Skybox Delivers Continuous NERC CIP Compliance Assessment to Energy and Utilities Organizations

Dec. 6, 2011 – Firewall Assurance provides on demand NERC 


compliance reports


Skybox Security, the leader in proactive security management solutions, today announced that Firewall Assurance delivers out-of-the-box cyber security compliance reporting for the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards.

NERC CIP Standard is a comprehensive framework of physical and cyber security best practices to safeguard the bulk power system for North America. With the new NERC report in Skybox Firewall Assurance, energy and utility organizations can automate the network security assessments of firewalls, routers and other network devices. This gives utility operators an on-demand way to quickly demonstrate to auditors evidence of compliance with firewall security policies, documentation of exceptions to firewall policies, change control, access control, and network device configuration checks. In addition, the report confirms the existence of automated and extensive test procedures for network devices, and shows that results are documented. The NERC report provides an extensive view of an organization’s compliance with several sections of the standard, including: CIP-002-3 Critical Cyber Asset Identification, CIP 003-3 Security Management Controls, CIP 005-3 Electronic Security Perimeters and CIP-007-3 Systems Security Management.

"It is important to maintain an effective network security perimeter and the new NERC CIP reporting functionality is a means of simplifying the reporting process," said Robert Melis, manager, data center operations at California Independent System Operator Corporation (ISO). "The new capabilities will reduce the time we spend on documenting compliance with mandatory regulations."

"Utilities companies place high emphasis on achieving 100 percent reliability of the bulk power distribution network," said Gidi Cohen, CEO at Skybox Security. "Today it’s as critical to protect the networks of energy producers from malicious cyber attacks as it is to ensure physical security. Firewall Assurance helps organizations be more resilient against potential disruptions due to cyber risks, while reducing their compliance reporting costs."

Features of Skybox Firewall Assurance:


Automatically import firewall configuration data and look for rule conflicts and misconfigurations

* Continuously monitor firewall security and compliance status

* Create firewall audit reports addressing NERC, NIST, PCI DSS and other standards

* Track changes made to firewall access rules and objects

For more information on Skybox Firewall Assurance and all of the Skybox Security solutions visit

About Skybox Security, Inc.

Skybox Security, Inc. is the leader in proactive security management solutions, providing automated tools that find and prioritize cyber risks such as vulnerabilities, firewall configuration errors, and access compliance issues. Our solutions help IT security personnel continuously monitor security risks that could lead to a data breach or cyber attack. Organizations in Financial Services, Government, Energy, Defense, Retail, and Telecommunications rely on Skybox Security solutions to reduce risk exposure and achieve compliance. For more information visit

NOTE: Skybox® Security is a registered trademark of Skybox Security Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners. Product specifications subject to change at any time without prior notice. © 2011 Skybox Security, Inc. All rights reserved.


PR Contacts:

Gutenberg Communications for Skybox Security

Susie Hayne, 408-827-4360

Gutenberg Communications for Skybox Security 

Stefanie Cannon, 408-335-6964