Compliance Reports: North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC CIP)

Document created by RSA Information Design and Development on May 25, 2016Last modified by RSA Information Design and Development on Oct 8, 2018
Version 166Show Document
  • View in full screen mode
 

The NERC CIP compliance reports in RSA NetWitness are based on North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) program requirements.

The CIP program coordinates NERC’s efforts to improve physical and cyber security for the bulk power system of North America as it pertains to reliability. This includes standards development, compliance enforcement, assessments of risk and preparedness, disseminating critical information via alerts to industry, and raising awareness of key issues.

Dependencies

The NERC CIP compliance reports have the following dependencies.

                  
SA RulesSA ListsApp Rules

Access to Compliance Systems Details

Access to Compliance Systems Summary

Accounts Created

Accounts Deleted

Accounts Modified

Admin Access to Compliance Systems Details

Admin Access to Compliance Systems Summary

Antivirus Signature Update

Failed Remote Access Details

Failed Remote Access Summary

Firewall Configuration Changes

Firmware Changes on Wireless Devices

Group Management

Logon Failures Details

Logon Failures Summary

Router Configuration Changes

Successful Escalation of Privileges Details

Successful Escalation of Privileges Summary

Successful Remote Access Details

Successful Remote Access Summary

User Access Revoked

User Access to Compliance Systems Details

User Access to Compliance Systems Summary

Administrative Users

Compliance Data

Compliance Systems

account:created

account:deleted

account:modified

account:logon-success

access:remote-failure

access:remote-success

av:signature-update

config:fw-config-changes

config:firmware-config-changes

account:group-management

account:logon-failure

config:router-change

access:privilege-escalation-success

access:user-access-revoked

Citations

The NERC CIP reports have the following Citations.

                                                                                                                                
Report RuleCitation NumberCitation Description
Access to Compliance Data - DetailNERC CIP-003-4 R3:The Responsible Entity shall implement and document a program to identify, classify and protect information associated with Critical Cyber Assets.
Access to Compliance Data - Top 25NERC CIP-003-4 R3:The Responsible Entity shall implement and document a program to identify, classify and protect information associated with Critical Cyber Assets.
Accounts CreatedCIP-007-4 R5.1.1The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.
Accounts DeletedCIP-007-4 R5.1.1The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.
Accounts ModifiedCIP-007-4 R5.1.1The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.
Admin Access to Compliance Systems - DetailCIP-007-4 R5.1.2The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.
Admin Access to Compliance Systems - Top 25CIP-007-4 R5.1.2The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.
Antivirus Signature UpdateNERC CIP-007-4 R4.2The Responsible Entity shall document and implement a process for the update of antivirus and malware prevention "signatures."
Escalation of Privileges - DetailNERC CIP-004-4 R4.1:  The Responsible Entity shall review the lists of its personnel...or any change in the access rights of such personnel.
Escalation of Privileges - Top 25NERC CIP-004-4 R4.1:  The Responsible Entity shall review the lists of its personnel...or any change in the access rights of such personnel.
Failed Remote Access - DetailCIP-005-4aWhere technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.
Failed Remote  Access - Top 25CIP-005-4aWhere technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.
Firewall Configuration ChangesNERC CIP-003-4 R6:  Change Control and Configuration Management.
Firmware Changes Wireless DevicesNERC CIP-003-4 R6:  Change Control and Configuration Management.
Group ManagementNERC CIP-007-4 R5.1.1: The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.
Logon Failures - DetailCIP-005-4aWhere technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.
Logon Failures - Top 25CIP-005-4aWhere technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.
Router Configuration ChangesNERC CIP-003-4 R6:  Change Control and Configuration Management.
Successful Remote Access - DetailNERC CIP-005-4a R3:Monitoring Electronic Access.
Successful Remote Access - Top 25NERC CIP-005-4a R3:Monitoring Electronic Access.
User Access RevokedCIP-004-4 R4.2The Responsible Entity shall Revoke such access to Critical Cyber Assets within 24 hours for personnel terminated for cause and within seven calendar days for personnel who no longer require such access to Critical Cyber Assets
User Access to Compliance Systems - DetailCIP-007-4 R5.1.2The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.
User Access to Compliance Systems - Top 25CIP-007-4 R5.1.2The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.
You are here
Table of Contents > Compliance Reports: North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC CIP)

Attachments

    Outcomes