Built for compliance
PSC helps you produce clean evidence for the controls you already work with. We focus on actions and logs tied to people and assets.
Audit-ready evidence generation
Every PSC action generates structured evidence that maps directly to compliance requirements. From access control to configuration management, password policies to firmware updates — all with complete audit trails and automated reporting.
Supported frameworks
NERC CIP
Critical Infrastructure Protection standards for bulk electric system cybersecurity
CIP-005: Electronic Security Perimeter(s)
CIP-005-5 R1
Electronic Security Perimeter identification and protection
PSC Support
- Network boundary documentation with device inventories
- Access point identification and control
- Electronic Access Control and Monitoring (EACM) evidence
CIP-005-5 R2
Electronic Access Control and Monitoring
PSC Support
- Time-bound access without standing device accounts
- MFA integration via your directory services
- Complete session logs: who/what/when/where/why
- Automated access termination and credential rotation
CIP-007: Cyber Security - Systems Security Management
CIP-007-6 R1
Ports and Services management
PSC Support
- Device port and service inventory
- Baseline configurations with change detection
- Unauthorized service detection and alerting
CIP-007-6 R2
Security Patch Management
PSC Support
- Remote firmware updates with approval workflows
- Patch deployment tracking and verification
- Rollback capabilities with audit evidence
- Source verification and integrity checking
CIP-007-6 R5
System Access Controls
PSC Support
- Password policy enforcement and rotation
- Default password detection and remediation
- Account lifecycle management with evidence
CIP-010: Cyber Security - Configuration Change Management and Vulnerability Assessments
CIP-010-2 R1
Configuration Change Management process
PSC Support
- Baseline configuration capture and versioning
- Change approval workflows with dual control
- Configuration drift detection and alerting
- Automated rollback to approved baselines
CIP-010-2 R2
Configuration monitoring for unauthorized changes
PSC Support
- Real-time configuration monitoring
- Unauthorized change detection and reporting
- Change attribution to specific users and sessions
Evidence Types
- Access logs with user attribution
- Configuration baselines and change records
- Firmware update approvals and verification
- Password policy compliance reports
- Session recordings and audit trails
Reporting Capabilities
- Quarterly CIP evidence packages
- Self-assessment documentation
- Auditor-ready evidence exports
- Control effectiveness metrics
IEC 62443
Industrial automation and control systems security framework
IEC 62443-3-3: System Security Requirements
SR 1.1
Human user identification and authentication
PSC Support
- Integration with enterprise identity systems
- Multi-factor authentication enforcement
- User session management and audit
SR 1.2
Software process and device identification and authentication
PSC Support
- Device identity verification and certificates
- Secure communication establishment
- Process authentication and authorization
SR 1.3
Account management
PSC Support
- Automated account provisioning and deprovisioning
- Privilege escalation controls
- Account usage monitoring and reporting
SR 2.1
Authorization enforcement
PSC Support
- Role-based access control implementation
- Function-specific authorization
- Time-bounded access permissions
IEC 62443-4-2: Technical Security Requirements for Components
CR 1.1
Human user identification and authentication
PSC Support
- Strong authentication mechanisms
- Password policy enforcement
- Multi-factor authentication support
CR 2.1
Software process and device identification and authentication
PSC Support
- Mutual device authentication
- Certificate-based authentication
- Secure key management
Evidence Types
- Authentication and authorization logs
- Access control policy documentation
- Security function implementation evidence
- Component security assessment results
Reporting Capabilities
- Security level assessment reports
- Control implementation documentation
- Risk assessment evidence
- Security architecture documentation
NIS2
Network and Information Systems Security Directive (EU)
Article 21: Cybersecurity risk-management measures
Risk Management
Cybersecurity policies and risk assessment
PSC Support
- Asset inventory and risk scoring
- Vulnerability management workflows
- Risk-based configuration policies
Incident Handling
Procedures for handling cybersecurity incidents
PSC Support
- Security event logging and analysis
- Incident response automation
- Forensic evidence preservation
Business Continuity
Business continuity and crisis management
PSC Support
- Configuration backup and restore
- Rapid deployment capabilities
- Service availability monitoring
Supply Chain Security
Security for suppliers and third-party service providers
PSC Support
- Vendor access controls and monitoring
- Third-party integration security
- Supply chain risk documentation
Evidence Types
- Risk assessment documentation
- Security incident logs and responses
- Business continuity test results
- Supplier security assessments
Reporting Capabilities
- Annual security reports
- Incident notification documentation
- Compliance assessment results
- Risk management documentation
NIST SP 800-82
Guide to Industrial Control Systems (ICS) Security
Security Controls: ICS-specific security control implementations
Access Control
Logical access control for ICS components
PSC Support
- Role-based access control implementation
- Least privilege enforcement
- Access logging and monitoring
Configuration Management
Configuration control for ICS components
PSC Support
- Baseline configuration documentation
- Change control processes
- Configuration verification and validation
System and Information Integrity
Information system monitoring and integrity verification
PSC Support
- File integrity monitoring
- System activity logging
- Malware protection evidence
Evidence Types
- Security control implementation evidence
- Risk assessment and authorization documentation
- Continuous monitoring results
- Security test and evaluation reports
Reporting Capabilities
- Security authorization packages
- Continuous monitoring reports
- Control effectiveness assessments
- Risk management documentation
Audit-ready from day one
Automated Evidence Collection
Every PSC action generates structured evidence with complete audit trails
- Timestamped logs
- User attribution
- Asset correlation
- Approval workflows
Compliance Dashboards
Real-time view of compliance posture with drill-down capabilities
- Control coverage metrics
- Exception reporting
- Trend analysis
- Risk scoring
Export and Reporting
Generate compliance reports and evidence packages on demand
- Customizable reports
- Multiple export formats
- Automated scheduling
- Template library
Auditor Integration
Direct auditor access to evidence with role-based permissions
- Read-only access
- Evidence authentication
- Report generation
- Historical data
Real-time audit dashboards for NERC CIP
PSC aggregates access, configuration, and firmware events into a filterable view by substation, device family, time window, and user. You can export the exact records behind any chart at any moment. Evidence packs map to NERC CIP, NIS2, and IEC 62443 controls so teams can trace each record to a requirement.
Why PSC for compliance
Cuts audit prep time from weeks to days with automated evidence collection
Reduces compliance risk with continuous monitoring and drift detection
Eliminates manual documentation with automated logging and reporting
Provides single source of truth across mixed-vendor environments
Scales compliance processes across thousands of devices
Ready for your next audit?
See how PSC generates audit-ready evidence for your specific compliance requirements.
Get compliance demo