Compliance
NERC Reliability Standards for Critical Infrastructure Protection
Regulation Summary
Pursuant to the Federal Power Act of 2005, in January 2008, the Federal Energy Regulatory Commission (FERC) approved a set of mandatory reliability standards for the protection of critical infrastructure associated with the electric power industry. Developed by the North American Electric Reliability Corporation (NERC), CIP-002 through CIP-009 provide a framework for the identification and protection of critical cyber assets to support reliable operation of the bulk power system. Applicable to virtually all users, owners, and operators of the power grid, these standards include key elements of network security best practices, such as:
- Identification and change control for critical systems
- Boundary protection and access control
- Monitoring and detection of unauthorized access
- Vulnerability assessment
- Incident response
Enterprise Threat Management for Electric Utilities and Power Companies
Faced with the penalties for non-compliance – up to $1 Million per day per violation – electric utilities and bulk power companies need a comprehensive, enterprise security system that will address these common, best practice control objectives: information security, vulnerability assessment, asset identification, configuration policy, threat detection and response, policy enforcement and monitoring.
Built on Snort, the de facto standard for intrusion detection and prevention (IDS/IPS), The award winning Sourcefire 3D™ System provides customers with a “Discover, Determine, Defend” framework, enabling you to discover threats accurately as they occur, determine their impact and severity, and defend your network by stopping threats in their tracks. Sourcefire enables its customers to protect their computer networks in an effective, efficient and highly automated manner. Sourcefire security products can analyze security events in real-time and enable automated responses before, during, and after an attack.
- Before – See everything on you network including policy violations and vulnerabilities, so that you can harden assets and minimize the target area
- During – Know the attack, its impact, and whether or not it was blocked
- After – Minimize the impact by knowing where the attack occurred and what action to take
Sourcefire Supports NERC Requirements
The Sourcefire 3D System helps your organization meet or exceed specific NERC requirements. The table below shows a few examples of common control objectives that Sourcefire supports.
| NERC Requirement |
The Benefits of the Sourcefire 3D System |
CIP-002-R3 Critical Asset Identification
CIP-005-R1.6 Documentation for Perimeter Assets |
Generates profiles for all networked hosts enabling automated identification of cyber assets associated with critical applications and systems. |
| CIP-003-R6 Change Control and Configuration Management |
Enables administrators to implement baseline configuration policies for endpoints, subnets, and networks. Automates monitoring and enforcement of configuration policy. |
| CIP-005-R2 Electronic Access Controls |
Detects and documents activity associated with unapproved ports and services. Alerts and corrective actions can easily be configured. |
| CIP-005-R3 Monitoring Electronic Access |
Applies state-of-the-art intrusion detection and prevention capabilities to detect and alert for attempts at or actual unauthorized access. |
| CIP-005-R4 Cyber Vulnerability Assessment |
Creates a real-time profile of the operating system, applications, services, ports, etc. for every host and maps that against a database of 13,000+ known vulnerabilities using passive, non-disruptive techniques. |
| CIP-007-R2 Ports and Services |
Compliance white lists can be configured to monitor and automatically enforce acceptable ports and services lists |
| CIP-007-R4 Malicious Software Prevention |
Anti-malware VRT rules meet the requirements for anti-malware prevention and can augment existing anti-virus tools |
| CIP-007-R6 Security Status Monitoring |
IPS and RNA satisfy multiple security best practices for providing continuous 24x7 monitoring of security incidents and policy violations |
| CIP-008-R1 Incident Response Plan |
Provides detailed flow and packet-capture information to reveal the anatomy of successful attacks and accelerate the recovery process. |
|
