Resources

Datasheet
Datasheet

Tripwire NERC CIP Report Catalog

Fortra’s Tripwire NERC CIP Solution Suite is an advanced offering that augments Tripwire’s tools for meeting 23 of NERC CIP’s 44 requirements. The Tripwire NERC CIP Solution Suite allows you to achieve and maintain NERC CIP compliance with high efficacy and reduced effort. This suite includes continuous monitoring of cyber assets, automated assessment of security, and audit-ready evidence with...
Industrial Control Systems
On-Demand Webinar
On-Demand Webinar

Insights for Navigating PCI-DSS 4.0 Milestones

With the PCI-DSS 4.0 implementation deadline looming just around the corner in 2024, financial companies have no time to waste when it comes to reaching key compliance milestones. Watch this on-demand webinar presented by Fortra’s Tripwire and BankInfoSecurity.com designed to help you get—and stay—on track for PCI 4.0 compliance. Hear from industry experts on preparing for PCI 4.0 using a simple...
Compliance
PCI DSS
Distributed Energy Resources and Grid Security
Blog
Blog

Distributed Energy Resources and Grid Security

By Tripwire Guest Authors on Tue, 04/04/2023
As the United States government, the energy industry, and individual consumers work toward cleaner and more sustainable energy solutions, it is crucial to consider how new and advancing technologies affect, and are affected by, cybersecurity concerns. ­­­­Increasing use of smart energy devices can be useful for consumers to have more control over their energy consumption, but can also pose a...
Cybersecurity
Industrial Control Systems
Guide
Guide

PCI DSS 4.0 Compliance

Maintaining compliance is a difficult job—both in scope and in practical application. Organizations need to comply with a vast array of regulations, and the number is constantly increasing. Compliance is consistently tightening; businesses and financial institutions now have to learn and dive into the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements as the implementation...
Compliance
PCI DSS
Dont-fail-an-audit-over-a-neglected-annual-policy-review
Blog
Blog

Don’t fail an audit over a neglected annual policy review

By Tripwire Guest Authors on Mon, 03/20/2023
When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard ( PCI DSS ) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve all, always, believed to be a fundamental tenet of managing...
Compliance
A-Look-at-The-2023-Global-Automotive-Cybersecurity-Report
Blog
Blog

A Look at The 2023 Global Automotive Cybersecurity Report

By Tripwire Guest Authors on Mon, 03/20/2023
From its inception, the automotive industry has been shaped by innovation and disruption. In recent years, these transformations have taken shape in rapid digitization, ever-growing Electric Vehicle (EV) infrastructure, and advanced connectivity . These shifts have redirected the automotive industry, meeting and surpassing customer expectations for what vehicles should accomplish. However, they...
Cybersecurity
Industrial Control Systems
How-Retiring-Gas-and-Coal-Plants-Affects-Grid-Stability
Blog
Blog

How Retiring Gas and Coal Plants Affects Grid Stability

By Katrina Thompson on Thu, 03/16/2023
Legacy gas and coal plants are being aged out – and no one wants to pay enough to keep them going. With increased pressure from green energy laws and added competition from renewable sources, these monsters of Old Power are being shown the door. Considering they've predated and precipitated all Industrial Revolutions (except for this last one – that was digital), it's safe to say they've had a...
Vulnerability & Risk Management
Industrial Control Systems
ISO27001 Updates: Change is afoot
Blog
Blog

ISO27001 Updates: Change is afoot

By Tripwire Guest Authors on Mon, 03/13/2023
If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System, ISO27001 was released . Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards for Information Security Management because it has broken out of the realms...
Compliance
The-Language-of-Cybersecurity-Frameworks-Guidance-Regulations-and-Standards
Blog
Blog

The Language of Cybersecurity Frameworks, Guidance, Regulations, and Standards

By Bob Covello on Wed, 02/15/2023
When it comes to acronyms, Technology and Cybersecurity often rival various branches of government. Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS. Government, however, rarely disappoints in its inventiveness, whether it is the acronym of the Puppies Assisting Wounded Servicemembers ( PAWS ) for Veterans...
Cybersecurity
Compliance
How to Advance ICS Cybersecurity: Implement Continuous Monitoring
Blog
Blog

How to Advance ICS Cybersecurity: Implement Continuous Monitoring

By Anastasios Arampatzis on Mon, 02/06/2023
Industrial control systems are fundamental to all industrial processes, from power generation to water treatment and manufacturing. ICS refers to the collection of devices that govern a process to ensure its safe and effective execution. These devices include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control systems like Remote Terminal...
Industrial Control Systems
Pylon and cables
Blog
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

By Anastasios Arampatzis on Wed, 02/01/2023
The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks , in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood. Reports by the Government Accountability Office (GAO)...
Compliance
NIST
Industrial Control Systems
The Future of CASE Vehicles is Upon Us
Blog
Blog

The Future of Connected, Autonomous, Shared, and Electric (CASE) Vehicles is Upon Us.

By Tripwire Guest Authors on Fri, 12/30/2022
The popularity of electric vehicles is partly a response to the desire of achieving sustainability and carbon footprint reduction. Automobile manufacturers are making substantial investments to tackle emissions issues, create environment-friendly vehicles, and align with Environmental, Social, and Governance (ESG) requirements . To achieve brand edge and investment appeal, automakers market ESG as...
Cybersecurity
Industrial Control Systems
Tripwire & Towerline: Easing the burden of the NERC CIP audit process
Blog
Blog

Tripwire & Towerline: Easing the burden of the NERC CIP audit process

By Tripwire Guest Authors on Tue, 12/20/2022
When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy the auditors. Deep down, we all know that audits...
Compliance
Choosing the Right Industrial Cybersecurity Framework
Blog
Blog

Choosing the Right Industrial Cybersecurity Framework

By John Salmi on Wed, 12/07/2022
It’s no surprise that industrial environments have become increasingly valuable targets for malicious behavior. The State of Security has featured many cybersecurity events across myriad industrial verticals, including but not limited to chemical manufacturing , transportation , power generation and petrochemical . Several of these industries have taken great strides in improving their defense...
Cybersecurity
Industrial Control Systems
Cyberattacks Targeting Smaller Healthcare Companies and Specialty Clinics, but Why?
Blog
Blog

Cyberattacks are targeting smaller healthcare companies and specialty clinics. But why?

By Tripwire Guest Authors on Mon, 11/28/2022
The healthcare industry has been a favored target for cybercriminals for many years. In the first half of 2022 alone, 324 attacks against healthcare organizations have been reported. Attackers have primarily focused on large hospitals in years past, but there has been a sudden switch to smaller healthcare companies and specialty clinics. There seems to be a clear trend in attacks against the...
Vulnerability & Risk Management
Cybersecurity
Industrial Control Systems
Integrity Monitoring Use Cases: Compliance
Blog
Blog

Security Configuration Management Use Cases: Policy Monitoring for Security

By David Bruce on Wed, 11/23/2022
In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA , PCI DSS , SOX , and GDPR . Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA, ISO, and other advisory bodies. When it...
Vulnerability & Risk Management
Compliance
Security Configuration Management
Information-security-compliance-why-its-more-important-than-ever
Blog
Blog

Information security compliance: why it’s more important than ever

By Tripwire Guest Authors on Wed, 11/16/2022
Being in a more connected environment benefits all of us, from those using social media to stay in touch with far-away relatives, to businesses enjoying the rewards of remote working. But, while connectivity is great and offers many positives, it also creates vulnerabilities. Companies that handle sensitive data may find themselves the target and victim of cyber- attacks as malicious actors look...
Cybersecurity
Compliance
Integrity Monitoring Use Cases: Compliance
Blog
Blog

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

By David Bruce on Fri, 11/11/2022
In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry specific (SOX, NERC, HIPAA, PCI DSS ). These regulations impact literally...
Cybersecurity
Compliance
Security Configuration Management
The Cross-Sector Cybersecurity Performance Goals (CPGs): What you need to know
Blog
Blog

The Cross-Sector Cybersecurity Performance Goals (CPGs): What you need to know

By Tyler Reguly on Wed, 11/09/2022
The Cross-Sector Cybersecurity Performance Goals (CPGs) are a new baseline released jointly by CISA, NIST, and the interagency community, with a goal of providing consistency across all critical infrastructure. The primary webpage for these goals gives us a great understanding of what they are (and are not). It is worth delving into those specifics to understand where the CPGs apply, and how they...
Industrial Control Systems
Getting started with Zero Trust: What you need to consider
Blog
Blog

Getting started with Zero Trust: What you need to consider

By David Bruce on Mon, 11/07/2022
Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which could have cost them hundreds of their own currency...
Cybersecurity
Compliance
NIST
Security Configuration Management