ABOUT SYMANTEC

Press Release

LinkedIn Facebook Twitter RSS

Symantec Announces NERC CIP Compliance Solution for Electric Utilities

Industry Expertise and Policy Management Tools Accelerate Organizational Compliance with CIP

CUPERTINO, Calif. - Oct. 5, 2006 – Symantec Corp. (Nasdaq: SYMC) today announced a comprehensive IT compliance solution to help electric utility firms comply with the North American Electric Reliability Council’s Critical Infrastructure Protection (NERC CIP) standards. Drawing on Symantec’s extensive industry experience, the NERC CIP solution combines consulting services, strategic compliance architecture, and automated policy management technologies to help assure the safe configuration and operation of information systems underpinning the electric utility industry.

“To achieve compliance with broad measures like NERC CIP, utilities need skilled partners who can tailor strategies around existing measures and unique demands in their environments,” said Gary Sevounts, senior director of industry solutions, Symantec. “Symantec is providing customers with strategies to reduce the time and cost of compliance by helping them align business and operational assets under a central compliance charter, leverage existing investments, and evaluate new protection technologies toward meeting or exceeding NERC CIP standards.”

Symantec Consulting Services: assessing readiness and achieving NERC CIP compliance

Designed to maintain the integrity of North America’s interconnected electrical systems, NERC CIP standards establish minimum requirements for cyber security programs protecting electric control and transmission functions. NERC recommends utilities undergo comprehensive asset and risk assessments from unbiased, third party experts, as the first step in the NERC CIP compliance process. Symantec Consulting Services is helping organizations understand their current state of readiness through its NERC CIP Readiness Assessment services.

During each assessment, Symantec consultants determine a customer’s initial compliance posture based on NERC CIP standards, information security disciplines, electric utilities’ operations, and leading vendors’ control system products. Symantec then provides a detailed view of current measures toward compliance, identifies compliance gaps and best practices for fully meeting each standard, and provides prioritized recommendations for efficiently achieving full compliance in a timely manner.

Automating NERC CIP compliance and reporting across the electric enterprise

Comparing existing security policies with NERC CIP standards, gathering required compliance documentation, and reporting on compliance levels across distributed energy networks are necessary compliance management functions, and frequently labor and capital intensive tasks. Symantec solutions are available to reduce the complexity of compliance management and accurately maintain auditable records. These technologies and services support organization efforts to lower compliance costs by automating the assessment of enterprise security policies against industry regulations and best practices. Additionally, these solutions fulfill organizational and regulatory requirements by generating proof-of-compliance documentation. These reports communicate current levels of compliance and trending during external and internal auditing, and guide implementation of management controls through integration with both Symantec and third-party infrastructure assessment software.

To increase the value of these policy management products for electric utility enterprises, Symantec is scheduled to make add-on NERC CIP compliance modules available for its existing toolset. The new modules will permit electric utilities to perform thorough compliance checks against NERC CIP standards, in addition to other regulatory and internal policy frameworks.

Symantec’s solutions for electric power utilities

Symantec offers a comprehensive set of enterprise solutions designed to help electric utilities ensure business continuity, achieve standards and regulatory readiness, and avoid costly disruptions and recovery time associated with cyber security incidents. Key solution components include perimeter and network security technologies, and solutions for configuration and software patch management, data backup and recovery, security policy compliance and endpoint protection. Complementary services offered to utilities include managed security services and specialized SCADA and DCS assessment and compliance consulting services. Further information on Symantec’s electric power solutions is located online at http://www.symantec.com/electric.

About Symantec

Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

@Symantec