I apologize, but it seems I’ve fallen behind my minimum quarterly requirement of posts that quote from Lew Folkerth of RF. I just discovered Lew wrote a great article on configuration baselines and CIP-010 R1 for the RF Newsletter dated November/December 2017. You can find it by clicking on The Lighthouse in the table of contents on the left side of the page. I was also pleased to note that RF will now send out emails when new newsletters come out (which is bi-monthly), so neither you nor I will miss any future articles from Lew.
The article speaks for itself, but here are the points I found most interesting[i]:
- Installed software and firmware listed in CIP-010 R1 should match software and firmware listed in CIP-007 R2 (Patch Management). Auditors check for this now, so you should definitely make sure they match on a regular basis, and even sync the two lists up if possible (page 16, last column).
- A good tip for simplifying the job of CIP-007 R1 (Ports and Services) documentation by leveraging information from the baseline (p. 17, first column).
- Benefits of a good baseline for incident response (p. 17, first column).
- Lew’s recommended list of software and firmware to include in the baseline (p. 17, third column).
- Lew recommends that firewall rules be under change management, whether or not they’re included in the baseline for the firewall.
- The box about scripts on page 18 is worth the price of admission by itself! And that certainly doesn’t mean it’s worthless, even though admission to the article is free.
I recommend you all read the article, as well as subscribe to the newsletter.
If you would like to comment on what you have read here, I would love to hear from you. Please email me at firstname.lastname@example.org. Please keep in mind that Tom Alrich LLC can help you with NERC CIP issues or challenges like what is discussed in this post. To discuss this, you can email me at the same address or call me at 312-515-8996.
Any opinions expressed in this blog post are quite definitely those of my employer, Tom Alrich LLC! If you disagree with what I’ve said, I suggest you take the matter up with them.
[i] A few of these aren’t new – in fact, I’ve written about them in previous posts) – but they’re worth repeating.