| NERC CIP Requirement/Category |
Section Number |
LINESHIELD Feature |
| Reports and Logs |
CIP-003-1
CIP-004-1
CIP-005-1
CIP-007-1
CIP-008-1 |
- searchable activity logs
- user reports
- authorized user lists
- details of individual units and activity
- reports of unusual activity such as unauthorized access attempts
- Logs stored in Central Administration System and in the remote units
- exportable data files
|
| Password protection and user access control |
CIP-004-1
CIP-005-1
CIP-007-1 |
- Strong password authentication
- Detailed user permissions (administrator can revoke user rights)
- Individual unit authorizations
- User rights set by administrator on an individual basis
|
| User Rights Termination |
CIP-004-1 |
- Administrator termination of user rights
- Administrator decommissioning of remote units
- Automatic suspension of Portable devices if not used within a defined timeframe
|
| Dial Up Security |
CIP-005-1 |
- Authorized and authenticated access
- Single attempt at log in per call
- Calls only between authorized units defined on an individual basis
|
| Access Control Management |
CIP-003-1
CIP-005-1 |
- Central Administration to control all system activity
- Changes made in the field overridden by changes in the Central Administration System Software
- CAS Hardware only used in the application not shared for other uses and is not accessible by unauthorized users
|
| Personnel Security |
CIP-004-1 |
- Expiration of user Authorization/rights
- time sensitive termination of user rights
- permanent record and tracking of suspended equipment/accounts
|
| Recovery Plans |
CIP-009-1 |
- Disaster recovery planning
- Scheduled or unscheduled data backup
- primary and secondary administration computers
- CAS hardware designed for minimal failure redundancy and restore functions and is proprietary to LINESHIELD only. Not usable for other applications
- CAS designed to minimize service disruptions through rugged design features
|
| Electronic Security Perimeter |
CIP-002-1
CIP-003-1
CIP-005-1
CIP-007-1
CIP-009-1 |
- Secure access at all dial-in points
- Connections Authorized and Authenticated
- Multi-level security protection though password and authorization codes
- randomly assigned security codes not available to the end user
- LINESHIELD does not affect any existing equipment within the substations
|
| Critical Asset Identification |
CIP-004-1 |
- Unique Serial Numbers for LINESHIELD equipment
- Assets/Users recorded permanently in Central Administration System
|
