web browsing or app usage
Phishing awareness training

AccessPatrol

Get alerts when unknown or blocked removable media is inserted into endpoints within BES Cyber System(s)
Monitor removable media activity for security policy violations

Cyber Security Incident Response
CIP-003-8 R1 (1.2.4)

Each Responsible Entity shall have one or more Cyber Security Incident response plan(s), either by asset or group of assets, which shall include identification, classification, and response to Cyber Security Incidents

BrowseReporter

Get alerts when users attempt to visit known high-risk websites
Monitor user computer activity for high-risk web browsing or app usage

AccessPatrol

Get alerts when unknown or blocked removable media is inserted into endpoints within BES Cyber System(s)
Monitor removable media activity for cyber security incidents such as illicit transfers of BCSI

Transient Cyber Asset and Removable Media Malicious Code Risk Mitigation
CIP-003-8 R1 (1.2.5)

Each Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more plan(s) to achieve the objective of mitigating the risk of the introduction of malicious code to low impact BES Cyber Systems through the use of Transient Cyber Assets or Removable Media.

AccessPatrol

Block unauthorized removable media devices to mitigate the risk of employees and contractors introducing malicious code
Lock down removable media virus scanning machines (“Sheep Dip”) by disabling Bluetooth, USB Network Adapters, Network Drives, and WiFi hardware when not explicitly required
Maintain a log of each removable media device introduced to BES Cyber Systems and Transient Cyber Assets
Maintain a log of all file operations to and from removable media devices introduced to BES Cyber Systems and Transient Cyber Assets

BrowseControl

Lock down removable media virus scanning machines (“Sheep Dip”) by blocking TCP/UDP network ports and internet access over web browsers
Restrict browser access to authorized websites and intranet portals to prevent the introduction of malicious code from high-risk websites
Close unused network ports at the endpoint level to reduce the attack surface of Transient Cyber Assets

NERC CIP-007-6

NERC CIP-007-6 — System Security Management

The purpose of NERC CIP-007-6 is to manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electric System (BES).

CurrentWare’s NERC CIP compliance solutions complement your Electronic Security Perimeter with technical security controls that protect against the use of unnecessary ports and removable media on managed endpoints.

Easily lock down Transient Cyber Assets used by field workers to protect BES Cyber Systems against insider threats and malicious activity.

Requirement

CurrentWare Modules & Features

Table R1– Ports and Services
CIP-007-6 R1 (1.1)

Where technically feasible, enable only logical network accessible ports that have been determined to be needed by the Responsible Entity, including port ranges or services where needed to handle dynamic ports.

BrowseControl

Disable unneeded TCP/UDP ports at the endpoint level to reduce the attack surface of Transient Cyber Assets
Restrict browser access to authorized websites and intranet portals to prevent the introduction of malicious code from high-risk websites

Table R1– Ports and Services
CIP-007-6 R1 (1.2)

Protect against the use of unnecessary physical input/output ports used for
network connectivity, console
commands, or Removable Media

AccessPatrol

Block a variety of peripherals including removable media devices, wireless devices, and serial/parallel communication ports.
Lock down endpoints by disabling Bluetooth, USB Network Adapters, Network Drives, and WiFi hardware when not explicitly required
Maintain a log of each removable media device introduced to BES Cyber Systems and Transient Cyber Assets

Learn More: Which devices can I control with AccessPatrol?

Table R3 – Malicious Code Prevention
CIP-007-6 R3 (3.1)

Deploy method(s) to deter, detect, or
prevent malicious code.

AccessPatrol

Block unauthorized removable media devices to mitigate the risk of employees and contractors introducing malicious code
Lock down removable media virus scanning machines (“Sheep Dip”) by disabling Bluetooth, USB Network Adapters, Network Drives, and WiFi hardware when not explicitly required
Maintain a log of each removable media device introduced to BES Cyber Systems and Transient Cyber Assets
Get alerts of attempts to use unauthorized removable media devices

BrowseControl

Disable unneeded TCP/UDP ports at the endpoint level to reduce the attack surface of Transient Cyber Assets
Restrict browser access to authorized websites and intranet portals to prevent the introduction of malicious code from high-risk websites
Block known malicious domains with predefined web content categories

BrowseReporter

Get alerts when users attempt to visit known high-risk websites
Monitor user computer activity for high-risk web browsing or app usage

Learn More: CurrentWare’s endpoint security solutions

Table R4 – Security Event Monitoring
CIP-007-6 R4 (4.1.1; 4.2; 4.4)

Log events at the BES Cyber System
level (per BES Cyber System capability)
or at the Cyber Asset level (per Cyber
Asset capability) for identification of,
and after-the-fact investigations of,
Cyber Security Incidents that includes, as a minimum, each of the following
types of events:

4.1.1. Detected successful login
attempts;

4.1.2. Detected failed access
attempts and failed login
attempts;

4.1.3. Detected malicious code.

──

4.2

Generate alerts for security events that the Responsible Entity determines necessitates an alert.

──

4.4

Review a summarization or sampling of logged events as determined by the Responsible Entity at intervals no greater than 15 calendar days to identify undetected Cyber Security Incidents.

enPowerManager

Maintain a log of each successful login attempts including timestamps and duration of each logon event

AccessPatrol

Maintain a log of each removable media device introduced to BES Cyber Systems and Transient Cyber Assets
Get alerts of attempts to use unauthorized removable media devices
Get alerts when specific file operations occur such as attempts to transfer files with extensions associated with BCSI
Automate the sending of user activity reports to designated email addresses at a set schedule

BrowseReporter

Get alerts when users attempt to visit known high-risk websites
Monitor user computer activity for high-risk web browsing or app usage
Automate the sending of user activity reports to designated email addresses at a set schedule

CurrentWare Web Console

CurrentWare admin activity logs provide details of configuration changes to monitor for malicious or negligent admin activity within the CurrentWare Suite

Table R4 – Security Event Monitoring
CIP-007-6 R4 (4.3)

Where technically feasible, retain applicable event logs identified in Part 4.1 for at least the last 90 consecutive calendar days except under CIP Exceptional Circumstances.

The CurrentWare Suite is hosted and managed by your organization, giving you full control over data retention.
Using the Auto Delete Scheduler you can automate the deletion of historical user activity data after 90+ days

NERC CIP-010-4

NERC CIP-010-4 — Configuration Change Management and Vulnerability Assessments

The purpose of NERC CIP-010-4 is to prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to misoperation or instability in the Bulk Electric System (BES). | Learn More

CurrentWare’s NERC CIP compliance solutions provide critical insights into what computer applications are being used in BES Cyber Systems, allowing you to detect and investigate unauthorized software that could pose a security risk.

Requirement

CurrentWare Modules & Features

Table R2 – Configuration Monitoring
CIP-010-4 R2 (2.1)

Monitor at least once every 35 calendar days for changes to the baseline configuration. Document and investigate detected unauthorized changes.

BrowseReporter

Monitor user computer activity for the use of shadow IT and other unauthorized software
Automate the sending of user activity reports to designated email addresses at a set schedule

CurrentWare Web Console

CurrentWare admin activity logs provide details of configuration changes to monitor for malicious or negligent admin activity within the CurrentWare Suite

NERC CIP-011-3

NERC CIP-011-3 — Cyber Security — Information Protection

The purpose of NERC CIP-011-3 is to prevent unauthorized access to BES Cyber System Information (BCSI) by specifying information protection requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electric System (BES). | Learn More

CurrentWare’s NERC CIP compliance solutions provide the technical security controls that Responsible Entities need to ensure the confidentiality of BCSI against insider threats.

Requirement

CurrentWare Modules & Features

Table R1 – Information Protection Program
CIP-011-3 R1 (1.2)

Method(s) to protect and securely handle BCSI to mitigate risks of compromising confidentiality.

AccessPatrol

Block data transfers to portable storage devices to prevent data theft or loss by employees and contractors
Lock down removable media virus scanning machines (“Sheep Dip”) by disabling Bluetooth, USB Network Adapters, Network Drives, and WiFi hardware when not explicitly required
Maintain a log of each removable media device introduced to BES Cyber Systems and Transient Cyber Assets
Get alerts of attempts to use unauthorized removable media devices

BrowseControl

Disable unneeded TCP/UDP ports at the endpoint level to reduce the attack surface of Transient Cyber Assets
Prevent users from launching applications that are known to be a risk to BCSI such as cloud storage apps
Restrict browser access to authorized websites and intranet portals to prevent the introduction of malicious code from high-risk websites
Block known malicious domains and internet-based data egress points such as cloud storage sites with predefined web content categories

BrowseReporter

Get alerts when users attempt to visit known high-risk websites
Monitor user computer activity for high-risk web browsing or app usage

Learn More: CurrentWare’s data loss prevention solutions

Case Study

Viking Yachts Protects Sensitive Information From a Departing Employee

“CurrentWare saved us a lot of time and money. If we didn’t have AccessPatrol we would have never known what was going on. I cannot thank all of you enough for this software.”

Read Viking Yachts’ Story

A departing employee was caught stealing classified files! If we didn’t have AccessPatrol we would never have known.

Flexible Deployment Options

With CurrentWare’s user activity monitoring solutions you’re in complete control of how your data is stored, secured, and retained. Your employees' data cannot be accessed by CurrentWare.

On Premises

Have Complete Control of Your Data

Install the management software on a standard computer, then deploy the client software to your users' computers

Remote Workers

Manage Users on Any Network

Connect your remote employees’ computers to the management software with simple port forwarding rules

Self-Managed Cloud

Citrix, Azure, AWS, GCP, and More!

Enjoy the scalability and availability of the cloud alongside the security, control, and flexibility of our on-premises solution.

Learn More About Deployment

Get all 4 modules for the best value or choose the exact solutions you need

Get Advanced Activity Insights

BrowseReporter is a versatile employee monitoring software to track productivity and efficiency.

Make informed decisions
Enforce company policies
Improve productivity

Learn More

BrowseControl

Block Harmful Websites

BrowseControl is an easy-to-use website blocking software for restricting internet access.

Block URLs & categories
Block unwanted apps
Website allow & block lists

Learn More

Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.

AccessPatrol

Stop Data Theft to USB Devices

AccessPatrol is USB control software to protect sensitive data against theft to portable storage devices.

Block USB devices
USB file activity alerts
Block file transfers

Learn More

AccessPatrol peripheral device permissions mockup block usb

enPowerManager

Control PC Power States

enPowerManager is a remote PC power manager for centrally managing power settings across all endpoints.

Track logon and logoff times
Log PC power event history
Remotely shutdown PCs

Learn More

Screenshot of enPowerManager's PC power schedule with weekly boot, restart, and shutdown events scheduled

Check Out Our Great Reviews on Capterra!

This software helps us to achieve compliance with industry and government requirements with respect to controlling the use of removable storage media. It fits the bill perfectly.

Matthew W., Project Manager
Aviation & Aerospace Industry, 11-50 employees

[AccessPatrol] has been a great benefit to secure USB devices and access to company computers. We now have the ability to secure machines that otherwise would have been exposed to threats.

Jordan F., Senior IT Specialist
Machinery Industry, 1001-5000 employees

Data leaks have been thwarted by AccessPatrol. When an unauthorized device is detected, an email alert is sent immediately. It enables real-time audit reports on accessed and blocked devices.

Karen M., Senior Director of Marketing
Construction Industry, 10,001+ employees

We have experienced data leaks by dishonest employees in the past and AccessPatrol has helped us avoid them and work with greater security and peace of mind for us and our customers.

Julio V., Head of Information Technology
Financial Services Industry, 10,001+ employees

FREE DOWNLOAD
Removable Media Policy

Download this data security policy template to prevent data leakage to USB flash drives and other removable storage devices.

Set data security standards for portable storage
Define the acceptable use of removable media
Inform your users about their security responsibilities

Get Your FREE Template

CurrentWare Features

Get Started Today
With a Free Trial

Fully functional. Easy to use. Install in minutes.

Get Your Free Trial

Buy Licenses Now

Learn How to Meet These
Compliance Requirements With CurrentWare

