Compliance Reports: North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC CIP)

Document created by RSA Information Design and Development on May 25, 2016•Last modified by RSA Information Design and Development on Oct 8, 2018

Version 166Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

The NERC CIP compliance reports in RSA NetWitness are based on North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) program requirements.

The CIP program coordinates NERC’s efforts to improve physical and cyber security for the bulk power system of North America as it pertains to reliability. This includes standards development, compliance enforcement, assessments of risk and preparedness, disseminating critical information via alerts to industry, and raising awareness of key issues.

Dependencies

The NERC CIP compliance reports have the following dependencies.

SA Rules	SA Lists	App Rules
Access to Compliance Systems Details Access to Compliance Systems Summary Accounts Created Accounts Deleted Accounts Modified Admin Access to Compliance Systems Details Admin Access to Compliance Systems Summary Antivirus Signature Update Failed Remote Access Details Failed Remote Access Summary Firewall Configuration Changes Firmware Changes on Wireless Devices Group Management Logon Failures Details Logon Failures Summary Router Configuration Changes Successful Escalation of Privileges Details Successful Escalation of Privileges Summary Successful Remote Access Details Successful Remote Access Summary User Access Revoked User Access to Compliance Systems Details User Access to Compliance Systems Summary	Administrative Users Compliance Data Compliance Systems	account:created account:deleted account:modified account:logon-success access:remote-failure access:remote-success av:signature-update config:fw-config-changes config:firmware-config-changes account:group-management account:logon-failure config:router-change access:privilege-escalation-success access:user-access-revoked

SA Rules

SA Lists

App Rules

Access to Compliance Systems Details

Access to Compliance Systems Summary

Accounts Created

Accounts Deleted

Accounts Modified

Admin Access to Compliance Systems Details

Admin Access to Compliance Systems Summary

Antivirus Signature Update

Failed Remote Access Details

Failed Remote Access Summary

Firewall Configuration Changes

Firmware Changes on Wireless Devices

Group Management

Logon Failures Details

Logon Failures Summary

Router Configuration Changes

Successful Escalation of Privileges Details

Successful Escalation of Privileges Summary

Successful Remote Access Details

Successful Remote Access Summary

User Access Revoked

User Access to Compliance Systems Details

User Access to Compliance Systems Summary

Administrative Users

Compliance Data

Compliance Systems

account:created

account:deleted

account:modified

account:logon-success

access:remote-failure

access:remote-success

av:signature-update

config:fw-config-changes

config:firmware-config-changes

account:group-management

account:logon-failure

config:router-change

access:privilege-escalation-success

access:user-access-revoked

Citations

The NERC CIP reports have the following Citations.

Report Rule	Citation Number	Citation Description
Access to Compliance Data - Detail	NERC CIP-003-4 R3:	The Responsible Entity shall implement and document a program to identify, classify and protect information associated with Critical Cyber Assets.
Access to Compliance Data - Top 25	NERC CIP-003-4 R3:	The Responsible Entity shall implement and document a program to identify, classify and protect information associated with Critical Cyber Assets.
Accounts Created	CIP-007-4 R5.1.1	The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.
Accounts Deleted	CIP-007-4 R5.1.1	The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.
Accounts Modified	CIP-007-4 R5.1.1	The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.
Admin Access to Compliance Systems - Detail	CIP-007-4 R5.1.2	The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.
Admin Access to Compliance Systems - Top 25	CIP-007-4 R5.1.2	The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.
Antivirus Signature Update	NERC CIP-007-4 R4.2	The Responsible Entity shall document and implement a process for the update of antivirus and malware prevention "signatures."
Escalation of Privileges - Detail	NERC CIP-004-4 R4.1:	The Responsible Entity shall review the lists of its personnel...or any change in the access rights of such personnel.
Escalation of Privileges - Top 25	NERC CIP-004-4 R4.1:	The Responsible Entity shall review the lists of its personnel...or any change in the access rights of such personnel.
Failed Remote Access - Detail	CIP-005-4a	Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.
Failed Remote Access - Top 25	CIP-005-4a	Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.
Firewall Configuration Changes	NERC CIP-003-4 R6:	Change Control and Configuration Management.
Firmware Changes Wireless Devices	NERC CIP-003-4 R6:	Change Control and Configuration Management.
Group Management	NERC CIP-007-4 R5.1.1:	The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.
Logon Failures - Detail	CIP-005-4a	Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.
Logon Failures - Top 25	CIP-005-4a	Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.
Router Configuration Changes	NERC CIP-003-4 R6:	Change Control and Configuration Management.
Successful Remote Access - Detail	NERC CIP-005-4a R3:	Monitoring Electronic Access.
Successful Remote Access - Top 25	NERC CIP-005-4a R3:	Monitoring Electronic Access.
User Access Revoked	CIP-004-4 R4.2	The Responsible Entity shall Revoke such access to Critical Cyber Assets within 24 hours for personnel terminated for cause and within seven calendar days for personnel who no longer require such access to Critical Cyber Assets
User Access to Compliance Systems - Detail	CIP-007-4 R5.1.2	The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.
User Access to Compliance Systems - Top 25	CIP-007-4 R5.1.2	The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.

You are here

Table of Contents > Compliance Reports: North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC CIP)

Compliance Reports: North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC CIP)

Dependencies

Citations

Attachments

Outcomes

Related Content

Recommended Content

Incoming Links