|
NERC (North American Electric Reliability Corporation) is a nonprofit corporation designated to ensuring that the "bulk electric system in North America is reliable, adequate and secure.” NERC maintains reliability standards to meet known as the CIP (Critical Infrastructure Protection) standards. These NERC CIP001-CIP009 standards cover physical, electronic and personnel security, along with training and awareness programs and specify the minimum requirements to support the reliability of the electrical system.
All organizations who are involved with the bulk electrical network in North America are subject to these standards. NERC's implementation calendar plans for all organizations to be fully compliant and pass audits by 2010.
Opengear has extensive experience partnering with utility providers and our ACM5000 and IM4200 advanced console server solutions help improve security and compliance, while reducing costs. As detailed in the table below the many security features align directly with the NERC CIP standards. For more details refer IM4200 or ACM5000 product pages.
| Standard |
NERC CIP Category - Requirement |
Advanced Console Server Feature |
CIP-005
CIP-007 |
Electronic Security Perimeter - Strong technical controls
Systems Security Management - Secure passwords |
- IPSEC, openVPN, SSH and SSL encryption
- Multiple subscriber accounts and
passwords
- Administrator accounts and passwords separate from individual user accounts and passwords
- AAA password security with TACACS+ and RADIUS
|
CIP-003
CIP-005 |
Critical Cyber
Security Controls - Access control
Systems Security Management - Deny access by default, detect unauthorized access |
- Internal modem with dial back support
- Access is protected as the default configuration
- Unauthorized access attempts are detected and will generate an alert
- Administrators can enable which individual physical serial ports and services that are to be used and define usage privileges by user
|
CIP-005
CIP-007 |
Electronic Security Perimeter - Secure dial-up access
Systems Security Management - Ports and services |
- Internal modem with dial back support
- Restricted modem access through ID/password authentication based on a local database or central AAA authentication server
- Access privileges (ports and services) tied to user login
- Access monitoring and logging
|
CIP-003
CIP-005
CIP-007
CIP-008 |
Change Control
Management -
Electronic Security Perimeter - Monitor and log access 24x7x365
Systems Security Management - Automatically monitor system
and network events
Incident Reporting - |
- Detailed logs with user access, port and
connection information
- Internal and external syslog records
- Per port buffering
|
| CIP-007 |
Systems Security
Management - System and network event alerts should be sent to key personnel |
- Alerts sent by email, SNMP, SMS or Nagios
- Configurable alert conditions based on access events,
content and environmental status
|
|
|
|
|
|
