The task of baselining asset configurations and managing changes on that baseline can be difficult and labor intensive, especially when multiple sites and silos of information are involved. Using spreadsheets may work temporarily, but it is not sustainable by any means; it is error-prone and may expose the facility to additional risks. Using homegrown applications or databases is also risky because the facilities soon discover that the job of maintaining these systems and supporting the regulatory changes using their homegrown tools is costly and unmanageable.
CWP from WizNucleus is a proven software solution with extensive experience in the Operations Technology (OT) environment and is designed to automate the management of configuration baselining, monitoring, and the enforcement of changes to Cyber Assets, as required in NERC CIP-010. CWP can import asset and configuration details from a variety of information silos and make NERC CIP compliance simple and sustainable. Immediately upon installation of CWP, you get to see reportable configuration details for all your devices in one place.
CWP from WizNucleus has an easy-to-use, searchable relational database which acts as a central repository of configuration details for IT and OT devices, to support the NERC CIP compliance audits. In the CWP database, all assets and their respective configurations are available at-a-glance and with the ability to drill down to ports, services, software, patches and users. All changes to the baseline, including approvals and security control test results, are part of an audit trail that supports annual reviews. Facilities need a commercial tool that makes the configuration baselining and change control process easy, repeatable and error-free.