NERC CIP Cyber Security Standard

Xsuite

CIP-004-3 Cyber Security — Personnel & Training

Xsuite’s privileged user access control and password management capabilities provide support for the satisfaction of CIP controls over personnel and training.

CIP-005-3a Cyber Security — Electronic Security Perimeters — Access Controls

CIP Electronic Security Perimeter controls limit access to sensitive cyber-resources in the protected environment. Xsuite supports achievement of these controls in several ways, including by implementing a “DAPE” (deny access, permit exceptions) access model such that explicit permission must be granted to enable access to resources in the Electronic Security Perimeter. Also, Xsuite ensures that only desired and authorized ports and services are available for access, and then are shown only to the individuals and/or groups to whom access has been explicitly authorized.

CIP-005-3a Cyber Security — Electronic Security Perimeters — Monitoring

Access controls are complemented by comprehensive monitoring facilities. Xsuite generates notifications for attempted policy violations and suspect behavior. Unauthorized actions can be prevented, users can be warned, sessions can be terminated, and individual user accounts can be suspended pending re-authorization. Full logging and reporting facilities enable investigation of incidents, and comprehensive record-keeping capabilities enable regular review of network activity.

CIP-007-3 Cyber Security — Systems Security Management — Account Management

NERC CIP standards establish several requirements for enabling secure account access management processes, and Xsuite provides strong support for achieving and proving compliance with these mandates. Xsuite enables the creation of procedures for authorizing individuals’ access to systems, devices and sensitive administrative passwords. Access controls can be defined based on user roles, and can include requirements for dual authorization.