- Products & services Products & services
- Resources Resources
- Community CommunityDiscussion
- Discussion
- Knowledge
- IdentityIQ wiki Discover crowd sourced information or share your expertise
- IdentityNow wiki Discover crowd sourced information or share your expertise
- File Access Manager wiki Discover crowd sourced information or share your expertise
- Submit an idea Get writing tips curated by SailPoint product managers
Knowledge
- Compass
- :
- Discuss
- :
- User Groups
- :
- Energy and Utilities Industry
- :
- Forum
- :
- Calling all NERC CIP warriors!
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Content to Moderator
Calling all NERC CIP warriors!
Hello everyone,
I'm looking forward to connecting here with other utilities who are using or are planning to deploy IdentityIQ and/or File Access Manager. For those who don't know my background, I've been responsible for identity governance at SMUD (Sacramento Municipal Utility District) for nearly 20 years now. I guess I would call myself something of an Identity Evangelist. Talk about an identity journey, I've only recently (past 3-4 years) become more heavily involved with NERC CIP. It was particularly challenging from the outset because of having my feet set firmly in the SailPoint space on the corporate side, and although not too many utilities were using IdentityIQ for NERC CIP just a short time ago, I knew IIQ could handle CIP-004. Why the challenge? Convincing my management and peers in compliance that IdentityIQ could handle it with flying colors. They had nothing to compare it to, and it was a matter of leveraging the trust I'd build up over the years at SMUD to convince them it would work. Fortunately, we had a small but strong technical team with good access to resources on the compliance side. We got our compliance system in place almost 3 years ago now, and it has proven very successful.
Frankly, one of the best rewards for me personally in getting our NERC CIP compliance IIQ instance up and running was the success we had with our tri-annual audit last year. Executive level visibility can put you on edge, but that just made the teamwork and the months of preparation leading up all the sweeter a success. I can't help but remember the SailPoint competitor telling me flat out that I was going to fail when SMUD picked IdentityIQ instead of their niche solution. I appreciate the nudge.
I've enjoyed meeting and talking to so many of you in the industry over the last few years, and if you've chosen to partner with SailPoint for your NERC CIP compliance needs, but haven't quite yet initiated your compliance journey, I'm always willing to lend an ear and pass along what advice I can. For those of you in the trenches like me, I'd love to hear what challenges you've come across, and maybe how you've been able to meet those challenges with all the creativity and integration possibilities that SailPoint's product offerings enable.
All the best,
John Peters
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Content to Moderator
We do continue to maintain both instances, since we have the one previously designated as an EACMS inside a protected services network to communicate directly with our CIP assets (i.e., our PACS). The corporate instance and the CIP instance share a common database where the corporate instance will write or remove authorizations for things that the CIP instance will provision or deprovision. The CIP instance aggregates from this shared DB regularly throughout the day.
- « Previous
-
- 1
- 2
- Next »
