Enabling NIS Directive Compliance with Fortinet for Operational Technology

The Directive contains programmatic elements that will improve the security for many OESes and DSPs. This paper explored an approach to both design (utilizing the ICS410 reference architecture) and operate (by examining several products in the Fortinet Security Fabric) industrial control systems to address the Directive. By linking distinct capabilities to risk management and incident response, operators that embrace the Directive will find themselves with a more resilient and secure critical infrastructure. The security elements can, and should, be implemented as an ingrained element of operations. The Fortinet technologies tested in this implementation guide show how capabilities can be provided to improve both security and compliance with the Directive. Compliance with any standard should be a repeatable “sanity check” for a security program.