Nov 7, 2022

Easing the Burden of Security Framework Compliance in ICS Environments

Blog Header – Blog – Xage (1)

With tensions rising in the Ukraine, 2022 has seen international agencies issuing multiple alerts about malicious Russian cyber operations targeting critical infrastructure. Of note, Industroyer2 and InController/PipeDream are modular attack tools intended for Operational Technologies (OT) throughout all Industries.

With the number of threat actors rapidly growing in light of geopolitical tensions, we are seeing organizations desperately struggling to apply frameworks and best practices to the Industrial Control Systems (ICS) to stave off this onslaught. Tools like NIST’s Cybersecurity Framework (CSF) and MITRE ATT&CK for ICS Framework can be helpful, but managing that complexity can be a challenge. For example, NIST’s CSF has five domains directly mapped to over 1000 controls so even the most mature programs find it difficult to comply. This is compounded by what seems like a continual stream of advisories and security directives coming from TSA, with the latest TSA revision coming Thursday, July 21, 2022.  

Cybersecurity Teams in the OT space are struggling even more since many of the technologies they are dealing with were developed before security concerns were ever really considered. The problem is further compounded by whether an organization can adequately measure whether they Identify, Detect, Protect, Respond, and Recover from a constantly evolving threat landscape.

Quite simply, compliance and how teams should effectively address it has become an organizational nightmare. Thankfully there are emerging platforms and partnerships that plan to help mitigate that horror. Xage, the zero trust real-world security company, and Armis, the leading unified asset visibility and security platform provider, recently announced a joint initiative to address both this compliance problem and the broader need for a Zero-Trust Architecture (ZTA)  head-on.

With both companies having expertise in complementary spaces, this partnership is providing a unique technology mapping that covers a myriad of cybersecurity needs, including compliance to the various security frameworks in question, as well as the delivery of Zero-Trust initiatives including industry leading remote access solutions. Essentially, the Xage and Armis partnership offers cybersecurity teams the ability to quickly and seamlessly implement system-wide compliance with NIST frameworks and other similar requirements while  leveraging preventative, zero trust-based security measures.

With critical infrastructure more at risk than ever before, an onslaught of security directives and initiatives, having technological solutions that can easily pivot to meet evolving needs is essential. To this end, Xage and Armis are collaborating on a series of long-term initiatives to meet this challenge.

For more information on how Xage and Armis solve for TSA industry compliance, join us at  this year’s API Cybersecurity Conference for the Oil and Natural Gas Industry on November 8-9 Interested participants can register for this year’s event here

For more information on Xage, visit

For more information on Armis, schedule a demo or free trial.

Get Updates!

Sign up to receive the latest news