Audit Assistants

Personas: Audit Team (Auditor, Compliance Officer, Compliance Analyst) and Consultants

Performing a regular review of your compliance metrics is important for your organization.  Performing the review manually is time consuming and tedious. NP Solutions provide multiple assistants to help verify the compliance of your network. The assistants can be found under Summary Reports on the main menu.

Industry Best Practices (Standard)

The Best Practices assistant will generate a report covering the following topics:

• Parser Warnings
• Unused Groups
• Rules missing a justification
• Unnamed nodes
• Rules that have risk alerts
• ACL’s with no explicit deny by default rule

Workspace Report (Standard)

The Workspace Report assistant will generate a report that includes detailed information about configuration files that were imported and parsed including:

• Configuration assessment report including risk alerts
• Ports and Interfaces
• Rule audit table
• Object group table
• Path analysis table

NERC-CIP Compliance (Premium)

This NERC-CIP assistant guides the user through the steps required to create a report covering the below requirements. The NERC-CIP audit assistant allows audit teams to classify BES cyber assets as High, Medium, and Low based on the standards. We have added a category for untrusted (Internet, Corp, etc.) to tag non BES assets.

• 002 – BES Cyber System Categorization; impact rating and 15-month review
• 003 – Security Management Control; cyber security policy
• 005 – Electronic Security Perimeter; remote access management
• 007 – System Security Management; ports and services
• 010 – Change Management and Vulnerability; configuration change management, configuration monitoring, vulnerability assessment

A demo workspace for the NERC-CIP audit assistant is included with the software.  Upon installation, the demo workspace will be displayed.   To see the audit assistant in action, follow these steps:

1. Click on the demo workspace to build the topology.
2. Click on the auto group function on the left menu to group assets by criticality. Red zones represent your most critical assets.
3. On the left menu, select summary reports and the NERC-CIP Compliance Report
4. Click through the wizard, the defaults will represent the selections suggested by the auto group function.
5. Click Generate Report to view the report in a new tab.

PCI Compliance (Customer Preview)

This PCI assistant guides the user through the steps required to create a report covering the below requirements. The PCI audit assistant allows audit teams to classify POS and CHD assets and their criticality for audit purposes and generates an easy-to-use report for compliance evaluation.

• 1.1.1a – Formal process for approving and testing all network connections
• 1.1.1b – Interview Process
• 1.1.1c – Change Tracking
• 1.1.2 – Network Diagram: Internet, DMZ, Internal
• 1.1.3 – Data Flows across systems and networks
• 1.1.4 – Interface requirements between Internet, DMZ’s, and internal network
• 1.1.6 – Justification for use of all ports and services
• 1.1.7 – Rule set review every 6 months
• 1.2.1 – Restricted traffic to CHD
• 1.2.2 – Secure and synchronize router configuration files
• 1.3.1 – DMZ shows limited inbound traffic
• 1.3.2 – Limited inbound internet traffic to IP addresses within the DMZ
• 1.3.6 – Separation of CHD storage from DMZ
• 1.3.7 – Network Address Translation (NAT)
• 11.3.4 – Segments which have no connections to CHD

A demo workspace for the PCI audit assistant is included with the software.  Upon installation, the demo workspace will be displayed.   To see the audit assistant in action, follow these steps:

1. Click on the demo workspace to build the topology.
2. Click on the auto group function on the left menu to group assets by criticality. Red zones represent your most critical assets.
3. On the left menu, select summary reports and the PCI Compliance Report
4. Click Generate Report to view the report in a new tab.