NERC CIP Compliance Reports

ManageEngine » Firewall Security Management » Features » Firewall Compliance »NERC CIP Compliance Reports

Complying to NERC CIP Compliance Requirements

The North Americal Electric Reliability Corporation's (NERC) Critical Infrastructure Protection (CIP) plan helps securing your network assets by which you can mitigate the risk associated with security breach.

Firewall Analyzer helps meeting the CIP's requirement sets associated with the firewall device with its out-of-the-box reports as described below

NERC CIP Compliance requirements met by Firewall Analyzer

Rules
Description
How Firewall Analyzer meets requirements
CIP-003-R5.1

The Responsible Entity shall maintain a list of designated personnel who are responsible for authorizing logical or physical access to protected information


Firewall Analyzer provides you detailed report on HTTP, Telnet, SSH service access and User Access which helps you to record & maintain the activities of privileged user who have rights to authorize logical/physical access to protected information

CIP-003-R6

Change Control and Configuration Management â The Responsible Entity shall establish and document a process of change control and configuration management for adding, modifying, replacing, or removing Critical Cyber Asset hardware or software, and implement supporting configuration management activities to identify, control and document all entity or vendor related changes to hardware and software components of Critical Cyber Assets pursuant to the change control process

Firewall Analyzer provides out-of-the-box Configuration Change Records over a period of time which helps you to document the process of change control and configuration management.This detailed report also helps you to identify & control all entities that are related to the configuration changes

CIP-005-R2.1

These processes and mechanisms shall use an access control model that denies access by default, such that explicit access permissions must be specified

Firewall Analyzer gives you detailed Explicitly Denied rules report and the report of rules that allow any traffic. These rule reports helps you to configure Explicit Deny Rule to block the unauthorized traffic. It also helps you to control network traffic by allowing you to configure rules that permit only those traffic that are necessary for business requirements

CIP-005-R2.2.a

At all access points to the Electronic Security Perimeter(s), the Responsible Entity shall enable only ports and services required for operations and for monitoring Cyber Assets within the Electronic Security Perimeter, and shall document, individually or by specified grouping, the configuration of those ports and services

Firewall Analyzer gives you detailed out-of-the-box rules report of Allowed Services and Insecure Service Audit report that facilitate the decision of blocking insecure services and enable only ports and services that are required for your business operations
CIP-005-R3

Monitoring Electronic Access â The Responsible Entity shall implement and document an electronic or manual process(es) for monitoring and logging access at access points to the Electronic Security Perimeter(s) twenty-four hours a day, seven days a week

Firewall Analyzer archives firewall Management records over a period of time that facilitates monitoring of all firewall activities

CIP-005-R3.2.a

Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses. These alerts shall provide for appropriate notification to designated response personnel

Firewall Analyzer provides you out-of-the-box report on Failed Logon Details that gives information on all login failed attempts which helps you to detect and alert for attempts or actual unauthorzied access

CIP-005-R3.2.b

Where alerting is not technically feasible, the Responsible Entity shall review or otherwise assess access logs for attempts at or actual unauthorized accesses at least every ninety calendar days

Firewall Analyzer can retain the log database and archive your raw logs for more than 90 days which helps you to review and perform forensic analysis on the logs for for attempts/ actual unauthorized access

CIP-005-R4.2.a

A review to verify that only ports and services required for operations at these access points are enabled

Firewall Analyzer gives you detailed rules report on all allowed services and insecure service audits that provides better insights ports and services and helps you to allow only those that are required for your business requirement
CIP-005-R4.4

A review of controls for default accounts, passwords, and network management community strings

CIP-005-R4.4.a
Firewall Analyzer provides you the status of all vendor supplied defaults like passwords, encryption keys and more, which helps you to reset the default accounts and take control of your firewall

CIP-005-R4.4b

Firewall Analyzer provides you the details changed SNMP community string and also gives you the SNMP configuration

CIP-005-R4.5

Documentation of the results of the assessment, the action plan to remediate or mitigate vulnerabilities identified in the assessment, and the execution status of that action plan

Firewall Analyzer has the capability to carry out vulnerability assessment and it provides you instant reports that helps you to mitigate the vulnerabilities identified in the assessment

CIP-005-R5.3
Database and archiving of logs retention period is more than 90 days Firewall Analyzer can retain the database and archive your raw logs for more than 90 days
CIP-007-R2.1.a
The Responsible Entity shall enable only those ports and services required for normal and emergency operations Firewall Analyzer provides you instant detailed rules report on all allowed services and Insecure Service audit that helps you to identify and block the ports/services that are not insecure and not required for your business operations
CIP-007-R2.2
The Responsible Entity shall disable other ports and services, including those used for testing purposes, prior to production use of all Cyber Assets inside the Electronic Security Perimeter(s) Firewall Analyzer gives you the detailed Explicit Denied Rules and rules report on all allowed services which helps you disable ports/services that are malicious.
CIP-007-R5.1.1
The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel Firewall Analyzer provides you with Privileged user related log reports over the period of time that helps you to ensure that all user accounts and activities are carried out as per the internal security policy
CIP-007-R5.1.2
The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of ninety days Firewall Analyzer gives you report on all 'Successfull logon details' that helps you to conduct historical audit trails of individual user account access activity.
CIP-007-R5.2.1
The policy shall include the removal, disabling, or renaming of such accounts where possible. For such accounts that must remain enabled, passwords shall be changed prior to putting any system into service CIP-007-R5.2.1.a
Firewall Analyzer provides you the status of all vendor supplied defaults like passwords, encryption keys and more, which helps you to reset the default accounts and take control of your firewall

CIP-007-R5.2.1.b
Firewall Analyzer provides you the details changed SNMP community string and also gives you the SNMP configuration
CIP - 007-R6.2
The security monitoring controls shall issue automated or manual alerts for detected Cyber Security Incidents. With Firewall Analyzer you can configure alerts profiles for Cyber Security Incident which triggers real-time email/SMS alerts upon the occurrence of the incident
CIP-007-R6.4
The Responsible Entity shall retain all logs specified in Requirement R6 for ninety calendar days Firewall Analyzer has the capability of retaining your database and archive your raw logs for more than 90 days
CIP-007-R8.2
At least an annual review is required to verify that only ports and services required for operation of the Cyber Assets within the Electronic Security Perimeter are enabled
Firewall Analyzer is capable of reviewing ports/services that are used periodical. You can also automate this report generation by scheduling it at regular intervals from the compliance dashboard
CIP-008-R1.2
Response actions, including roles and responsibilities of Cyber Security Incident response teams, Cyber Security Incident handling procedures, and communication plans Firewall Analyzer has log parsing and alerting mechanisms. User can configure alert profiles to meet the security related log reviews
CIP-009-R4

Backup and Restore - The recovery plan(s) shall   include processes and procedures for the backup and storage of information   required to successfully restore Critical Cyber Assets. For example, backups   may include spare electronic components or equipment, written documentation   of configuration settings, tape backup, etc

Firewall Analyzer automatically backs up all your configuration changes over a period of time
Customer Speaks
 
"The implementation was so easy and the Firewall Analyzer immediately started showing me how much inbound and outbound traffic was passing through our firewalls.I now use Firewall Analyzer daily !"
-Phil Avella,
Manager,Information Systems,
Thunder Bay District Health Unit
 
A single platter for comprehensive Network Security Device Management