COMPLIANCE
Map OT Exposure to Compliance Controls
ShiftSix maps every internet-exposed OT asset to specific controls in NERC CIP, IEC 62443, NIST CSF 2.0, and NIS2—turning technical findings into audit-ready evidence.
Supported Frameworks
NORTH AMERICA • ENERGY
NERC CIP
Map external OT exposure to CIP-002 through CIP-015 controls. Identify gaps in electronic security perimeters, remote access management, and system security management.
Key Controls: CIP-002, CIP-005, CIP-007, CIP-010, CIP-015
INTERNATIONAL • INDUSTRIAL
IEC 62443
Align external findings with zone and conduit security requirements. Identify boundary protection failures and unauthorized communication paths.
Key Controls: SR 1.1, SR 1.2, SR 3.1, SR 5.1, SR 7.6
UNIVERSAL • FRAMEWORK
NIST CSF 2.0
Map discoveries to Identify, Protect, and Detect functions. External asset inventory satisfies ID.AM requirements while exposure findings inform PR.AC controls.
Key Controls: ID.AM-1, ID.AM-2, PR.AC-3, PR.AC-5, DE.CM-7
EUROPEAN UNION • CRITICAL INFRASTRUCTURE
NIS2 Directive
Meet EU requirements for risk management, supply chain security, and incident reporting. External exposure visibility supports Article 21 security measures.
Key Controls: Article 21, Annex I & II Entities
How It Works
Discover
Passive outside-in scanning identifies every internet-exposed OT asset, protocol, and vulnerability across your external attack surface.
Map
Each finding is automatically mapped to relevant controls in your compliance framework(s), with specific control IDs and gap descriptions.
Export
Generate compliance-ready reports showing exposure-to-control mappings, gap analysis, and remediation priorities for auditors and regulators.