Support Site

Compliance

From Mandate to Action: Responding to CISA’s OT Asset Inventory Guidance with ConsoleWorks

by

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with key partners like the NSA and DOE, recently released a joint guidance document: Foundations for OT Cybersecurity: Asset Inventory.

You can find the CISA document here:

https://www.cisa.gov/sites/default/files/2025-08/joint-guide-foundations-for-OT-cybersecurity-asset-inventory-guidance_508c.pdf

CISA’s guidance signals a turning point. Asset inventory is no longer a passive spreadsheet exercise — it’s the foundation of modern OT cybersecurity. It’s not just an operational necessity, it is a cybersecurity imperative.

At TDi Technologies, we couldn’t agree more. The guidance validates years of investment and innovation behind ConsoleWorks Asset Inventory — our unified approach to OT visibility, intelligence, and risk-informed action.

Translating CISA Requirements into Real-World Capability

CISA outlines essential requirements such as maintaining an accurate, centralized, and secure inventory of all OT assets — including not just devices, but software, users, ports, and firewall rules. It emphasizes:

  • Lifecycle management and change tracking
  • Categorization by criticality and function
  • Network zone mapping
  • Periodic review and ownership assignment

Click the image below to review the ConsoleWorks to CISA Mapping to see how ConsoleWorks Asset Intelligence and Inventory Solution addresses the CISA mandate.


Download ConsoleWorks Asset Inventory Response to CISA

ConsoleWorks’ Asset Inventory was built with these principles in mind. Our platform automatically ingests and normalizes asset metadata from multiple sources, applies customizable classification schemes, and organizes assets into an extensible inventory model aligned to real-world infrastructure and cyber risk posture. Every asset — whether physical or virtual — becomes traceable, contextualized, and actionable.

But, ConsoleWorks goes beyond just Asset Inventory, it then uses the asset inventory data to evaluate your environment, at any level, for security, compliance, and operational risk. Since its integrated with ConsoleWorks SRA, action can be immediately taken. This is where the real value is realized. And ConsoleWorks continuously enables this close-loop process.

CISA defines what an effective OT asset inventory should look like. ConsoleWorks delivers how to achieve it.

It’s Not Just Inventory — It’s Intelligence with Context

The CISA guide stops at visibility. Unlike traditional CMDBs or passive discovery tools, ConsoleWorks goes further. It connects each inventory element with the following:

  • Secure access pathways
  • Known vulnerabilities
  • User and identity information
  • Configuration drift
  • Policy violations
  • Real-time event activity

This rich context turns a static inventory into a dynamic Cybersecurity / Compliance / Operational Risk Profile, enabling teams to prioritize and act with confidence. It provides the insight that drives action.

When ConsoleWorks detects a misconfiguration, missing patch, or policy deviation, it doesn’t just alert. Thanks to our embedded Secure Remote Access (SRA), if appropriate, authorized users can immediately initiate a secure session to remediate the issue — directly from the inventory record — while maintaining full auditability and policy compliance.

Cybersecurity / Regulatory Mapping Built In

Our risk model maps directly to the Secure Controls Framework (SCF) (https://securecontrolsframework.com.)— the industry-standard overlay that ties security controls to multiple regulations including NIST CSF, NERC CIP, CMMC, and many more. By anchoring asset intelligence to SCF, we not only meet the letter of compliance but support the spirit of resilience.

With ConsoleWorks, organizations get a future-ready asset inventory that is:

  • Comprehensive
  • Contextual
  • Continuous
  • Connected to action

If you’re ready to turn data into decisions — we’re ready to help.

Conclusion

CISA’s OT Asset Inventory guidance establishes asset inventory as a foundational requirement for cybersecurity and risk management. Meeting this guidance requires more than maintaining a list of devices—it requires structured, continuously updated asset data that can be used operationally.

ConsoleWorks aligns with these requirements by implementing asset inventory as a normalized, correlated, and continuously maintained system that supports security, compliance, and operational use cases.

Download the Whitepaper to see how ConsoleWorks can transform your OT visibility into intelligence.

ConsoleWorks Zero Trust Platform and CISA JCDC – a Profound Partnership

by

In the relentless battle against the ever-evolving landscape of cyber threats, collaboration between cybersecurity solution providers and government agencies is paramount. This paper shines a spotlight on the partnership between ConsoleWorks, a leading Zero Trust cybersecurity platform, and the Cybersecurity and Infrastructure Security Agency (CISA) Joint Cyber Defense Collaborative (JCDC). The focus of this collaboration encompasses ConsoleWorks’ pioneering features, specifically Secure Remote Access with a true protocol break, ConsoleWorks REACT (Risk Evaluation and Assessment for Cyber Threats), Log correlation and event management, and the indispensable role of continuous monitoring with the Baseline Configuration Management (BCM) feature. More about what the CISA JCDC partnership encompasses can be found here: CISA JCDC

ConsoleWorks: Pioneering Zero Trust Secure Remote Access with a Protocol Break

ConsoleWorks stands as an indispensable ally in the realm of cybersecurity, offering a suite of robust features designed to ensure secure remote access to critical infrastructure. In an era where remote work is the norm, ConsoleWorks’ Protocol Break capabilities take center stage. This innovative approach places a strong emphasis on controlled and encrypted connections, effectively acting as a “man-in-the middle” monitor for any unauthorized access attempts. ConsoleWorks permits authorized personnel to access critical systems without compromising security, fortifying the defenses against potential cyber threats.

ConsoleWorks REACT: Comprehensive Risk Evaluation and Assessment

The complex and ever-changing cyber threat landscape requires a comprehensive approach to risk evaluation and assessment. ConsoleWorks employs a state-of-the-art strategy known as ConsoleWorks REACT (Risk Evaluation and Assessment for Cyber Threats). This proactive approach aligns seamlessly with JCDC’s mission of collective defense. ConsoleWorks conducts continuous risk assessments, assessing vulnerabilities and monitoring configuration changes for situational and operational awareness. Such a strategy empowers organizations to identify potential threats before they escalate into significant security incidents, staying ahead of the evolving threat landscape.

Continuous Monitoring with BCM: Enhancing Cyber Resilience

ConsoleWorks bolsters its capabilities through Baseline Configuration Management (BCM), a feature that plays an instrumental role in continuous monitoring. BCM ensures that the configuration of critical assets remains aligned with established and authorized baselines. By continuously monitoring and managing configuration changes, BCM not only participates in risk evaluation but also mitigates mis operations and provides invaluable assistance in incident response and recovery. It serves as the guardian of operational integrity.

CISA JCDC remote monitoring and management cyber-defense-plan

ConsoleWorks Zero Trust Cybersecurity Platform for CISA JCDC

The collaboration between ConsoleWorks and CISA JCDC amplifies the capabilities of Secure Remote Access, ConsoleWorks REACT, and BCM. By integrating real-time threat intelligence from JCDC, ConsoleWorks’ cybersecurity platform becomes even more dynamic and adaptive, preemptively thwarting unauthorized access attempts. In partnering with JCDC’s, and through collaborative efforts, ConsoleWorks REACT provides a template for mitigating an organizations risk in real-time. Meanwhile, BCM actively contributes to risk mitigation, ensuring operational integrity, and expediting incident response and recover by tracking and monitoring “known-good” asset configurations for unauthorized changes and library vulnerabilities.

Enhanced Incident Response and Recovery

In the event of a cyber incident, ConsoleWorks plays a pivotal role in incident response and recovery. Its continuous monitoring and session recording capabilities offer a crucial forensic toolset. When an incident occurs, organizations can rely on ConsoleWorks’ recorded data to investigate the incident’s root cause, identify compromised systems, and assess the extent of the breach. This invaluable information accelerates the incident response process, reducing downtime and minimizing the impact of cyberattacks. Furthermore, with asset “known-good” running state baselines that are stored within ConsoleWorks, the restoration of an asset can coincide with the incident response operations.

Comprehensive Compliance and Reporting

ConsoleWorks is not only a robust cybersecurity platform but also a compliance enabler. It automates compliance checks and generates audit-ready reports, ensuring that organizations meet regulatory requirements, effortlessly. This feature is particularly crucial for critical infrastructure sectors that must adhere to stringent compliance standards. Through ConsoleWorks, organizations can maintain compliance without the burden of manual checks and reporting.

Scalability and Integration

ConsoleWorks is designed with scalability and integration in mind. As organizations grow and their cybersecurity needs evolve, ConsoleWorks adapts. It seamlessly integrates with existing security tools, creating a cohesive security ecosystem. Whether an organization operates on a small scale or a large enterprise level, ConsoleWorks scales to meet the demands of the ever-expanding threat landscape.

Conclusion

In a dynamic cyber threat landscape, partnerships such as the one between ConsoleWorks and CISA JCDC are the linchpins in safeguarding critical infrastructure and data. The emphasis on Secure Remote Access with protocol break, the adoption of ConsoleWorks REACT for comprehensive risk evaluation and assessment, logging and event correlation, and the inclusion of BCM for continuous monitoring underscore ConsoleWorks’ commitment to providing a holistic cybersecurity platform. This collaboration bolsters these features, demonstrating a proactive approach in addressing emerging threats, and increases the reliability of the organizations operations.

Together, they exemplify the potential of cooperation and innovation to mitigate the ever-evolving cyber threat landscape, securing the digital future of organizations and critical infrastructure. As organizations navigate the complex cybersecurity terrain, ConsoleWorks and JCDC stand as guardians, offering a beacon of resilience in an interconnected world, ensuring the secure, uninterrupted operation of critical infrastructure assets.

For organizations eager to explore the capabilities of ConsoleWorks and witness firsthand how it can strengthen their cybersecurity posture, we extend an invitation to contact us. Our dedicated team is poised to provide further information, address inquiries, and arrange a live demonstration of our solution. Contact us today to embark on a journey towards enhanced cybersecurity, proactive threat mitigation, and a fortified digital future. Together, we can navigate the ever-evolving cyber landscape with confidence and resilience.

[SCHEDULE A DISCUSSION AND DEMO]

 

NERC-CIP Compliance – Audit versus Intent

by

NERC-CIP compliance is an integral part of the conversation in the Utility industry. Management practices are being continually refined and deployed against it, technology is being implemented because of it, and gaps identified by NERC-CIP audit experiences are driving compliance efforts. Many Utility companies have successfully reached the stage where they can confidently state that they are NERC-CIP compliant. But what does that mean?

First let’s review the difference between audit and intent. An audit is a review process intended to determine if appropriate policies, procedures, and controls are in place as defined by the NERC-CIP compliance regulations. Each Utility company approaches these elements of compliance in their own way because the regulations are a guide, not a prescription.

Intent is a different story all together. We can pass our audits, we can rightfully claim we are NERC-CIP compliant, but that does not mean we are meeting the intent of the NERC-CIP regulations. The intent is that we are supposed to protect our vital electrical power infrastructure so that we all have the electricity we always need and that we have the mechanisms in place to stop potentially disruptive events from occurring. Intent covers both service loss and exposure to service loss. For example, losing generation capability due to generation systems being compromised is a service loss, and a clear NERC-CIP violation. Allowing a security risk to occur that makes the generation system vulnerable to exploitation is also a clear NERC-CIP violation. Both compromise the intent of NERC-CIP. Both cases, should either occur, would take a company that can rightfully claim to be NERC-CIP compliant into being out-of-compliance.

For example, let’s say we have strong physical security in place at a given location where a Cyber Asset exists. There could be a building that has a locked door or a fence with a locked gate. There could also be a cabinet or interlock device that has another lock on it, to ensure only those authorized to access that Cyber Asset can do so. These examples would meet NERC-CIP requirements from an audit perspective and the claim of being NERC-CIP compliant in many cases.

But what if the authorized person who accesses the Cyber Asset fails to follow the procedure for changing, configuring, updating, patching, modifying, etc. the Cyber Asset? What is done could directly lead to a service loss but more likely it would create a threat or vulnerability that we simply do not know about (until something bad happens). Transparency and oversight depend on knowing what each person who touches a Cyber Asset does to it. A procedure for getting approval for, and documenting, all changes will satisfy auditors but any exceptions or deviations from the procedure are a violation of the NERC-CIP and compromise its intent.

The challenge for many Utility companies is now focused on ways to gain oversight and control over NERC-CIP policies. We all know that procedures that people must follow will result in exceptions and errors sooner or later.
So while many Utility companies have solved the challenge of being NERC-CIP compliant, the NERC-CIP challenge has only begun to be addressed. The focus is shifting now to looking for ways to move policies into systems for oversight, simplification, elimination of human error, and proactive response to potential threats.

See Resources for more information on how ConsoleWorks tackles NERC-CIP Challenges.

ConsoleWorks 5.2 | New Release

by

We are excited to announce new features in ConsoleWorks available Q1 2019!

New, enhanced usability provides an easy and intuitive view to take action fast.

 

Compliance & Situational Awareness Dashboard

ConsoleWorks Continuous Monitoring and Situational Awareness Dashboards provide a real-time overview of the current state of the environment, enabling security and compliance personnel to quickly analyze data and then take action.  The comprehensive view summarizes the overall state of risk regarding compliance and security.

Security and compliance teams can quickly address gaps, eliminate threats, deny unnecessary connections, and keep security and compliance policies up-to-date and enforced.

The NERC CIP Compliance Dashboard provides a quick view and status of various compliance requirements, such as:

  • Review of asset classifications required every 15 months
  • Review of Privileges required every 15 months
  • Notification if an asset is not in an ESP
  • Notice of Patches identified that have not been addressed within 35 days
  • Notification of Failure to Log
  • Status of Password reset policy violations
  • Notice of Unsuccessful / Failed Login Attempts
  • BCM differences that have not been resolved within 30 days

The Dashboard Widget Designer allows any information defined in ConsoleWorks to be extracted and displayed as a chart. Warning thresholds can be easily set to provide early notifications, allowing time to address issues before compromising compliance thresholds.

Enhanced Operator Interface

ConsoleWorks Common IT / OT Operational Interface provides a single, simplified view that can be customized for individual workflows. The intelligent and dynamic filtering capabilities enable faster issue remediation and problem-solving for both IT and OT environments.

  • Built with a secure foundation with compliance and operations in mind
  • Built on the ConsoleWorks granular, role-based permissions model
  • Inter-widget communications enable intelligent filtering across ConsoleWorks components – Assets, Events, Logs, Tickets.
  • Intelligent Filtering enables faster issue remediation/problem solving
  • Tightly integrated with leading ticketing solutions for faster time to resolution

Download Datasheet

Compliance & Situational Awareness Dashboard Sample

Enhanced Operator Interface

Let’s Talk about Compliance & Change Management

by

Compliance is one of those subjects that keeps a lot of people up at night. It doesn’t matter what the compliance driver is, whether it’s SOX, PCI, NERC-CIP, HIPAA, etc. Or even if it’s some form of internal compliance policy. Compliance always means the same thing, more demands on us to follow rules and then prove that we have, indeed, followed them.

For both IT/OT operations, the biggest compliance challenge is documenting what privileged users do. Often, this falls into the Change Management bucket. Traditionally there are two things we can do to document what Privileged Users do. The first is to pull information from log files which include information about logins, logoffs, and whatever else is written to a log file while a privileged user is actively logged-on. In years past this information was “good enough” but that has changed, and the implications can be – painful.

The change I am referencing is the requirement to document all activities of privileged users. Gathering log file data only tells us system-generated messages in response to a privileged user’s actions, not what they ‘actually did’. In most cases that information is insufficient to really know what actions the privileged user performed (what commands they executed). This takes us to the traditional change management practice, requiring Privileged Users to manually document all their activities.

How well do you think that works from a compliance perspective? Right, not very good at all. Missing records, inaccuracies, and inconsistencies will happen. Typically, Privileged Users prefer not to produce manual documentation and the time spent doing so takes away from other IT/OT business projects. So, the situation creates poor record keeping, and frustrated Privileged Users.

ConsoleWorks solves this problem. The Platform sits between Privileged Users and privileged interfaces, ConsoleWorks can capture every Privileged Users’ keystroke activity. Digitally signed records are automatically produced, eliminating the need to manually document anything – meeting the needs of the most stringent compliance or auditor requirements.  Happy auditor, and happy users.

ConsoleWorks Addresses GDPR | Secure & Controlled Access

by

EU GENERAL DATA PROTECTION REGULATION (GDPR)

GDPR Data Security Compliance for Privileged Users

The EU General Data Protection Regulation (GDPR) has been designed to protect how personal data of EU citizens is collected, processed and stored. This requires companies to evaluate their data security strategy as to how they collect and store data, who has access to the data and implement policies to ensure compliance with GDPR Data Security for Secure Access.

Secure and Controlled Access to Data

GDPR requires companies to implement granular controls to protect access, and set and enforce clear roles and responsibilities for access to the systems that hold personal data. ConsoleWorks Privileged Interactive Access enables companies to proactively protect their privileged credentials and secure remote access to devices and systems for inside privileged users, vendors, and contractors.

ConsoleWorks ensures that every remote access connection made by our customers, whether a privileged user connecting to a critical system or device or a help desk connecting to a user, is secure. ConsoleWorks protects critical systems and data while helping companies meet the data privacy requirements of GDPR.

  • Ensure Data Protection
    Control and limit access to sensitive personal data to only the privileged users’ authorized level.
  • Streamline Regulatory Compliance
    Automatically capture detailed audit trail that documents all session activities and credential usage.
  • Simplify Audit & Reporting
    Significantly reduce the time involved in collecting the data required to support an audit and producing the reports to prove compliance.

We can help

Reach out today, and we'll talk through how we might be able to help!

Contact us