Skip to content
  • There are no suggestions because the search field is empty.

Compliance Reports: North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC CIP)

The NERC CIP compliance reports in RSA NetWitness are based on North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) program requirements.

The CIP program coordinates NERC’s efforts to improve physical and cyber security for the bulk power system of North America as it pertains to reliability. This includes standards development, compliance enforcement, assessments of risk and preparedness, disseminating critical information via alerts to industry, and raising awareness of key issues.

Dependencies

The NERC CIP compliance reports have the following dependencies.

  • SA Rules:

    Access to Compliance Systems Details

    Access to Compliance Systems Summary

    Accounts Created

    Accounts Deleted

    Accounts Modified

    Admin Access to Compliance Systems Details

    Admin Access to Compliance Systems Summary

    Antivirus Signature Update

    Failed Remote Access Details

    Failed Remote Access Summary

    Firewall Configuration Changes

    Firmware Changes on Wireless Devices

    Group Management

    Logon Failures Details

    Logon Failures Summary

    Router Configuration Changes

    Successful Escalation of Privileges Details

    Successful Escalation of Privileges Summary

    Successful Remote Access Details

    Successful Remote Access Summary

    User Access Revoked

    User Access to Compliance Systems Details

    User Access to Compliance Systems Summary

  • SA Lists:

    Administrative Users

    Compliance Data

    Compliance Systems

  • App Rules:

    account:created

    account:deleted

    account:modified

    account:logon-success

    access:remote-failure

    access:remote-success

    av:signature-update

    config:fw-config-changes

    config:firmware-config-changes

    account:group-management

    account:logon-failure

    config:router-change

    access:privilege-escalation-success

    access:user-access-revoked


Citations

The NERC CIP reports have the following Citations.

  • Report Rule: Access to Compliance Data - Detail
  • Citation Number: NERC CIP-003-4 R3:
  • Citation Description: The Responsible Entity shall implement and document a program to identify, classify and protect information associated with Critical Cyber Assets.

  • Report Rule: Access to Compliance Data - Top 25
  • Citation Number: NERC CIP-003-4 R3:
  • Citation Description: The Responsible Entity shall implement and document a program to identify, classify and protect information associated with Critical Cyber Assets.

  • Report Rule: Accounts Created
  • Citation Number: CIP-007-4 R5.1.1
  • Citation Description: The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.

  • Report Rule: Accounts Deleted
  • Citation Number: CIP-007-4 R5.1.1
  • Citation Description: The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.

  • Report Rule: Accounts Modified
  • Citation Number: CIP-007-4 R5.1.1
  • Citation Description: The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.

  • Report Rule: Admin Access to Compliance Systems - Detail
  • Citation Number: CIP-007-4 R5.1.2
  • Citation Description: The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.

  • Report Rule: Admin Access to Compliance Systems - Top 25
  • Citation Number: CIP-007-4 R5.1.2
  • Citation Description: The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.

  • Report Rule: Antivirus Signature Update
  • Citation Number: NERC CIP-007-4 R4.2
  • Citation Description: The Responsible Entity shall document and implement a process for the update of antivirus and malware prevention "signatures."

  • Report Rule: Escalation of Privileges - Detail
  • Citation Number: NERC CIP-004-4 R4.1:
  • Citation Description: The Responsible Entity shall review the lists of its personnel...or any change in the access rights of such personnel.

  • Report Rule: Escalation of Privileges - Top 25
  • Citation Number: NERC CIP-004-4 R4.1:
  • Citation Description: The Responsible Entity shall review the lists of its personnel...or any change in the access rights of such personnel.

  • Report Rule: Failed Remote Access - Detail
  • Citation Number: CIP-005-4a
  • Citation Description: Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.

  • Report Rule: Failed Remote  Access - Top 25
  • Citation Number: CIP-005-4a
  • Citation Description: Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.

  • Report Rule: Firewall Configuration Changes
  • Citation Number: NERC CIP-003-4 R6:
  • Citation Description: Change Control and Configuration Management.

  • Report Rule: Firmware Changes Wireless Devices
  • Citation Number: NERC CIP-003-4 R6:
  • Citation Description: Change Control and Configuration Management.

  • Report Rule: Group Management
  • Citation Number: NERC CIP-007-4 R5.1.1:
  • Citation Description: The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel.

  • Report Rule: Logon Failures - Detail
  • Citation Number: CIP-005-4a
  • Citation Description: Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.

  • Report Rule: Logon Failures - Top 25
  • Citation Number: CIP-005-4a
  • Citation Description: Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses.

  • Report Rule: Router Configuration Changes
  • Citation Number: NERC CIP-003-4 R6:
  • Citation Description: Change Control and Configuration Management.

  • Report Rule: Successful Remote Access - Detail
  • Citation Number: NERC CIP-005-4a R3:
  • Citation Description: Monitoring Electronic Access.

  • Report Rule: Successful Remote Access - Top 25
  • Citation Number: NERC CIP-005-4a R3:
  • Citation Description: Monitoring Electronic Access.

  • Report Rule: User Access Revoked
  • Citation Number: CIP-004-4 R4.2
  • Citation Description: The Responsible Entity shall Revoke such access to Critical Cyber Assets within 24 hours for personnel terminated for cause and within seven calendar days for personnel who no longer require such access to Critical Cyber Assets

  • Report Rule: User Access to Compliance Systems - Detail
  • Citation Number: CIP-007-4 R5.1.2
  • Citation Description: The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.

  • Report Rule: User Access to Compliance Systems - Top 25
  • Citation Number: CIP-007-4 R5.1.2
  • Citation Description: The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of 90 days.

docFeedback.png

You are here
Table of Contents > Compliance Reports: North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC CIP)