Automating for NERC CIP-007-5-R1
- 4. • Documentation of the need for all enabled ports on all applicable Cyber Assets and Electronic Access Points, individually or by group. • Listings of the listening ports on the Cyber Assets, individually or by group, from either the device configuration files, command output (such as netstat), or network scans of open ports. • Configuration files of host-based firewalls or other device level mechanisms that only allow needed ports and deny all others.
- 5. 39 93 126 141 213 216 226 457 0 50 100 150 200 250 300 350 400 450 500 CIP-009 Recovery Plans for BES Cyber Systems CIP-008 Incident Reporting and Recovery Planning CIP-003 Security Management Controls CIP-002 BES Cyber System Identification & Categorization CIP-006 Physical Security of BES Cyber Systems CIP-005 Electronic Security Perimiter CIP-004 Training and Personnel Security CIP-007 Systems Security Management
- 9. Additional Whitelist Capable Data
- 14. Continuous Compliance with Tripwire
- 15. Marc A. Child Great River Energy Security Program Manager
- 16. • • • • •
- 20. * Command Output Capture Rule
- 22. • •
- 28. Services.CSV
- 29. ports.CSV
- 32. Wonder if they bought all that…?
Editor's Notes
- Horror stories from the compliance audit findings - Passwords 4 years old & default, passwords changed once in 2+ years, admin passwords still set to default, people’s accounts not closed after they left employment, employees and contractors remained untrained on security policies after 90 days, lax physical security, nearly 800 “reliability” incidents (where service was interrupted) for which the cause was undetermined