The NERC Cyber Security – Systems Security Management Standard CIP–007–2 requires transmission service providers, owners and operators; power generator owners and operators; load serving entities, and other Responsible Entities to define methods, processes, and procedures for securing critical cyber assets.
Today’s Identity Access Management (IAM) technologies don’t detect or secure the privileged identities that hold elevated permissions to access highly sensitive information, install and run programs, and change configuration settings on servers, workstations, applications and network appliances.
Lieberman Software’s Enterprise Random Password Manager™ (ERPM) helps critical national infrastructure providers fill regulatory compliance gaps and secure the electric grid by safeguarding privileged accounts, and by providing the auditing and control necessary to address the following mandatory CIP–007–2 standards:
|R5.1. Ensure that individual and shared system accounts and authorized access permissions are consistent with the concept of “need to know” with respect to work functions performed and other assets.|
|R5.1.2. Generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of ninety days.|
|R5.1.3. Review, at least annually, user accounts to ensure that they are in compliance.|
|R.5.2.1. Remove, disable, or rename administrator, shared, and other generic account privileges and changing all passwords before putting any system into service.|
|R5.2.2. Identify all individuals with access to shared accounts.|
|R5.2.3. Manage the use of shared account to limit access to only those with authorization, providing an audit trail of account use and a process to secure the account in the event of personnel changes.|
|R5.3. Comply with rules for minimum password length, complexity, and change frequency.|
ERPM helps you comply with these CIP–007–2 requirements by hardening and auto-propagating secured privileged login credentials wherever they may reside, providing an authoritative audit trail to document the requesters, systems and accounts, timeframes, and purpose of each access request.
Download the datasheet to learn more.
Contact us today for more information on how ERPM can help you comply with NERC mandates and meet key CIP standards.