Creating the configuration baseline with all the appropriate asset details can be very laborious and prone to human error. WizNucleus has come up with a NERC CIP – Tripwire integration. WizNucleus CWP automatically imports configuration data from Tripwire into its relational database to establish a NERC CIP baseline of record. Customers can also add additional devices to the baseline that may not have Tripwire installed.
CWP comes with an enterprise grade business process workflow engine, designed specifically for NERC CIP. It comes pre-configured with the following process steps:
- Create change request
- Approvals based on customer process (at each step; multiple approval levels, escalations)
- Operations engineering analysis
- Impact analysis
- Emergency analysis
- NERC analysis
- Creation of the test plan
- Closed loop update of the baseline
- Ongoing monitoring for configuration changes
CWP integrates with Tripwire to monitor ports, services, patches, and user accounts for any change to the baseline. For example, if there is a change to a port, an alert is sent to the person responsible for evaluating that change. If it was an unapproved change a user might check to see if it was an emergency change and deal with it accordingly (e.g., approve). If it was an unapproved change then the user has the ability to restore to the original baseline.
CWP can provide a single point of NERC CIP evidence collection and generation. For example, CWP can create an audit-ready report on any changes and approvals for any particular asset.