Critical Infrastructure Protection (CIP) is not only required under the North American Electric Reliability Corporation (NERC) compliance standards, but it is also is subject to enforcement if not followed.
What is NERC CIP-010-2 and Why Is It Important?
CIP-010-2 focuses specifically on cybersecurity, and more specifically on configuration change management and vulnerability assessments. As stated by NERC, Standard CIP-010 exists as part of a suite of CIP Standards related to cybersecurity, which require the initial identification and categorization of BES Cyber Systems and require a minimum level of organizational, operational and procedural controls to mitigate risk to BES Cyber Systems.
Change Management And YouAs previously discussed in Change Monitoring vs Control vs Management, the process of making decisions regarding a network along with effective security policy and change monitoring is at the crux of change management. Control and monitoring must occur in order to be managed, and combining automation-based insight and policy will allow for better enterprise-wide change management.
How Can FIM Help?
In a basic sense, File Integrity Monitoring is an IT security technology used to detect changes in an organization’s IT environment by making comparisons against a known state. In 2015, we asked the question, How are you detecting against dangerous changes and malware injections? Our question for 2017 is the more of the same.
Many companies find FIM to be extremely useful for ensuring the security of data and systems. With the ability to quickly detect changes, an organization can rapidly respond to threats that could take down critical IT systems or lead to a data breach. Many traditional IT security tools are not able to offer enough protection as APT's and zero-day malware has become the norm. Matt Hamblen's recent article regarding enterprise attacks appears to put the current state of enterprise cyberattacks into perspective.
How FIM helps With Configuration Change Management
Specifically, CIP-0-10-2 calls for configuration change management and configuration monitoring. Though the full listing of CIP standards can be overwhelming, we have compiled an excerpt of some of the key requirements of configuration change management and configuration monitoring to be followed from NERC.
CIP-010-2 CONFIGURATION CHANGE MANAGEMENT
|1.1||Develop a baseline configuration, individually or by a group.|
|Authorize and document changes that deviate from the existing baseline configuration.|
|For a change that deviates from the existing baseline configuration, update the baseline configuration as necessary within 30 calendar days of completing the change.|
|1.4||For a change that deviates from the existing baseline configuration: Determine required cyber security controls that could be impacted by the change.|
Where technically feasible, for each change that deviates from the existing baseline configuration
1.5.1: Prior to implementing any change in the production environment, test the changes in a test environment or test the changes in a production environment where the test is performed in as manner that minimized adverse effects.
1.5.2 Document the results of the testing.
CIP-010-2 CONFIGURATION MONITORING
|2.1||Monitor at least once ever 35 calendar days for changes to the baseline configuration (as described in Requirement R1, Part1.1). Document and investigate detected unauthorized changes.|
Because FIM tools are able to “see” all changes that are happening, file integrity monitoring is a very valuable asset to have as part of your IT security defenses. File integrity monitoring is required to achieve compliance with numerous regulations as part of a comprehensive IT security strategy. Learn more about proactive change control options and configuration management features with CimTrak.
May 11, 2017