Critical Infrastructure Protection (CIP) is not only required under the North American Electric Reliability Corporation (NERC) compliance standards, but it is also is subject to enforcement if not followed.
CIP-010-2 focuses specifically on cybersecurity, and more specifically on configuration change management and vulnerability assessments. As stated by NERC, Standard CIP-010 exists as part of a suite of CIP Standards related to cybersecurity, which require the initial identification and categorization of BES Cyber Systems and require a minimum level of organizational, operational and procedural controls to mitigate risk to BES Cyber Systems.
In a basic sense, File Integrity Monitoring is an IT security technology used to detect changes in an organization’s IT environment by making comparisons against a known state. In 2015, we asked the question, How are you detecting against dangerous changes and malware injections? Our question for 2017 is the more of the same.
Many companies find FIM to be extremely useful for ensuring the security of data and systems. With the ability to quickly detect changes, an organization can rapidly respond to threats that could take down critical IT systems or lead to a data breach. Many traditional IT security tools are not able to offer enough protection as APT's and zero-day malware has become the norm. Matt Hamblen's recent article regarding enterprise attacks appears to put the current state of enterprise cyberattacks into perspective.
Specifically, CIP-0-10-2 calls for configuration change management and configuration monitoring. Though the full listing of CIP standards can be overwhelming, we have compiled an excerpt of some of the key requirements of configuration change management and configuration monitoring to be followed from NERC.
|1.1||Develop a baseline configuration, individually or by a group.|
|Authorize and document changes that deviate from the existing baseline configuration.|
|For a change that deviates from the existing baseline configuration, update the baseline configuration as necessary within 30 calendar days of completing the change.|
|1.4||For a change that deviates from the existing baseline configuration: Determine required cyber security controls that could be impacted by the change.|
Where technically feasible, for each change that deviates from the existing baseline configuration
1.5.1: Prior to implementing any change in the production environment, test the changes in a test environment or test the changes in a production environment where the test is performed in as manner that minimized adverse effects.
1.5.2 Document the results of the testing.
|2.1||Monitor at least once ever 35 calendar days for changes to the baseline configuration (as described in Requirement R1, Part1.1). Document and investigate detected unauthorized changes.|
Because FIM tools are able to “see” all changes that are happening, file integrity monitoring is a very valuable asset to have as part of your IT security defenses. File integrity monitoring is required to achieve compliance with numerous regulations as part of a comprehensive IT security strategy. Learn more about proactive change control options and configuration management features with CimTrak.
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".