The North Americal Electric Reliability Corporation's (NERC) Critical Infrastructure Protection (CIP) plan helps securing your network assets by which you can mitigate the risk associated with security breach.
Firewall Analyzer helps meeting the CIP's requirement sets associated with the firewall device with its out-of-the-box reports as described below
Rules |
Description |
How Firewall Analyzer meets requirements |
|---|---|---|
CIP-003-R5.1
|
The Responsible Entity shall maintain a list of designated personnel who are responsible for authorizing logical or physical access to protected information |
Firewall Analyzer provides you detailed report on HTTP, Telnet, SSH service access and User Access which helps you to record & maintain the activities of privileged user who have rights to authorize logical/physical access to protected information |
CIP-003-R6 |
Change Control and Configuration Management ?The Responsible Entity shall establish and document a process of change control and configuration management for adding, modifying, replacing, or removing Critical Cyber Asset hardware or software, and implement supporting configuration management activities to identify, control and document all entity or vendor related changes to hardware and software components of Critical Cyber Assets pursuant to the change control process |
Firewall Analyzer provides out-of-the-box Configuration Change Records over a period of time which helps you to document the process of change control and configuration management.This detailed report also helps you to identify & control all entities that are related to the configuration changes |
CIP-005-R2.1 |
These processes and mechanisms shall use an access control model that denies access by default, such that explicit access permissions must be specified |
Firewall Analyzer gives you detailed Explicitly Denied rules report and the report of rules that allow any traffic. These rule reports helps you to configure Explicit Deny Rule to block the unauthorized traffic. It also helps you to control network traffic by allowing you to configure rules that permit only those traffic that are necessary for business requirements |
CIP-005-R2.2.a |
At all access points to the Electronic Security Perimeter(s), the Responsible Entity shall enable only ports and services required for operations and for monitoring Cyber Assets within the Electronic Security Perimeter, and shall document, individually or by specified grouping, the configuration of those ports and services |
Firewall Analyzer gives you detailed out-of-the-box rules report of Allowed Services and Insecure Service Audit report that facilitate the decision of blocking insecure services and enable only ports and services that are required for your business operations |
CIP-005-R3 |
Monitoring Electronic Access ?The Responsible Entity shall implement and document an electronic or manual process(es) for monitoring and logging access at access points to the Electronic Security Perimeter(s) twenty-four hours a day, seven days a week |
Firewall Analyzer archives firewall Management records over a period of time that facilitates monitoring of all firewall activities |
CIP-005-R3.2.a |
Where technically feasible, the security monitoring process(es) shall detect and alert for attempts at or actual unauthorized accesses. These alerts shall provide for appropriate notification to designated response personnel |
Firewall Analyzer provides you out-of-the-box report on Failed Logon Details that gives information on all login failed attempts which helps you to detect and alert for attempts or actual unauthorzied access |
CIP-005-R3.2.b |
Where alerting is not technically feasible, the Responsible Entity shall review or otherwise assess access logs for attempts at or actual unauthorized accesses at least every ninety calendar days |
Firewall Analyzer can retain the log database and archive your raw logs for more than 90 days which helps you to review and perform forensic analysis on the logs for for attempts/ actual unauthorized access |
CIP-005-R4.2.a |
A review to verify that only ports and services required for operations at these access points are enabled |
Firewall Analyzer gives you detailed rules report on all allowed services and insecure service audits that provides better insights ports and services and helps you to allow only those that are required for your business requirement |
CIP-005-R4.4 |
A review of controls for default accounts, passwords, and network management community strings |
CIP-005-R4.4.a |
CIP-005-R4.5 |
Documentation of the results of the assessment, the action plan to remediate or mitigate vulnerabilities identified in the assessment, and the execution status of that action plan |
Firewall Analyzer has the capability to carry out vulnerability assessment and it provides you instant reports that helps you to mitigate the vulnerabilities identified in the assessment |
CIP-005-R5.3 |
Database and archiving of logs retention period is more than 90 days | Firewall Analyzer can retain the database and archive your raw logs for more than 90 days |
CIP-007-R2.1.a |
The Responsible Entity shall enable only those ports and services required for normal and emergency operations | Firewall Analyzer provides you instant detailed rules report on all allowed services and Insecure Service audit that helps you to identify and block the ports/services that are not insecure and not required for your business operations |
CIP-007-R2.2 |
The Responsible Entity shall disable other ports and services, including those used for testing purposes, prior to production use of all Cyber Assets inside the Electronic Security Perimeter(s) | Firewall Analyzer gives you the detailed Explicit Denied Rules and rules report on all allowed services which helps you disable ports/services that are malicious. |
CIP-007-R5.1.1 |
The Responsible Entity shall ensure that user accounts are implemented as approved by designated personnel | Firewall Analyzer provides you with Privileged user related log reports over the period of time that helps you to ensure that all user accounts and activities are carried out as per the internal security policy |
CIP-007-R5.1.2 |
The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of ninety days | Firewall Analyzer gives you report on all 'Successfull logon details' that helps you to conduct historical audit trails of individual user account access activity. |
CIP-007-R5.2.1 |
The policy shall include the removal, disabling, or renaming of such accounts where possible. For such accounts that must remain enabled, passwords shall be changed prior to putting any system into service | CIP-007-R5.2.1.a Firewall Analyzer provides you the status of all vendor supplied defaults like passwords, encryption keys and more, which helps you to reset the default accounts and take control of your firewall CIP-007-R5.2.1.b Firewall Analyzer provides you the details changed SNMP community string and also gives you the SNMP configuration |
CIP - 007-R6.2 |
The security monitoring controls shall issue automated or manual alerts for detected Cyber Security Incidents. | With Firewall Analyzer you can configure alerts profiles for Cyber Security Incident which triggers real-time email/SMS alerts upon the occurrence of the incident |
CIP-007-R6.4 |
The Responsible Entity shall retain all logs specified in Requirement R6 for ninety calendar days | Firewall Analyzer has the capability of retaining your database and archive your raw logs for more than 90 days |
CIP-007-R8.2 |
At least an annual review is required to verify that only ports and services required for operation of the Cyber Assets within the Electronic Security Perimeter are enabled |
Firewall Analyzer is capable of reviewing ports/services that are used periodical. You can also automate this report generation by scheduling it at regular intervals from the compliance dashboard |
CIP-008-R1.2 |
Response actions, including roles and responsibilities of Cyber Security Incident response teams, Cyber Security Incident handling procedures, and communication plans | Firewall Analyzer has log parsing and alerting mechanisms. User can configure alert profiles to meet the security related log reviews |
CIP-009-R4
|
Backup and Restore - The recovery plan(s) shall include processes and procedures for the backup and storage of information required to successfully restore Critical Cyber Assets. For example, backups may include spare electronic components or equipment, written documentation of configuration settings, tape backup, etc |
Firewall Analyzer automatically backs up all your configuration changes over a period of time |
400-660-8680
