CIP 007 – Cyber Security – Systems Security Management

CIP 007 – Cyber Security – Systems Security Management

Purpose: Manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.

Key Challenges:

  • Document enabled ports justification
  • Maintain listening ports
  • Maintain evidence of configuration files of host-based firewalls and evidence of protection in place against unnecessary physical input/output ports
  • Document patch management monitored sources
  • Review security patches every 35 days and produce evidence
  • Maintain installation records or alternative mitigation plans.
  • Produce evidence and records of mitigation
  • Deploy system hardening, antivirus, policies, and maintain evidence

Cyberwiz-Pro Delivers:

  • Automates ports, services, user accounts documentation
  • Automates (with integration) security patch management
  • Documents access evidence
  • Maintains and tracks procedural controls
  • Configures reminders and workflows to alert appropriate parties
  • Helps develop the necessary policies and procedures.

Benefits:

  • Automates evidence of ports, services, users and services to meet the requirement
  • Centralized document management
  • Dynamic evidence population for audits