LogRhythm, the leader in Log and Security Event Management Solutions, has prepared a "Quick Read" whitepaper to help you understand what's required to ensure compliance with: CIP- 003-1 – Cyber Security – Security Management controls; CIP- 005-1 – Cyber Security – Electronic Security Perimeter(s); CIP- 006-1 – Cyber Security – Physical Security of Critical Cyber Assets; CIP -007-1 – Cyber Security – Systems Security Management; CIP -008-1 – Cyber Security – Incident Reporting and Response PlanningThe whitepaper also contains a compliance reference chart with the specific CIP requirements matched with recommended steps to ensure compliance.
LogRhythm and NERC CIP Compliance
The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to "ensure that the bulk electric system in North America is reliable, adequate and secure." As the federally designated Electric Reliability Organization (ERO) in North America, NERC maintains comprehensive reliability standards that define requirements for planning and operating the collective bulk power system. Among these are the Critical Infrastructure Protection (CIP) Cyber Security Standards, which are intended to ensure the protection of the Critical Cyber Assets that control or effect the reliability of North America's bulk electric systems.
In 2006, the Federal Energy Regulatory Commission (FERC) approved the Security and Reliability Standards proposed by NERC, making the CIP Cyber Security Standards mandatory and enforceable across all users, owners and operators of the bulk-power system. After going into effect in June 2006, initial compliance auditing began in June 2007.
The collection, management, and analysis of log data are integral to meeting many NERC CIP requirements. IT environments consist of heterogeneous devices, systems, and applications all reporting log data. Millions of individual log entries can be generated daily if not hourly. The task of assembling this information can be overwhelming in itself. The additional requirements of analyzing and reporting on log data render manual processes or homegrown remedies inadequate and costly. LogRhythm Report Center Screenshot LogRhythm has extensive experience in helping organizations improve their overall security and compliance posture while reducing costs. Log collection, archive, and recovery are fully automated across the entire IT infrastructure. LogRhythm automatically performs the first level of log analysis. Log data is categorized, identified, and normalized for easy analysis and reporting. LogRhythm's powerful alerting capability automatically identifies the most critical issues and notifies relevant personnel. LogRhythm's out-of-the box NERC CIP reporting package ensures you meet your reporting requirements.
The CIP 002-009 Standards provides the minimum requirements of the NERC CIP Cyber Security Standards. The remainder of this paper lists the applicable CIP standards that LogRhythm is directly aligned with. For each requirement, an explanation of how LogRhythm supports compliance is provided. Copyright 2008 LogRhythm, Inc. All Rights Reserved Page 1 of 9 LogRhythm Compliance Support for NERC CIP
CIP- Cyber Security - Security Management Controls
003- 1 Standard CIP-003 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets.
Compliance Requirement
How LogRhythm Supports Compliance
LogRhythm collects all access activity. LogRhythm reports provide easy and
Review at least annually the access privileges to protected information independent review of access control settings and enforcement.
R5.2 to confirm that access privileges are correct and that they correspond Example Reports:
with the Responsible Entity's needs and appropriate personnel roles
. Successful/Failed Host Access by User
and responsibilities.
. Successful/Failed Application Access by User
. Successful/Failed File Access by User
LogRhythm ensures change control policies are adhered to. LogRhythm's file
integrity monitoring capabilities detect the following changes to the file system:
Establish and document a process of change control and configuration
.
management for adding, modifying, replacing, or removing Critical
Additions
.
Cyber Asset hardware or software, and implement supporting
Modifications
R6
configuration management activities to identify, control and document
. Deletions
all entity or vendor-related changes to hardware and software
. Permissions
components of Critical Cyber Assets pursuant to the change control
process.
LogRhythm analysis & reporting capabilities allow you to monitor configuration
changes. LogRhythm alerting detects and notifies of changes to specific
configurations.
CIP-Cyber Security - Electronic Security Pe... [download for more]
