• Documentation of the need for all enabled ports on all applicable Cyber Assets and Electronic Access Points, individually or by group.

• Listings of the listening ports on the Cyber Assets, individually or by group, from either the device configuration files, command output (such as netstat), or network scans of open ports.

• Configuration files of host-based firewalls or other device level mechanisms that only allow needed ports and deny all others.

39

93

126

141

213

216

226

457

0 50 100 150 200 250 300 350 400 450 500

CIP-009 Recovery Plans for BES Cyber Systems

CIP-008 Incident Reporting and Recovery Planning

CIP-003 Security Management Controls

CIP-002 BES Cyber System Identification & Categorization

CIP-006 Physical Security of BES Cyber Systems

CIP-005 Electronic Security Perimiter

CIP-004 Training and Personnel Security

CIP-007 Systems Security Management

Additional Whitelist Capable Data

Continuous Compliance with Tripwire

Marc A. ChildGreat River Energy

Security Program Manager

•

•

•

•

•

•

•

•

•

•

* Command Output Capture Rule

•

•

Services.CSV

ports.CSV

Wonder if they

bought all that…?

tripwire.com | @TripwireInc