Upload File

nerc cip version 5 compliance | simpli˜ed...nerc compliance cip & 693 solution nerc cip version...

  • Home
  • Documents
  • NERC CIP Version 5 Compliance | Simpli˜ed...NERC Compliance CIP & 693 Solution NERC CIP Version 5 Compliance | Simpli˜ed.Meeting NERC CIP v5 Head On The CIP version 5 standards represent
2
NERC Compliance CIP & 693 Solution NERC CIP Version 5 Compliance | Simplified. Meeting NERC CIP v5 Head On The CIP version 5 standards represent a shift in the compliance landscape for electric utilities. The expansion of CIP coverage under v5 will significantly increase the scope of utility infrastructure under CIP, and the shift from after-the-fact evidentiary reporting to actively- managed controls that identify and implement corrective actions is also a notable change from past compliance expectations. The integration between the Tripwire NERC Solution Suite and SigmaFlow’s NERC CIP Compliance Manager provides an automated solution that drastically reduces time and resources required to manage NERC CIP v5 compliance and collect comprehensive audit evidence. The integration gives electric utilities the ability to manage and validate configuration changes, access rights, and baselines as part of the normal work they do. Configuration Change Management SigmaFlow manages the change process, ensuring that changes are performed in a compliant manner. Tripwire collects security controls testing (High Impact) and baseline validation data to provide utilities with an efficient and reliable automation solution for NERC CIP v5 Change Management. Access Rights Management SigmaFlow simplifies Access Rights Management with a profile model that ‘rolls’access rights together for specific function/role processes and maintains the Approved List of Access Rights. Tripwire provides the actual Access Rights Scan that is validated to ensure a state of Audit Readiness. CIP-010 Evidence In-Depth Change Request Procedure Change Request Tickets Workflow Report Test Asset Security Controls Baseline Scan Report Validation Against Baseline Reports CIP-007 Evidence In-Depth Change Request Procedure Change Request Tickets Workflow Report Local Accounts Scan Domain Accounts Scan Validation Against Baseline Reports Baseline Configuration Management SigmaFlow organizes approved baselines into groups for common items like specific hardware, operating systems, and software. Baseline Groups are applied to Cyber Assets (all that apply) to build composite Cyber Asset Baselines. Tripwire uses the baselines (whitelists) to detect issues. Scheduled Tripwire scans feed “as is” data to SigmaFlow where actual baselines are assessed against approved baselines. This ensures baseline conformance and produces required supporting evidence. CIP-007 Evidence In-Depth to Ensure Approved Baselines Baseline Approval Baseline Whitelists Baseline Scans Baseline Validation &

Upload: others

Post on 05-Oct-2020

7 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: NERC CIP Version 5 Compliance | Simpli˜ed...NERC Compliance CIP & 693 Solution NERC CIP Version 5 Compliance | Simpli˜ed.Meeting NERC CIP v5 Head On The CIP version 5 standards represent

NERC Compliance CIP & 693 Solution

NERC CIP Version 5 Compliance | Simpli�ed.

Meeting NERC CIP v5 Head OnThe CIP version 5 standards represent a shift in the compliance landscape for electric utilities. The expansion of CIP coverage under v5 will significantly increase the scope of utility infrastructure under CIP, and the shift from after-the-fact evidentiary reporting to actively-managed controls that identify and implement corrective actions is also a notable change from past compliance expectations.

The integration between the Tripwire NERC Solution Suite and SigmaFlow’s NERC CIP Compliance Manager provides an automated solution that drastically reduces time and resources required to manage NERC CIP v5 compliance and collect comprehensive audit evidence. The integration gives electric utilities the ability to manage and validate configuration changes, access rights, and baselines as part of the normal work they do.

Con�guration Change Management

SigmaFlow manages the change process, ensuring that changesare performed in a compliant manner. Tripwire collects securitycontrols testing (High Impact) and baseline validation data toprovide utilities with an efficient and reliable automationsolution for NERC CIP v5 Change Management.

Access Rights Management

SigmaFlow simplifies Access Rights Management with aprofile model that ‘rolls’access rights together for specificfunction/role processes and maintains the Approved List ofAccess Rights. Tripwire provides the actual Access RightsScan that is validated to ensure a state of Audit Readiness.

CIP-010 Evidence In-Depth

Change Request Procedure

Change Request Tickets

Workflow Report

Test Asset Security Controls

Baseline Scan Report

Validation Against Baseline Reports

CIP-007 Evidence In-Depth

Change Request Procedure

Change Request Tickets

Workflow Report

Local Accounts Scan

Domain Accounts Scan

Validation Against Baseline Reports

Baseline Con�guration Management

SigmaFlow organizes approved baselines into groups for commonitems like specific hardware, operating systems, and software. Baseline Groups are applied to Cyber Assets (all that apply) tobuild composite Cyber Asset Baselines. Tripwire uses thebaselines (whitelists) to detect issues. Scheduled Tripwire scansfeed “as is” data to SigmaFlow where actual baselines areassessed against approved baselines. This ensures baselineconformance and produces required supporting evidence.

CIP-007 Evidence In-Depth to Ensure

Approved Baselines

Baseline Approval

Baseline Whitelists

Baseline Scans

Baseline Validation

&

Page 2: NERC CIP Version 5 Compliance | Simpli˜ed...NERC Compliance CIP & 693 Solution NERC CIP Version 5 Compliance | Simpli˜ed.Meeting NERC CIP v5 Head On The CIP version 5 standards represent

Combined Solution | Key Features

Compliance Driven by Preconfigured ProcessesExtensive Automation Reduces Work

Automated Compliance PerformanceAutomatic Generation of Evidence

Con�guration ChangeManagement Process

Access RightsManagement Process

Baseline Con�gurationManagement Process

The Bottom Line | A Complete NERC CIP v5 Solution

The SigmaFlow and Tripwire solution enables electrical utilities to manage all NERC CIP compliance activities and evidence. Building from Change Management, Access Rights, and Baselines, the solution provides the functionality needed to:

• Produce, collect and manage all evidence for every Requirement in NERC CIP v5• Manage and generate RSAWs for all CIP Standards • Retain awareness and oversight for the entire CIP Compliance practice

SigmaFlow is the industry-leading solution for orchestrating NERC CIP compliance in order to achieve an ongoing state of Audit Readiness. SigmaFlow uses process-driven compliance and closed-loop controls to enforce compliance, streamline work, and build the “stack” of evidence to meet all aspects of each NERC CIP Version 5 Requirement.

Learn more at SigmaFlow.com

Tripwire is the industry-leading solution for managing, producing and collecting required NERC CIP Version 5 evidence from BES Cyber Systems (BCS) and their related Cyber Assets (BCA, PCA, EACMS, PACS). Tripwire simplifies the complex challenge of collecting infrastructure data with an automated solution that saves time, improves compliance, and reduces risk.

Learn more at Tripwire.com

NERC Compliance CIP & 693 Solution

© 2014. The SigmaFlow and Tripwire logos are registered trademarks of SigmaFlow LLC, and Tripwire, Inc. All rights reserved.


NERC CIP Services & Solutions - Honeywell Process · PDF fileFEATURES & BENEFITS • Expertise in the interpretation and application of the NERC CIP Reliability Standards • Largest

NERC CIP: Fundamental Security Requirements of an ... | NERC CIP Requirements Mapping to ConsoleWorks | Page 2 of 12 CIP-002 Cyber Security - Critical Cyber Asset Identification

CIP-014 - Home - FRCC Home & CIP-006 Threat Vulnerability ... (reference NERC CIP-014, page 9) NERC Visit •NERC SRP and NERC Physical Security Group representative and FRCC team

NERC CIP RELIABILITY STANDARDS

NERC CIP Information Protection - StarChapter...NERC CIP Information Protection 1 Eric Ruskamp Manager, Regulatory Compliance September 13, 2017 Agenda NERC History NERC Compliance

Update in NERC CIP Activities June 5, 2014

Cisco NERC CIP v5 Compliance · PDF fileCisco NERC CIP v5 Compliance Solutions ... Although NERC CIP does not yet address virtualization, Cisco has developed virtual security

nerc cip u - Broadcom Inc. › ... › ESM › NERC › nerc_cip_win.pdfBaseline Policy Manual for NERC CIP(Windows) The software that is described in this document is furnished under

CIP – NERC Critical Infrastructure Protection – NERC Critical Infrastructure Protection NERC CIP V5 and How It Affects You March 16, 2015 John Lim Lim Consulting LLC [email protected]

Basin Electric NERC CIP Program - UMN CCAPS · The NERC Critical Infrastructure Protection (CIP) standards provide requirements to protect the bulk power system from cyber and physical

NERC CIP Vulnerability Assessment Report · 2019. 10. 15. · NERC CIP Vulnerability Assessment Report Report Generated: November 14, 2011 1.0 Background NERC introduced its Critical

Rapid7 NERC-CIP Compliance Guide

NERC CIP Vulnerability Assessment Report - SAINT · PDF fileNERC CIP Vulnerability Assessment Report Report Generated: December 14, 2015 1 Background NERC introduced its Critical Infrastructure

NERC CIP Vulnerability Assessment Report - SAINT · PDF file · 2016-10-27NERC CIP Vulnerability Assessment Report Report Generated: November 14, 2011 1.0 Background NERC introduced

Structured NERC CIP Process Improvement Using Six Sigma

NERC CIP · 2 days ago · SANS ICS | sans.org/ ics Critical Infrastructure Protection CIP Best Of

NERC CIP V5 Standards Position Unidirectional Security ... · PDF fileinfrastructures. The NERC CIP V5 standards are designed specifically to enhance the reliability of the Bulk Electric

NERC Critical Infrastructure Department (CID) and CIP … · NERC Critical Infrastructure Department (CID) and CIP Compliance Update February 28, 2011 . 2 NERC is a compliance organization…

Top 10 NERC CIP Transition Challenges

Virtualization and NERC-CIP - UTC

ABB NERC CIP · PDF file · 2015-05-25abb nerc cip v5 special interest group low asset discussion and future cip versions & compliance activity november 5, 2014

NERC CIP Compliance Application - Midwest Reliability Organization

NERC CIP Version 6 - emmos.orgemmos.org/prevconf/2017/9. NERC CIP6 - Ron Koziy.pdf · NERC CIP Version 6 - Robert Koziy Director – Cyber Security Compliance Open Systems International

Application description 04/2017 NERC CIP Compliance · PDF fileWarranty and Liability NERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System Entry-ID: 109747098, 1.0, 04/2017

NERC CIPC Chair Report Highlights... · NERC presented draft RSAWs for CIP -002, CIP -007, and CIP -009 to the ... Part 2.5 – Cyber Security Incident response plan(s) Part 2.6 –

Explore the Implicit Requirements of the NERC CIP RSAWs

NERC CIP Compliance

Software Supply Chain Risks and Mitigations for NERC CIP

NERC Critical Infrastructure Protection Advisory Group (CIP AG)

Automating for NERC CIP-007-5-R1

NERC CIP Compliance Program Design, Implementation · PDF fileNERC CIP Compliance Program Design, Implementation & Controls, and Metrics & ... Ms. Rayo is a NERC CIP Compliance Program

How we support our customers with NERC CIP - SANS · PDF fileHow we support our customers with NERC CIP James McQuiggan, CISSP

Comment Report - NERC 201602 Modifications to CIP... · Comment Report Project Name: 2016-02 Modifications to CIP Standards | Virtualization Updates for CIP-004, CIP-005, CIP-006,

WhitePaper_MPLS and NERC CIP Compliance BellLab

VMware Product Applicability Guide for NERC CIP v5