When is the best time to start using cmplid://?
The next assessment you begin is the best assessment to assess with cmplid://
The next batch of CVEs you analyze is the best batch to analyze with cmplid://
The next plant modification is the best mod to use cmplid://’s design specification tool with
Your current processes for each of these functions suffer from a lack of automation. Whatever tool you use for these processes, be it a commercial assessment tool or a homegrown document, spreadsheet, or database, it cannot compete with the automation provided by cmplid://.
Things don’t have to be perfect, you don’t have to be ready for everything. You can start using cmplid:// immediately and realize immediate increases in effectiveness and efficiency!
Perfection is the enemy of progressWinston Churchll
If you do not have a consistent SCIS documented throughout your CDA assessments; move forward. cmplid:// supports building that SCIS consistently and granularly throughout the process of completing assessments.
If you don’t have a complete Logic Tree that granularly documents your approach to implementing the NEI 08-09 controls for all CDAs; move forward. cmplid:// supports building this over time, as needed to address CDAs assessed. Think of it as Just in Time SCIS development.
If you don’t know all of the software platforms that must be researched for CVEs; move forward. Start with what you know and re-task the cyber security engineers dedicated to vulnerability research to determining the rest, instead of labor intensive string searches of the NVD database and the resulting analysis. They will have time.
If you don’t have a complete picture of what design specifications are required for all types of CDAs being introduced through plant modifications; move forward. Start with the incipient CDAs (Hat Tip: Barb Weber) for the next mod.
Continuing to use slow, ineffective, and inefficient processes simply because your are not ready to implement a perfect security program is counterproductive. The truth is no security program is ever in a perfect state. The dynamic nature of technology, vulnerabilities, plant configurations, personnel changes, and of course, the fickle and unpredictable nature of regulatory decrees, makes cyber security program perfection unobtainable.
Using a system that inflexibly stores relevant information in source-code or unstructured information sources, e.g. spreadsheets, documents, pdfs, etc… is a regressive path of eternal inconsistency, at a great cost both financially and in terms of wasted man-hours.
cmplid:// provides for dynamic, incremental, and granular documentation of all relevant cyber security program information, transforming it into structured data that can be consumed by the analysis functions built into the software. cmplid:// moving forward.
For more information contact us at firstname.lastname@example.org