CIP-010-1 R1 & R2: Configuration Change Management



Similar documents
Notable Changes to NERC Reliability Standard CIP-010-3

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Alberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1

Cyber Security Compliance (NERC CIP V5)

Internal Controls And Good Utility Practices. Ruchi Ankleshwaria Manager, Compliance Risk Analysis

2012 CIP Spring Compliance Workshop May Testing, Ports & Services and Patch Management

NERC CIP VERSION 5 COMPLIANCE

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Standard CIP Cyber Security Systems Security Management

Standard CIP 007 3a Cyber Security Systems Security Management

Technology Solutions for NERC CIP Compliance June 25, 2015

How To Write A Cyber Security Checkout On A Nerc Webinar

Tyson Jarrett CIP Enforcement Analyst. Best Practices for Security Patch Management October 24, 2013 Anaheim, CA

GE Measurement & Control. Cyber Security for NERC CIP Compliance

CIP Ben Christensen Senior Compliance Risk Analyst, Cyber Security

Lessons Learned CIP Reliability Standards

Summary of CIP Version 5 Standards

Implementation Plan for Version 5 CIP Cyber Security Standards

Patch and Vulnerability Management Program

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014

Safety Share Who is Cleco? CIP-005-3, R5 How What

TOP 10 CHALLENGES. With suggested solutions

KEY CONSIDERATIONS FOR MIGRATING TO THE VERSION 5 NERC CIP CYBER SECURITY STANDARDS

HP 3PAR Peer Persistence Software Installation and Startup Service

Information Shield Solution Matrix for CIP Security Standards

A Tactical Approach to Continuous Compliance. Walt Sikora, Vice President Security Solutions EMMOS 2013

Alberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

Verve Security Center

ReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE

BSM for IT Governance, Risk and Compliance: NERC CIP

Service Asset & Configuration Management PinkVERIFY

NERC CIP Compliance Gaining Oversight with ConsoleWorks

Information Technology General Controls And Best Practices

Planning and Administering Windows Server 2008 Servers

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

NERC CIP Tools and Techniques

Best Practices for Cyber Security Testing. Tyson Jarrett Compliance Risk Analyst, Cyber Security

Automating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference

CIP v5/v6 Implementation Plan CIP v5 Workshop. Tony Purgar October 2-3, 2014

NIST A: Guide for Assessing the Security Controls in Federal Information Systems. Samuel R. Ashmore Margarita Castillo Barry Gavrich

TRIPWIRE NERC SOLUTION SUITE

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

LogRhythm and NERC CIP Compliance

How To Manage Security On A Networked Computer System

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Document ID. Cyber security for substation automation products and systems

Jenifer Vallace Associate Cyber Security Analyst. Best User Reporting Practices September 24, 2013 CIP 101

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

North American Electric Reliability Corporation (NERC) Cyber Security Standard

GE Measurement & Control. Cyber Security for Industrial Controls

NERC CIP-007 v. 5 Patch Management: Factors for Success

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System

Effective Use of Assessments for Cyber Security Risk Mitigation

HP 3PAR 7000 Software Installation and Startup Service

Notable Changes to NERC Reliability Standard CIP-005-5

Network Access Control in Virtual Environments. Technical Note

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

NERC CIP Ports & Services. Part 2: Complying With NERC CIP Documentation Requirements

Muscle to Protect Your Grid July Sustainable and Cost-effective Muscle to Protect Your Grid

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Eric Weston Compliance Auditor Cyber Security. John Graminski Compliance Auditor Cyber Security

HP 3PAR Software Installation and Startup Service

Testing Control Systems

CIP Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

SANS Top 20 Critical Controls for Effective Cyber Defense

ManageEngine Desktop Central Training

THE TOP 4 CONTROLS.

IT Security and OT Security. Understanding the Challenges

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

ASDI Full Audit Guideline Federal Aviation Administration

Reclamation Manual Directives and Standards

Industrial Security Solutions

Payment Card Industry Data Security Standard

The North American Electric Reliability Corporation ( NERC ) hereby submits

Entity Name ( Acronym) NCRnnnnn Risk Assessment Questionnaire

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Securing your IT infrastructure with SOC/NOC collaboration

INSTANT MESSAGING SECURITY

ROSS PHILO EXECUTIVE VICE PRESIDENT AND CHIEF INFORMATION OFFICER

Alberta Reliability Standard Cyber Security Implementation Plan for Version 5 CIP Security Standards CIP-PLAN-AB-1

Management (CSM) Capability

Plans for CIP Compliance

Select the right configuration management database to establish a platform for effective service management.

Cyber Security Standards Update: Version 5

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

General Platform Criterion Assessment Question

Cyber Essentials Questionnaire

SECURITY STUDY DECEMBER 2014

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Comprehensive Device Management Platform comprising of Management Suites specialized in addressing different problem domains, extensively

End-user Security Analytics Strengthens Protection with ArcSight

HP Storage Virtual Volume Design and Implementation Service

Transcription:

CIP-010-1 R1 & R2: Configuration Change Management June 3, 2014 Steven Keller Lead Compliance Specialist - CIP skeller.re@spp.org 501.688.1633

Outline What is CIP-010-1? How it is different from CIP-003-3 R6? Focus on CIP-010-1 s Change Management Sections (R1 & R2) Evidence we like to see and best practices 2

What is CIP-010-1, and what does it bring? Updated Configuration Change Management and Vulnerability Assessments Development of Baseline Examples of Evidence 3

CIP-010-1 R1 Baselines Develop Baseline Configuration All software on each machine or a group of machines - High and Medium BES Cyber Systems - Audit trail of changes to the baseline Change Management record trail Understand what is on your systems and prevent any unauthorized changes. 4

CIP-10-1 R1.1 Baseline Develop Baseline for all High or Medium BES Systems and associated Electronic Access Control and Monitoring Systems (EACMS), Physical Access Control Systems (PACS) and Protected Cyber Assets (PCA) Baselines must have: - OS or Firmware - All Commercial software and/or Open Source software - Any custom software - Logical Network accessible ports - List of all security patches applied to the software listed above 5

CIP-10-1 R1.1 Baseline Risk: Unauthorized software on BES Cyber System Internal Control Type: Supports detective controls Sample Evidence: Spreadsheet identifying baseline for each asset/group Records from asset management system Documentation in change management system 6

CIP-10-1 R1.2 Document Changes Authorize/document deviations from existing baseline Risk: Having changes that are not authorized Internal Control Type: Preventive Sample Evidence: Change Request record that shows what changed from the Existing Baseline Must be performed by person/group with authority Best practice*: Document how your change management system works * Best practices are suggested by SPP RE staff but are NOT required by the standard 7

CIP-10-1 R1.3 30 Days Must update Baseline with in 30 DAYS of change Risk: Undetected changes to your system Internal Controls: Detective Sample Evidence: Evidence that baseline was updated in 30 days of change, such as ticket or revision history Best practice: Document how your baselines are updated. Maintain a version history. Update your baseline concurrently as you are testing the change. 8

CIP-10-1 R1.4 Deviations of Baseline What could be impacted by the change? - CIP-005-5 (access permissions, malicious communications, and remote access) - CIP-007-5 (ports, malicious code, logging, shared accounts) Provide evidence that change will not adversely affect the BES Systems in question Risk: Undetected baseline deviations (You didn t pre-identify an impacted CIP-005-5 and CIP-007-5 control & therefore did not test it) Internal Controls: Detective Sample Evidence: List of Cyber Security Controls that were verified/tested and date tested 9

Best Practices: CIP-10-1 R1.4 Deviations of Baseline Test all controls every time you make a change, even the controls you don t think will be affected Automate testing if possible Have a different group or third party test changes or review test results to verify nothing gets missed 10

CIP-10-1 R1.5 Testing of Changes Risk: Loss of High Impact systems due to faulty change Internal Controls: Preventive Sample Evidence: List of Cyber Security Controls that were verified/tested and successful test results If using a test environment, must document any differences between production 11

CIP-10-1 R1.5 Testing of Changes Only applies to High Impact BES Cyber Systems For each identified deviation from baseline, test changes in either test or production environment before implementing Document test results Show how cyber security controls for CIP-005-5 and CIP-007-5 are not adversely affected 12

Best Practices - CIP-10-1 R1.5 Testing of Changes Checklists are GOOD! Document your actual test results Test environment should replicate production, including fail-over capability Test PCAs, Medium, and Low-impacting BES Cyber Systems, not just High 13

CIP-10-1 R2 Configuration Monitoring Monitor changes to the baseline for each High Impact BES Cyber systems and associated EACMS and/or PCA - Must be done every 35 days - Investigate unauthorized changes that are detected Risk: Undetected changes to your system Internal Controls: Detective Sample Evidence: Monitoring system logs Investigation records Records of investigations (work orders or raw data) 14

Best Practices: CIP-10-1 R2 Configuration Monitoring Daily monitoring is good, but real-time monitoring is BETTER! Document how you are monitoring the baselines and detecting changes Document how you are will handle an unauthorized change 15

Summary Baseline configurations now required for all assets within your BES cyber system Know what s on your system! Test your changes fully and deeply to ensure application functionality Changes that aren t fully vetted can have major adverse impacts, such as to EMS systems 16

Steven Keller Lead Compliance Specialist CIP 501-688-1633 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information