Industries · Energy & utilities
PAM for grids, pipelines, and the OT control room.
12Port helps energy and utility operators meet NERC CIP, TSA pipeline directives, and IEC 62443 control requirements without dropping agents on Purdue Level 0–3 assets. Agentless brokering, vault-mediated credentials, recorded sessions, and microsegmentation across IT and OT in one platform.
Where 12Port plays
Three places energy operators put 12Port to work.
Generation & transmission
NERC CIP-005 + CIP-007 controls.
Interactive remote access to BES Cyber Systems through a recorded broker. No standing privilege on EMS workstations. Session video + transcripts as evidence for CIP-005 R2 audits.
Pipeline & midstream
TSA SD02C controls for SCADA.
Vendor and contractor remote access to SCADA without VPN tunnels reaching the control segment. Microsegmentation between IT and OT enforces the TSA pipeline directive boundary.
Distribution & retail
DER + smart-meter back-office.
Vault and rotate the service-account credentials behind AMI head-end and DERMS systems. UEBA flags anomalous operator behavior on customer billing and outage-management consoles.
Why agentless matters here
OT teams will not approve agents on the controllers.
PAM products that depend on endpoint agents fail in OT. The plant manager will not let you push software to a 15-year-old Windows XP HMI, an embedded RTU, or a vendor-locked engineering workstation. The change-control window is too narrow and the blast radius is too high.
12Port brokers sessions around the asset rather than on it. The HMI never sees the credential. The vendor never sees an OT password. The auditor sees the recorded session, the keystroke transcript, and the policy that authorized it.
Pair that with host-native firewall enforcement to keep IT and OT segments cleanly partitioned, and you have an answer to the IEC 62443 zone-and-conduit model that does not require ripping up your network.
Frameworks 12Port helps with
Evidence on tap for the audits that actually matter to you.
- NERC CIP : CIP-004 (personnel + training), CIP-005 (electronic security perimeter), CIP-007 (system security mgmt), CIP-010 (config change), CIP-013 (supply chain)
- TSA Pipeline : SD02C and follow-on directives for natural-gas + liquids pipelines
- IEC 62443 : zones + conduits, identification + authentication control (FR-1), use control (FR-2)
- NIST SP 800-82 : ICS / OT security guide
- NIS2 Directive : for European energy operators in scope after 2024
- SOC 2 + ISO 27001 : for the IT corner of the business that customers, regulators, and partners ask about
For framework-by-framework control mappings, see the security frameworks hub.
Bring 12Port into your CIP audit prep.
A 30-minute session walks you through how 12Port maps to your specific framework and what an evidence pack looks like for your auditor.
