Empowering Vendors to Secure the Grid
Asset to Vendor Network is a collaboration between utilities and vendors to secure the grid and achieve compliance with NERC CIP standards
NERC CIP-013 requires utilities to proactively assess the cybersecurity posture of their vendors and their products and services
- Completing annual cybersecurity risk assessment questionnaires and providing evidentiary documentation for multiple utilities is resource intensive.
- Self-attestation (self assessments) may be insufficient and will require validation.
- Utilities will pay independent agents such as Fortress to conduct and validate assessments
- Assessments will need to be normalized (standardized) and mapped to assessment frameworks.
Launches the Asset to Vendor Network (A2V)
a mutual assistance network for utilities and their vendors to secure the supply chain and comply with NERC CIP standards.
Implementation guidelines from the
North American Transmission Forum (NATF) suggests the following:
– Perform Vendor Risk Assessments
– Implement Product Risk Assessments
– Verifying the integrity and authenticity of software
– Implement Product Risk Assessments
– Multiple cybersecurity framework mapping
– Recurring reviews to identify risks, risk assessment conclusions, and risk mitigations
A joint venture with Fortress, American Electric Power, and Southern Company

A2V is committed to helping American Electric Power and other leading utilities

Southern Company provides provide clean, safe, reliable and affordable energy to 9 million customers through their subsidiaries
A2V in the News






Asset to Vendor Network
Asset to Vendor (A2V) is a collaborative network of utilities and vendors that share risk management information.
A2V Risk Management Information
Risk Assessments
IT/OT vulnerability & patch subscriptions
Increased Security
Reduced turn-times, decisive remediation, on-demand evidence
Significant cost reduction
“We already share the risk. Now let’s share the cost.”
How does Fortress A2V work?
Fortress Information Security manages and validates assessments for vendors who join A2V and provides them with a secure link to grant assessment requests from the utilities

A2V Solves Security Challenges
-
Companies have limited resources for security
A2V allows vendors to focus on security, not assessment requests reducing internal cost
-
Risk assessments traditionally take months to produce
A2V ensures up-to-date renewals and instant availability
-
Product solutions are fragmented and expensive
A2V provides a unified solution at reduced cost
-
Vendors retain control of their data
Vendors control who sees their data
-
Product solutions are fragmented and expensive
A2V provides a unified solution at reduced cost
Fortress A2V Benefits
Results and advantages of our partnership
- Reduced Costs
- Transparent Process
- Operational Fourth-Party Vendor Assessments
- Data Storage
- Increased Security
- Insight into Purchasing Intent
- First Mover Competitive Advantage
- Demonstrate leadership in securing the grid with joint PR
Fortress A2V Offers You Control
Over the Vendor and Product Assessment Process
Vendor Security Risk Assessments and
Product Security Risk Assessments
- Fortress conducts complete risk assessments on organizations one time to save vendors time and cost of interacting with multiple utilities.
- Vendors retain control over who the assessments are shared with.
Asset Risk Management
- Fortress verifies software sources and validates patch integrity in accordance with CIP-010 and CIP-013
Fortress Guardian – Continuous Risk Monitoring
- Continuous monitoring of both cyber and business-risk.
Remediation
- Fortress works with you to identify and remediate areas of risk.
Services
- Human-assisted solutions which deliver significant value leveraging the Fortress Platform technology; for example, recommendations for how best to remediate possible risks across an organization’s critical infrastructure assets.
Fortress Platform – Supply Chain Risk Management Insights
Scalable, Modular System with Customizable Dashboards

- Built on lightning-fast, modern architecture
- Has the simplicity of a spreadsheet with all the sophistication and power of an enterprise system
- Features include workflow management, task assignment, approvals and vendor portal
- Flexible architecture for integrations and enhancements
- Robust analytics module included, enabling simple self-service for reporting