Developed by the North American Electric Reliability Corporation (NERC), CIP-002 through CIP-009 provide a framework for the identification and protection of critical cyber assets to support reliable operation of the bulk power system. Applicable to virtually all users, owners, and operators of the power grid, these standards include key elements of network security best practices, such as:
Intelligent Cybersecurity for Electric Utilities and Power Companies
Faced with the penalties for non-compliance—up to $1 Million per day per violation—electric utilities and bulk power companies need a comprehensive, enterprise security system that will address these common, best practice control objectives: Information security, vulnerability assessment, asset identification, configuration policy, threat detection and response, policy enforcement and monitoring. Built on Snort®, the de facto standard for intrusion detection and prevention (IDS/IPS), the award winning Sourcefire Next-Generation IPS (NGIPS) enables customers to discover threats accurately as they occur, determine their impact and severity, and defend their network by stopping threats in their tracks. Sourcefire enables its customers to protect their computer networks in an effective, efficient, and highly automated manner. Sourcefire's intelligent cybersecurity products can analyze security events in real time and enable automated responses before, during, and after an attack.
Sourcefire Supports NERC Requirements
Sourcefire helps your organization meet or exceed specific NERC requirements. The table below shows a few examples of common control objectives that Sourcefire supports.
|NERC Requirement||The Sourcefire Approach|
|CIP-002-R3 Critical Asset Identification - CIP-005-R1.6 Documentation for Perimeter Assets||Generates profiles for networked hosts enabling automated identification of cyber assets associated with critical applications and systems.|
|CIP-003-R6 Change Control and Configuration Management||Enables administrators to implement baseline configuration policies for endpoints, subnets, and networks. Automates monitoring and enforcement of configuration policy.|
|CIP-005-R2 Electronic Access Controls||Detects and documents activity associated with unapproved ports and services. Alerts and corrective actions can easily be configured.|
|CIP-005-R3 Monitoring Electronic Access||Applies state-of-the-art intrusion detection and prevention capabilities to detect and alert for attempts at or actual unauthorized access.|
|CIP-005-R4 Cyber Vulnerability Assessment||Creates a real-time profile of the operating system, applications, services, ports, etc. for every host and maps that against a database of known vulnerabilities using passive, non-disruptive techniques.|
|CIP-007-R2 Ports and Services||Compliance white lists can be configured to monitor and automatically enforce acceptable ports and services lists.|
|CIP-007-R4 Malicious Software Prevention||Anti-malware VRT rules meet the requirements for anti-malware prevention and can augment existing anti-virus tools.|
|CIP-007-R6 Security Status Monitoring||Sourcefire NGIPS and FireSIGHT® satisfy multiple security best practices for providing continuous 24x7 monitoring of security incidents and policy violations.|
|CIP-008-R1 Incident Response Plan||Provides detailed flow and packet-capture information to reveal the anatomy of successful attacks and accelerate the recovery process.|