I apologize,
but it seems I’ve fallen behind my minimum quarterly requirement of posts that
quote from Lew Folkerth of RF. I just discovered Lew wrote a great article on
configuration baselines and CIP-010 R1 for the RF Newsletter
dated November/December 2017. You can find it by clicking on The Lighthouse in
the table of contents on the left side of the page. I was also pleased to note
that RF will now send out emails when new newsletters come out (which is
bi-monthly), so neither you nor I will miss any future articles from Lew.
The article
speaks for itself, but here are the points I found most interesting[i]:
- Installed software and firmware listed in CIP-010 R1
should match software and firmware listed in CIP-007 R2 (Patch
Management). Auditors check for this now, so you should definitely make
sure they match on a regular basis, and even sync the two lists up if possible
(page 16, last column).
- A good tip for simplifying the job of CIP-007 R1 (Ports
and Services) documentation by leveraging information from the baseline (p.
17, first column).
- Benefits of a good baseline for incident response (p. 17,
first column).
- Lew’s recommended list of software and firmware to include
in the baseline (p. 17, third column).
- Lew recommends that firewall rules be under change
management, whether or not they’re included in the baseline for the
firewall.
- The box about scripts on page 18 is worth the price of
admission by itself! And that certainly doesn’t mean it’s worthless, even
though admission to the article is free.
I recommend you all read the article, as well
as subscribe to the newsletter.
If you would like to comment on what you have read here, I
would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that
Tom Alrich LLC can help you with NERC CIP issues or challenges like what is
discussed in this post. To discuss this, you can email me at the same address
or call me at 312-515-8996.
Any opinions expressed in this blog post are quite
definitely those of my employer, Tom Alrich LLC! If you disagree with what I’ve
said, I suggest you take the matter up with them.
[i]
A few of these aren’t new – in fact, I’ve written about them in previous posts)
– but they’re worth repeating.
No comments:
Post a Comment