These are rules that have been mandated by the Federal Energy Regulatory Commission (FERC), and have been written by the North American Electric Reliability Corporation (NERC). They are broken down into nine rules:
- CIP-001 – Sabotage reporting
- CIP-002 – Critical cyber asset identification
- CIP-003 – Security management controls
- CIP-004 – Personnel and training
- CIP-005 – Electronic security perimeters
- CIP-006 – Physical security of critical cyber assets
- CIP-007 – Systems security management
- CIP-008 – Incident reporting and response planning
- CIP-009 – Recovery plans for critical cyber assets
Our suite of products can assist with NERC compliance, in particular the log management solutions that we carry.
To start, every organization should have a firewall, the Sophos UTM, allows organizations to choose the level of security that is required from a simply firewall to a robust next generation firewall – including application control and threat detection.
Along with the UTM, an organization should consider the purchase of some form of End Point Security(Sophos or Kaspersky), that will protect the users mobile devices/laptops. Endpoint protection provides for virus detection and removal, as well as data protection, enabling the organization to ensure that data stays in the organization and not transmitted via USB or email to inappropriate parties.
Netclarity Network Access Control, which enables organizations to determine who is on their network, automatically directing any untrusted asset to a guest area only. It provides for a snapshot of network assets, patch level, as well as deny any unknown traffic from your confidential information. With NetClarity, you can also develop a security policies and procedures manual, which can be updated as required, complete with time stamps of when changes were made. In addition it will block any traffic that is being sent out of the network to command and control centers.
Review of log files is essential for NERC as this provides detailed information as to the activity in your organization. Depending on your budget, expertise and requirement, we currently offer several Log Management tools.
Contact us for information on any of the products/services we offer, and how they can assist you with your compliance requirements.
You can visit our white papers section of additional information on our products and how they can assist with compliance.