NCA OTCC 1:2022 Controls mapping to REPLIL Products & Services

Cyber security + Whitepapers admin todayJuly 13, 2024

Background
share close
Protect the Critical Infrastructure

Using IEC62443-4-2 ``SL3`` Compliant Products

Actionable Insights and Powerful Management & Reporting

In response to emerging critical infrastructure targeted threats and vulnerabilities. The Saudi Arabia National Cybersecurity Authority (NCA) has developed mandates and guidance for cybersecurity in these systems to shore up the nation’s cyber defense

These controls are developed as an extension to the ECC to achieve higher levels of national cybersecurity goals by focusing on Industrial Control Systems (ICS) and defining its cybersecurity requirements referred as “NCA OTCC-1:2022

NCA OTCC-1:2022 addresses mainly People, Process, Technology & Strategy focused on below four key domains.

check Cybersecurity Governance

check Cybersecurity Defense

check Cybersecurity Resilience

check Thirdparty Cybersecurity


REPLIL Technology & Solutions helps you to meet NCA OTCC 1:2022 Controls

NCA Controls REPLIL Product (Click Links for More Details) Platform Capabilities
2-1 Asset Management
2-1-1-1
2-1-1-2
2-1-1-3
REPLIL IPM (Industrial Patch Manager) REPLIL IPM provides pinpoint accuracy to support Asset Management
• Workstations Classifications
• Manned / Unmanned Workstations
• Operating Systems
• Version / Build Details
2-2 Identity and Access Management
2-2-1-6
2-2-1-9
REPLIL IPM (Industrial Patch Manager)

REPLIL IPM provides embedded Multifactor Authentication to ensure the dual approval is enforced before Patches of Critical systems can be managed.

All the passwords are stored with AES256 encryption with strict role-based access controls enforced on each layer in compliance to IEC62443 “SL3” requirements.

2-3 System and Processing Facilities Protection
2-3-1-3
2-3-1-4
REPLIL IPM (Industrial Patch Manager)
REPLIL OPS (OT Patch Sandbox)

REPLIL IPM / OPS provides centralized visibility and management tools for the OEM (Automation Vendors) patches covering.

• Compliance Status of Plant Patch     Management Environment
• Missing / Installed / Failed Patches Status
• Support Updates / Upgrades of IPS / IDS / AV engines
• SIEM / SOC visibility of Critical Patches
• Test & Validate the Critical Patches
• Customized Dashboards Industrial Patch Management
• Customized Reports to cover the unique challenges of Industrial Patch Management

2-3-1-10 REPLIL CybeRadar OT Log Management Tool to store / Forward the logs to Centralized systems (SYSLOG / WEF)
2-4 Networks Security Management
2-4-1-15 REPLIL IPM (Industrial Patch Manager)
REPLIL OPS (OT Patch Sandbox)

REPLIL IPM / OPS provides centralized visibility, testing and management tools for the OEM (Automation Vendors) validated patches covering.

 

 

2-6 Data and Information Protection
2-6-1-1 All Products REPLIL Products stores and protect the unauthorized access using multiple techniques in compliance to IEC62443 “SL3”.
• Role Based Access Control
• Password Policy
• Embedded Multifactor Authentication
• Session Controls
• Database & Storage Encryptions
• SSL Encryption
2-7 Cryptography
2-7-1 All Products REPLIL Products provides encryption using AES 256 in compliance to IEC62443 “SL3” and support data in transit or stored encryptions using internal / external SSL encrypted protocols.
2-9 Vulnerability Management
2-9-1-2
2-9-1-3
REPLIL IPM (Industrial Patch Manager) REPLIL IPM provides automated vulnerability mapping against the missing patches for the critical assets. The customers can plan / export / remediate the discovered vulnerabilities for up-to-date protection of the systems.
2-11 Cybersecurity Event Logs and Monitoring Management
2-11-1-1
2-11-1-2
2-11-1-3
REPLIL CybeRadar OT Log Management Tool to store / Forward the logs to Centralized systems (SYSLOG / WEF) with powerful customizable dashboards & Reports for key insights.
4-1 Third-Party Cybersecurity
4-1-1-3
4-1-1-4
All Products

REPLIL Products are developed using a defined SDLC process for the critical infrastructure “IEC62443-4-1” and maintains the Managed state.

REPLIL products are developed in compliance to IEC62443-4-2 “SL3” requirements.

REPLIL Products are integrated to NVD “National Vulnerability Database” for prompt reporting of Vulnerabilities.

Periodic Gray / White / Black VAPT (Vulnerability Assessments & Penetration) Techniques are used to identify any vulnerability.

Written by: admin

Tagged as: , , .

Rate it
Previous post