Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Volume V Issue I – March 2013

advertisement 
CIP-004, R1: Encari Security Awareness Bulletin
Volume V, Issue I: March, 2013
Table of Contents
1. Special Issue Announcement....................................................................................................... 1
2. Compliance Program Resources CIP-002-3 through CIP-009-3 ..................................................... 1
3. Topical Index to CIP-002-3 through CIP-009-3 ............................................................................. 6
4. Looking for a Helpful Resource? .................................................................................................. 9
Special Issue Announcement
In this special issue, Encari’s consultants share frequently used resources in support of
their NERC CIP compliance consulting practice.
Compliance Program Resources CIP-002-3 through CIP-009-3
The table below reflects resources Encari consultants have found helpful in building and
sustaining compliance program for NERC Reliability Standards CIP-002-3 through CIP009-3. It is important to note that the links provided herein may change
become
inoperable in the future. Therefore, Encari recommends readers visit these links and
download any references of interest as soon as possible.
Standard
CIP-002
CIP-002 R1
CIP-002 R1
CIP-002 R1
CIP-002 R3
CIP-002 R3
CIP-002 R3
CIP-002 R3
Title
2011 Compliance Questionnaire and
Reliability Standard Audit Worksheet
CIP-002-3
2010 Sufficient Review CIP-002 RiskBased Assessment Methodology
Security Guideline for the Electricity
Sector: Identifying Critical Assets
FERC Order 773- Revisions to BES
Definition
Implementation Plan for Newly
Identified Critical Cyber Assets and
Newly Registered Entities
CAN-0005 Critical Cyber Asset
Designation for System Operator
Laptops
Withdrawn - CAN-0024 CIP-002 R3
Routable Protocols and Data Diode
Devices
Security Guideline for the Electricity
Sector: Identifying Critical Cyber
Assets
Link
http://www.nerc.com/files/RSAW%20CIP-0023%20%20(September%202011).doc
http://www.nerc.com/fileUploads/File/NERC_S
ufficiency_Review_22DEC2010_FINAL.pdf
http://www.nerc.com/fileUploads/File/Standar
ds/Critcal_Asset_Identification_2009Nov19.pdf
http://www.ferc.gov/whats-new/commmeet/2012/122012/E-5.pdf
http://www.nerc.com/docs/standards/sar/ImpPlan_Newly_Identified_CCA_RE_clean_last_app
roval_2009Nov19.pdf
http://www.nerc.com/files/CAN-0005%20CIP002%20R3%20CCA%20Designation%20for%20S
ystem%20Operator%20Laptops%20%28Revised
%29.pdf
http://www.nerc.com/files/CAN0024%20Routable%20Protocols%20and%20Dat
a%20Diode%20Devices.pdf
http://www.nerc.com/fileUploads/File/Standar
ds/Critcal%20Cyber%20Asset_approved%20by
%20CIPCl%20and%20SC%20for%20Posting%20
2013 Copyright, Encari, LLC. This Security Awareness Bulletin is provided as complimentary service by Encari to aid entities in
complying with Requirement R1 of the NERC CIP Reliability Standard CIP-004. Each entity remains responsible, however, for
establishing that the dissemination and documented use of this Bulletin meets the requirements under Requirement R1 of the NERC CIP
Reliability Standard CIP-004.
Page of
CIP-004, R1: Encari Security Awareness Bulletin
Standard
Title
CIP-003 R1
2011 Compliance Questionnaire and
Reliability Standard Audit Worksheet
NIST IR-7298 Rev. 2 DRAFT Glossary of
Key Information Security Terms
Security Guideline for the Electricity
Sector: Protecting Sensitive
Information
CIP-003 R1
CIP-003 R4
CIP-003 R4.3
CIP-003 R6
CIP-004
CIP-004 R1
Sampling Methodology
Guidelines and Criteria August 1, 2011
Version 1.4
NIST Special Publication 800-128
Guide for Security-Focused
Configuration Management of
Information Systems
2011 Compliance Questionnaire and
Reliability Standard Audit Worksheet
NIST Special Publication 800-50
CIP-004 R1
Information Security Tips For
Employees
CIP-004 R2
Security Guideline for the Electricity
Sector:
Protecting Sensitive Information
CIP-004 R2
NIST Special Publication 800-50
CIP-004 R2.2
CAN-0007 CIP-004 R4.2 Revocation of
Access to Critical Cyber Assets (CCAs)
CIP-005
2011 Compliance Questionnaire and
Reliability Standard Audit Worksheet
Improving Industrial Control Systems
Cybersecurity with Defense-In-Depth
Strategies
Special Publication 800-82 Guide to
Industrial Control Systems (ICS)
Security
ICS-TIP-12-146-01B— (Update)
Targeted Cyber Intrusion Detection
And Mitigation Strategies
CIP-005
CIP-005
CIP-005 R2
Volume V, Issue I: March, 2013
Link
with%20CIP-002-1,%20CIP-002-2,%20CIP-0023.pdf
http://www.nerc.com/files/RSAW%20CIP-0033%20(September%202011).doc
http://csrc.nist.gov/publications/drafts/ir-7298rev2/nistir7298_r2_draft.pdf
http://www.nerc.com/docs/cip/sgwg/Protectin
g%20Sensitive%20Information%20Guideline%2
0Draft%20Revision%20clean%20%2020120309-V2%205.pdf
http://www.nerc.com/files/Sampling%20Meth
odology%20Guidelines%20and%20Criteria_08_
01_2011.pdf
http://csrc.nist.gov/publications/nistpubs/800128/sp800-128.pdf
http://www.nerc.com/files/RSAW%20CIP-0043%20%20(September%202011).doc
http://csrc.nist.gov/publications/nistpubs/80050/NIST-SP800-50.pdf
http://www.enisa.europa.eu/activities/cert/sec
uritymonth/deliverables/2010/informationsecurityti
ps-employees/at_download/fullReport
http://www.nerc.com/docs/cip/sgwg/Protectin
g%20Sensitive%20Information%20Guideline%2
0Draft%20Revision%20clean%20%2020120309-V2%205.pdf
http://csrc.nist.gov/publications/nistpubs/80050/NIST-SP800-50.pdf
http://www.nerc.com/files/CAN-0007%20CIP004%20R4.2%20Revocation%20of%20Access%2
0to%20CCAs%20%28Revised%29.pdf
http://www.nerc.com/files/RSAW%20CIP-0053a%20(September%202011).doc
http://ics-cert.uscert.gov/practices/documents/Defense_in_Dep
th_Oct09.pdf
http://csrc.nist.gov/publications/nistpubs/80082/SP800-82-final.pdf
http://ics-cert.us-cert.gov/pdf/ICS-TIP-12-14601B.pdf
2013 Copyright, Encari, LLC. This Security Awareness Bulletin is provided as complimentary service by Encari to aid entities in
complying with Requirement R1 of the NERC CIP Reliability Standard CIP-004. Each entity remains responsible, however, for
establishing that the dissemination and documented use of this Bulletin meets the requirements under Requirement R1 of the NERC CIP
Reliability Standard CIP-004.
Page of
CIP-004, R1: Encari Security Awareness Bulletin
Standard
CIP-005 R2
CIP-005 R2.3
CIP-005 R2.4
CIP-005 R2.4
CIP-005 R2.4
CIP-005 R3
CIP-005 R4
CIP-005 R4
CIP-006
CIP-006
CIP-006 R1
CIP-006 R1
CIP-007
CIP-007
CIP-007
CIP-007
Title
Special Publication 800-41 Revision 1
Guidelines on Firewalls and Firewall
Policy
Recommended Practice for Securing
Control System Modems
Industry Advisory Remote Access
Guidance
Draft NIST Special Publication 800 - 63
-2 Electronic Authentication Guideline
Special Publication 800-46 Revision 1
Guide to Enterprise Telework and
Remote Access Security
ICS-TIP-12-146-01B— (Update)
Targeted Cyber Intrusion Detection
And Mitigation Strategies
Government Auditing Standards
2011 Revision (Yellow Book)
Special Publication 800-115 Technical
Guide to Information Security Testing
and Assessment
2011 Compliance Questionnaire and
Reliability Standard Audit Worksheet
Compliance Analysis Report –
Reliability Standards CIP-006 and CIP007
Security Guideline for the Electricity
Sector:
Physical Security
CAN-0031 CIP-006 R1 Acceptable
Opening Dimensions
2011 Compliance Questionnaire and
Reliability Standard Audit Worksheet
Compliance Analysis Report –
Reliability Standards CIP-006 and CIP007
Improving Industrial Control Systems
Cybersecurity with Defense-In-Depth
Strategies
Draft Special Publication 800-53,
Revision 4, Security and Privacy
Controls for Federal information
Volume V, Issue I: March, 2013
Link
http://csrc.nist.gov/publications/nistpubs/80041-Rev1/sp800-41-rev1.pdf
http://energy.gov/sites/prod/files/oeprod/Doc
umentsandMedia/Securing_Modems.pdf
http://www.nerc.com/fileUploads/File/Events%
20Analysis/A-2011-08-24-1Remote_Access_Guidance-Final.pdf
http://csrc.nist.gov/publications/drafts/800-632/sp800_63_2_draft.pdf
http://csrc.nist.gov/publications/nistpubs/80046-rev1/sp800-46r1.pdf
http://ics-cert.us-cert.gov/pdf/ICS-TIP-12-14601B.pdf
http://www.gao.gov/assets/590/587281.pdf
http://csrc.nist.gov/publications/nistpubs/800115/SP800-115.pdf
http://www.nerc.com/files/RSAW%20CIP-0063c%20(September%202011).doc
http://www.nerc.com/files/ERO%20CIP006%20and%20CIP007%20Compliance%20Analysis%20Report%20
for%20Posting.pdf
http://www.nerc.com/docs/cip/sgwg/Physical%
20Security%20Guideline%202011-1021%20Formatted.pdf
http://www.nerc.com/files/CAN-0031%20CIP006%20R1%20Acceptable%20Opening%20Dim
ensions.pdf
http://www.nerc.com/files/RSAW%20CIP-0073%20(September%202011).doc
http://www.nerc.com/files/ERO%20CIP006%20and%20CIP007%20Compliance%20Analysis%20Report%20
for%20Posting.pdf
http://ics-cert.uscert.gov/practices/documents/Defense_in_Dep
th_Oct09.pdf
http://csrc.nist.gov/publications/drafts/800-53rev4/sp800_53_r4_draft_fpd.pdf
2013 Copyright, Encari, LLC. This Security Awareness Bulletin is provided as complimentary service by Encari to aid entities in
complying with Requirement R1 of the NERC CIP Reliability Standard CIP-004. Each entity remains responsible, however, for
establishing that the dissemination and documented use of this Bulletin meets the requirements under Requirement R1 of the NERC CIP
Reliability Standard CIP-004.
Page of
Volume V, Issue I: March, 2013
CIP-004, R1: Encari Security Awareness Bulletin
Standard
Title
Systems and Organizations (Final
Public Draft).
Link
CIP-007
Special Publication 800-82 Guide to
Industrial Control Systems (ICS)
Security
Special Publication 800-115 Technical
Guide to Information Security Testing
and Assessment
Recommended Practice for Patch
Management of Control Systems
http://csrc.nist.gov/publications/nistpubs/80082/SP800-82-final.pdf
CIP-007 R1
CIP-007 R3
CIP-007 R3
CIP-007 R4
CIP-007 R4
CIP-007 R5
CIP-007 R5
CIP-007 R6
CIP-007 R6
CIP-007 R6
CIP-007 R6
CIP-007 R6
SP 800-40 Rev. 3 DRAFT Guide to
Enterprise Patch Management
Technologies
Using Host-Based Antivirus Software
on Industrial Control Systems:
Integration Guidance and a Test
Methodology for Assessing
Performance Impacts
SP 800-83 Rev. 1 DRAFT Guide to
Malware Incident Prevention and
Handling for Desktops and Laptops
ICS-TIP-12-146-01B— (Update)
Targeted Cyber Intrusion Detection
And Mitigation Strategies
CAN-0017 CIP-007 R5 Technical and
Procedural System Access and
Password Controls
ICS-TIP-12-146-01B— (Update)
Targeted Cyber Intrusion Detection
And Mitigation Strategies
Special Publication 800-137
Information Security Continuous
Monitoring for Federal Information
Systems and Organizations
SP 800-94 Rev. 1 DRAFT Guide to
Intrusion Detection and Prevention
Systems (IDPS)
Special Publication 800-92 Guide to
Computer Security Log Management
Proactive Detection of Security
Incidents Honeypots
http://csrc.nist.gov/publications/nistpubs/800115/SP800-115.pdf
http://ics-cert.uscert.gov/practices/documents/PatchManageme
ntRecommendedPractice_Final.pdf
http://csrc.nist.gov/publications/drafts/80040/draft-sp800-40rev3.pdf
http://www.nist.gov/manuscript-publicationsearch.cfm?pub_id=823596
http://csrc.nist.gov/publications/drafts/800-83rev1/draft_sp800-83-rev1.pdf
http://ics-cert.us-cert.gov/pdf/ICS-TIP-12-14601B.pdf
http://www.nerc.com/files/CAN-0017%20CIP007%20Technical%20and%20Procedural%20Sys
tem%20Access%20and%20Password%20Contro
ls%20%28Revised%29.pdf
http://ics-cert.us-cert.gov/pdf/ICS-TIP-12-14601B.pdf
http://csrc.nist.gov/publications/nistpubs/800137/SP800-137-Final.pdf
http://csrc.nist.gov/publications/drafts/800-94rev1/draft_sp800-94-rev1.pdf
http://csrc.nist.gov/publications/nistpubs/80092/SP800-92.pdf
http://www.enisa.europa.eu/activities/cert/sup
port/proactive-detection/proactive-detectionof-security-incidents-II-
2013 Copyright, Encari, LLC. This Security Awareness Bulletin is provided as complimentary service by Encari to aid entities in
complying with Requirement R1 of the NERC CIP Reliability Standard CIP-004. Each entity remains responsible, however, for
establishing that the dissemination and documented use of this Bulletin meets the requirements under Requirement R1 of the NERC CIP
Reliability Standard CIP-004.
Page of
CIP-004, R1: Encari Security Awareness Bulletin
Volume V, Issue I: March, 2013
Standard
Title
Link
honeypots/at_download/fullReport
CIP-007 R7
SP 800-88 Rev. 1 DRAFT Guidelines for
Media Sanitization
DoD 5220.22-M National Industrial
Security Program Operating
Manual, Section 8-301, Clearing and
Sanitation
Government Auditing Standards
2011 Revision (Yellow Book)
Special Publication 800-115 Technical
Guide to Information Security Testing
and Assessment
2011 Compliance Questionnaire and
Reliability Standard Audit Worksheet
ICS-TIP-12-146-01B— (Update)
Targeted Cyber Intrusion Detection
And Mitigation Strategies
Security Guideline for the Electricity
Sector:
Protecting Sensitive Information
http://csrc.nist.gov/publications/drafts/800-88rev1/sp800_88_r1_draft.pdf
http://www.dss.mil/documents/odaa/nispom2
006-5220.pdf#page=75
CIP-007 R7
CIP-007 R8
CIP-007 R8
CIP-008
CIP-008 R1
CIP-008 R1
CIP-008 R1
CIP-008 R1
CIP-008 R1
ES-ISAC Cyber threat assessment
(2012)
Security Guideline for the Electricity
Sector: Threat and Incident Reporting
Developing an Industrial Control
Systems Cybersecurity Incident
Response Capability
CIP-008 R1
Creating Cyber Forensics Plans for
Control Systems
CIP-008 R1
SP 800-83 Rev. 1 DRAFT Guide to
Malware Incident Prevention and
Handling for Desktops and Laptops
SP 800-94 Rev. 1 DRAFT Guide to
Intrusion Detection and Prevention
Systems (IDPS)
Special Publication 800-61 Revision 2
Computer Security Incident Handling
Guide
Special Publication 800-82 Guide to
Industrial Control Systems (ICS)
Security
CIP-008 R1
CIP-008 R1
CIP-008 R1.6
http://www.gao.gov/assets/590/587281.pdf
http://csrc.nist.gov/publications/nistpubs/800115/SP800-115.pdf
http://www.nerc.com/files/RSAW%20CIP-0083%20(September%202011).doc
http://ics-cert.us-cert.gov/pdf/ICS-TIP-12-14601B.pdf
http://www.nerc.com/docs/cip/sgwg/Protectin
g%20Sensitive%20Information%20Guideline%2
0Draft%20Revision%20clean%20%2020120309-V2%205.pdf
http://www.nerc.com/files/ESISAC_Cyber_Thre
at_Assessment.pdf
http://www.nerc.com/files/IncidentReporting.pdf
http://ics-cert.uscert.gov/practices/documents/finalRP_ics_cybersecurity_incident_response_1006
09.pdf
http://ics-cert.uscert.gov/practices/documents/Forensics_RP.pd
f
http://csrc.nist.gov/publications/drafts/800-83rev1/draft_sp800-83-rev1.pdf
http://csrc.nist.gov/publications/drafts/800-94rev1/draft_sp800-94-rev1.pdf
http://csrc.nist.gov/publications/nistpubs/80061rev2/SP800-61rev2.pdf
http://csrc.nist.gov/publications/nistpubs/80082/SP800-82-final.pdf
2013 Copyright, Encari, LLC. This Security Awareness Bulletin is provided as complimentary service by Encari to aid entities in
complying with Requirement R1 of the NERC CIP Reliability Standard CIP-004. Each entity remains responsible, however, for
establishing that the dissemination and documented use of this Bulletin meets the requirements under Requirement R1 of the NERC CIP
Reliability Standard CIP-004.
Page of
Volume V, Issue I: March, 2013
CIP-004, R1: Encari Security Awareness Bulletin
Standard
CIP-008 R1.6
CIP-009
CIP-009
CIP-009
Title
ENISA CERT Exercises and training
material
2011 Compliance Questionnaire and
Reliability Standard Audit Worksheet
NIST Special Publication 800-34 Rev. 1
Contingency Planning Guide for
Federal Information Systems
FFIEC Interagency Statement on
Pandemic Planning
Link
http://www.enisa.europa.eu/activities/cert/sup
port/exercise
http://www.nerc.com/files/RSAW%20CIP-0093%20(September%202011).doc
http://csrc.nist.gov/publications/nistpubs/80034-rev1/sp800-34-rev1_errata-Nov11-2010.pdf
http://www.ffiec.gov/press/pandemicguidance.
pdf
Topical Index to CIP-002-3 through CIP-009-3
Access Control: CIP-003-3 R5; CIP-004-3a R2.2; CIP-005-3a R1.5, R2; CIP-006-3d R4
Access Points to ESP: CIP-005-3a R1.1, R1.6, R2, R4, Appendix
Account Management: CIP-007-3 R5
Alerts: CIP-005-3a R3.2; CIP-007-3 R6.2
Appropriate Use Banner: CIP-005-3a R2.6.
Assessments
Cyber Vulnerability Assessment: CIP-005-3a R4; CIP-007-3 R8
Information Protection Program: CIP-003-3 R4.3
Personnel Risk Assessment: CIP-004-3a R3
Processes for Controlling Access to Information: CIP-003-3 R5.3
Risk-Based Assessment Methodology: CIP-002-3a R1
Authentication: CIP-005-3a R2.5.2; CIP-006-3d R4; CIP-007-3 R5
Authorized Access: CIP-004-3a R4 and Appendix 1; CIP-007-3 R5.1
Backup and Restore: CIP-009-3 R4
Background Check: CIP-004-3a R3.1
Change Control:
Configuration Management: CIP-003-3 R6
Incident Response Plan Updates: CIP-008-3 R1.4
Network Controls: CIP-005-3a R5.2
Physical Security Plan Update: CIP-006-3d R1.7
Recovery Plan Changes: CIP-009-3 R3
System Control Changes: CIP-007-3 R9
Compensating Measures: CIP-003-3 R3.2; CIP-007-3 R2, R3.2, R4.1
Contractors and Service Vendors: CIP-004-3a R2.1, R3.3 and R4.1
Critical Cyber Assets
Electronic Security Perimeter: CIP-005-3a R1
Identification: CIP-002-3a R3
Cyber Security Controls: CIP-005-3a R5.2; CIP-007-3 R1
Cyber Security Incidents: CIP-004-3a R2.2.4; CIP-005-3a R5.3;
CIP-006-3d R7; CIP-007-3 R6.2; CIP-008-3
Cyber Security Policy: CIP-003-3 R1
Cyber Security Policy Exceptions: CIP-003-3 R3
2013 Copyright, Encari, LLC. This Security Awareness Bulletin is provided as complimentary service by Encari to aid entities in
complying with Requirement R1 of the NERC CIP Reliability Standard CIP-004. Each entity remains responsible, however, for
establishing that the dissemination and documented use of this Bulletin meets the requirements under Requirement R1 of the NERC CIP
Reliability Standard CIP-004.
Page of
CIP-004, R1: Encari Security Awareness Bulletin
Volume V, Issue I: March, 2013
Cyber Vulnerability Assessment
Critical Cyber Assets: CIP-007-3 R8
Electronic Access Control and Monitoring: CIP-005-3a R1.5
Non-Critical Cyber Assets: CIP-007-3 R8
Physical Access Control Systems: CIP-006-3d R2.2
Default Accounts
Account Management: CIP-007-3 R5.2
Cyber Vulnerability Assessment: CIP-005-3a R4.4; CIP-007-3 R8.3
Deny by Default: CIP-005-3a R2.1
Dial-up Accessible: CIP-002-3a R3.3; CIP-005-3a R1.2, R2.3, R2.5.4, R3.1; CIP-006-3d
Appendix
Disposal or Redeployment: CIP-007-3 R7
Documentation:
Access Control: CIP-003-3 R5
Anti-virus and Malware Prevention Signature Updates: CIP-007-3 R4.2
Critical Cyber Assets: CIP-002-3a R3, R4; CIP-005-3a R1.6
Cyber Security Policy: CIP-003-3 R1
Cyber Security Policy Exceptions: CIP-003-3 R3
Cyber Security Incident Documentation: CIP-008-3 R2
Disposal or Redeployment: CIP-007-3 R7
Electronic Security Perimeter: CIP-005-3a R1.6
Incident Response Plan: CIP-008-3 R1
Information Protection Program: CIP-003-3 R4
Malware Prevention Tools: CIP-007-3 R4.1
Network Controls: CIP-005-3a R5.2
Non-Critical Cyber Assets: CIP-005-3a R1.6
Physical Security Plan: CIP-006-3d R1
Ports and Services: CIP-007-3 R2
Recovery Plans: CIP-009-3 R1
Review and Maintenance: CIP-007-3 R9
Risk-Based Assessment Methodology: CIP-002-3a R1.1
Security Awareness Program: CIP-004-3a R1
Security Patch Management: CIP-007-3 R3
Significant Change Test Results: CIP-007-3 R1.3
Training: CIP-004-3a R2.3
Electricity Sector Information Sharing and Analysis Center (ES-ISAC): CIP-008-3 R1.3
Electronic Access Control and Monitoring: CIP-005-3a R1.5
Emergency Situations: CIP-003-3 R1.1; CIP-004-3a R2.1, R3; CIP-007-3 R2
ESP Access Point
Access Controls: CIP-005-3a R2
Discovery: CIP-005-3a R4.3
Documenting: CIP-005-3a R1.6
Endpoint: CIP-005-3a Appendix
Identifying: CIP-005-3a R1.1, R1.2
2013 Copyright, Encari, LLC. This Security Awareness Bulletin is provided as complimentary service by Encari to aid entities in
complying with Requirement R1 of the NERC CIP Reliability Standard CIP-004. Each entity remains responsible, however, for
establishing that the dissemination and documented use of this Bulletin meets the requirements under Requirement R1 of the NERC CIP
Reliability Standard CIP-004.
Page of
CIP-004, R1: Encari Security Awareness Bulletin
Volume V, Issue I: March, 2013
Monitoring: CIP-005-3a R3
Ports and Services: CIP-005-3a R2.2, R4.2
Essential: CIP-002-3a Appendix
Information Protection: CIP-003-3 R4
Logs
Access Points: CIP-005-3a R3
Dial-up Accessible Critical Cyber Assets: CIP-005-3a R3.1
Electronic Access: CIP-005-3a R3
Physical Access: CIP-006-3d R6
Reportable Incidents: CIP-005-3a R5.3
Retention: CIP-007-3 R6.4
Shared Accounts: CIP-007-3 R5.2.3
System Events Related to Cyber Security: CIP-007-3 R6
User Account Access Activity: CIP-007-3 R5.1.2
Malicious Software Prevention: CIP-007-3 R4
Need to Know: CIP-007-3 R5.1
Network Management Community Strings: CIP-005-3a R4.4
Non-Critical Cyber Assets: CIP-005-3a R1.4; CIP-007-3
Non-Routable Protocol: CIP-005-3a R1.2, R3.1
Passwords
Age: CIP-007-3 R5.3.3
Complexity: CIP-007-3 R5.3.2
Default Accounts: CIP-007-3 R5.2.1
Length: CIP-007-3 R5.3.1
Technical and Procedural Controls: CIP-007-3 R5
Physical Security: CIP-006-3d
Ports and Services: CIP-005-3a R2.2, R4.2; CIP-007-3 R2, R8.2
Recovery Plan: CIP-009-3 R1
Recovery Plan Exercise: CIP-009-3 R3
Routable Protocol: CIP-002-3a R3.1 and R3.2
Personnel Risk Assessment: CIP-004-3a R3
Security Awareness: CIP-004-3a R1
Security Patch Management: CIP-007-3 R3
Security Status Monitoring: CIP-007-3 R6
Senior Manager: CIP-002-3a R4; CIP-003-3 R1.3, R2, R3; CIP-006-3d R1
Shared Accounts: CIP-007-3 R5.1, R5.2
Significant Change: CIP-007-3 R1
System Accounts: CIP-007-3 R5.1
Technical Feasibility Exceptions (Applicable Requirements):
CIP-005-3: R2.4, R2.6, R3.1 and R3.2
CIP-006-3c: R1.1, including the Interpretation in Appendix
CIP-007-3: R2.3, R3, R4, R5.3, 5.3.1, 5.3.2, 5.3.3, R6 and R6.3
Testing
Anti-virus and Malware Prevention Signature Updates: CIP-007-3 R4.2
2013 Copyright, Encari, LLC. This Security Awareness Bulletin is provided as complimentary service by Encari to aid entities in
complying with Requirement R1 of the NERC CIP Reliability Standard CIP-004. Each entity remains responsible, however, for
establishing that the dissemination and documented use of this Bulletin meets the requirements under Requirement R1 of the NERC CIP
Reliability Standard CIP-004.
Page of
CIP-004, R1: Encari Security Awareness Bulletin
Volume V, Issue I: March, 2013
Backup Media: CIP-009-3 R4
Incident Response Plan: CIP-008-3 R1.6
Physical Security Mechanisms: CIP-006-3d R8.1
Security Patches: CIP-007-3 R3
Significant Change: CIP-007-3 R1
Training: CIP-004-3a R2
Unauthorized Access: CIP-005-3a R3.2; CIP-006-3d Appendix 1;
User Activity: CIP-007-3 R5
Wiring: CIP-006-3d Appendix 1, Appendix
Looking for Helpful Resource?
NERC has established various email addresses with NERC internal distribution to the
primarily responsible person with additional backups to address questions. These email
addresses are posted on NERC’s website on the NERC ‘Company Overview’ webpage and
include the following:
For Audit Assurance and Oversight inquiries please click: AAO Email
For Best Practices inquiries please click: Best Practices Email
For CIPC Task Force and Committee inquiries please click: Task Force and
Committee Email
For Continuing Education inquiries please click: Continuing Education Email
For Electricity Sector Information Sharing and Analysis Center (ES ISAC)
(Unclassified only) inquires please click: ES ISAC Email
RSS (Really Simple Syndication) feeds can be very helpful. These subscriptions will keep
you and your staff current on the latest news as it hits the web. Open source readers and
aggregators are readily available; search “RSS Readers.”
Subscribing to an RSS feed is great way to remain current on security issues and
regulatory information. Below are some of our favorites:
Security System News
http://www.securitysystemsnews.com/feed/topstories
NIST IT Security
http://www.nist.org/nist_plugins/rss_menu/rss.php?1.2
What’s New at FERC
http://www.ferc.gov/xml/whats-new.xml
FERC Technical Conferences
http://www.ferc.gov/xml/technical-conferences.xml
US-CERT Cybersecurity Bulletins
http://www.us-cert.gov/channels/bulletins.rdf
Do you have topic to include future Encari Security Awareness Bulletin, feedback
or question concerning any material contained in this bulletin? Contact us at
awareness@encari.com
2013 Copyright, Encari, LLC. This Security Awareness Bulletin is provided as complimentary service by Encari to aid entities in
complying with Requirement R1 of the NERC CIP Reliability Standard CIP-004. Each entity remains responsible, however, for
establishing that the dissemination and documented use of this Bulletin meets the requirements under Requirement R1 of the NERC CIP
Reliability Standard CIP-004.
Page of
Related documents
Taxonomic principles and tools in botanical research
Taxonomic principles and tools in botanical research
About the Water Security Knowledge Exchange Programme
About the Water Security Knowledge Exchange Programme
2015 Project for Updating Reliability Standards
2015 Project for Updating Reliability Standards
Request to Develop a Definition Form
Request to Develop a Definition Form
Florida Information Technology Resource Security Policies and
Florida Information Technology Resource Security Policies and
CIPUG_Presentation_June4_CIP v5 LessonsLearnedUpdate
CIPUG_Presentation_June4_CIP v5 LessonsLearnedUpdate
Cyber-Security Awareness PowerPoint
Cyber-Security Awareness PowerPoint
The science of volcanoes from subsurface to impact
The science of volcanoes from subsurface to impact
GS10-Villafranca - Institute of Public Utilities
GS10-Villafranca - Institute of Public Utilities
Download
advertisement