The NERC Cyber Security – Systems Security Management Standard CIP–007–2 requires transmission service providers, owners and operators; power generator owners and operators; load serving entities, and other Responsible Entities to define methods, processes, and procedures for securing critical and other cyber assets.
Today's Identity Access Management technologies don't detect or secure the privileged identities that hold elevated permissions to access electronic payment records, install and run programs, and change configuration settings on servers, workstations, applications and network appliances.
Lieberman Software helps its customers fill regulatory compliance gaps by safeguarding privileged accounts, and by providing the auditing and control necessary to specifically address the following key CIP–007–2 requirements:
| R5.1. |
| Ensure that individual and shared system accounts and authorized access permissions are consistent with the concept of “need to know” with respect to work functions performed and other assets. |
| R5.1.2. |
| Generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of ninety days. |
| R5.1.3. |
| Review, at least annually, user accounts to ensure that they are in compliance. |
| R.5.2.1. |
| Remove, disable, or rename administrator, shared, and other generic account privileges and changing all passwords before putting any system into service. |
| R5.2.2. |
| Identify all individuals with access to shared accounts. |
| R5.2.3. |
| Manage the use of shared account to limit access to only those with authorization, providing an audit trail of account use and a process to secure the account in the event of personnel changes. |
| R5.3. |
| Comply with rules for minimum password length, complexity, and change frequency. |
Enterprise Random Password Manager (ERPM) helps you comply with these CIP–007–2 requirements by hardening and auto-propagating secured privileged login credentials wherever they may reside, providing an authoritative audit trail to document the requestors, systems and accounts, timeframes, and purpose of each access request.
ERPM also provides IT personnel the automation necessary to ensure that the organization's security policies are efficiently put into practice.
Contact us today for more information on how ERPM can help your organization comply with NERC mandates.
