cyber asset lifecycle and change management management- cole.pdf · management asset, change and...
TRANSCRIPT
![Page 1: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/1.jpg)
Cyber Asset Lifecycle and Change Management
CSWG Salt Lake, UT
July 25, 2018
1
![Page 2: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/2.jpg)
Speaker Introduction-Michael Cole• TID Control System Cybersecurity Analyst
• U.S. Navy: Aviation Electronics Technician (97-2002)
• B.S. Computer Science, Cal-State University Stanislaus (2006)
• CCNP-Cisco Certified Network Professional (2013)
• CISSP-Certified Information Systems Security Professional (2016)
• 7 years in IT, 5 years in OT/EMS/Compliance
• Married 14 years, 4 Children2
![Page 3: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/3.jpg)
Agenda• Change Management Overview
• NIST Cybersecurity Framework
• NIST.SP.800-53 Controls
• TID’s Cybersecurity Program
• TID’s Asset and Change Management Policy
• TID’s Implementation
3
![Page 4: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/4.jpg)
CIP-010-2 R1,R2• 1.1-Develop a baseline configuration
• 1.2-Authorize and document changes
• 1.3-For changes, update the baseline configuration
• 1.4-Verify and document cyber security controls
• 1.5-Test and document changes prior to implementation
• 2.1-Monitor changes to the baseline configuration
4
![Page 5: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/5.jpg)
Cyber Asset Lifecycle• Cyber Asset Lifecycle (IEEE 1220)
– Development: Planning and execution– Manufacturing: Test model and prototypes– Test: Evaluation against requirements– Distribution: Transport and deliver– Operations: System usage– Support: Maintenance and materials– Training: Knowledge/Skills to perform operations– Disposal: Destroyed per requirements
5
![Page 6: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/6.jpg)
Cyber Asset Lifecycle• Cyber Asset Lifecycle (IEEE 1220)
– Development: Planning and execution– Manufacturing: Test model and prototypes– Test: Evaluation against requirements– Distribution: Transport and deliver– Operations: System usage– Support: Maintenance and materials– Training: Knowledge/Skills to perform operations– Disposal: Destroyed per requirements
6
![Page 7: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/7.jpg)
Cyber Asset Lifecycle• Cyber Asset Lifecycle (IEEE 1220)
– Development: Planning and execution– Manufacturing: Test model and prototypes– Test: Evaluation against requirements– Distribution: Transport and deliver– Operations: System usage– Support: Maintenance and materials– Training: Knowledge/Skills to perform operations– Disposal: Destroyed per requirements
7
![Page 8: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/8.jpg)
Holistic Cyber Asset Lifecycle View• What are the Cyber Security requirements for
Cyber Asset Lifecycle?
• How do they fit into the overall Cyber Security strategy?
• What additional standards can be managed beyond CIP-010? (CIP-005, CIP-007, CIP-011)
8
![Page 9: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/9.jpg)
NIST Cybersecurity Framework
9
![Page 10: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/10.jpg)
NIST Cybersecurity Framework
10
CIP-010 R1.1,R1.3
CIP-010 R1.1.1-R1.1.5
CIP-010 R2
CIP-010 R1.2,R1.4
![Page 11: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/11.jpg)
NIST Cybersecurity Framework
11
CIP-010 R1.1.1-R1.1.5
![Page 12: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/12.jpg)
Identify: Asset Management• ID.AM-2: Software platforms and applications
within the organization are inventoried
– CIP-010 R1.1.1 Operating Systems
– CIP-010 R1.1.2-1.1.3 Software
– CIP-010 R1.1.4 Network ports
– CIP-010 R1.1.5 Security Patches
12
![Page 13: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/13.jpg)
Identify: Asset Management• Configuration Management Controls
– CM-8: Information System Component Inventory
• Develops and documents an inventory of information system components
• Reviews and updates the Information system component inventory
13
![Page 14: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/14.jpg)
Identify: Asset Management• Enhancements for CM-8: Information System
Component Inventory
– Updates during installations and removals
• Integral part of the process is updates
– Automated maintenance
• Software assisted detection and validation of baseline/assets
– Accountability Information
• The inventory contains ownership information
14
![Page 15: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/15.jpg)
NIST Cybersecurity Framework
15
CIP-010 R1.1,R1.3CIP-010 R1.2,R1.4
![Page 16: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/16.jpg)
Protect: Information Protection• PR.IP-1: A baseline configuration of
information technology/industrial control systems is created and maintained
– CIP-010 R1.1 Develop a baseline configuration
– CIP-010 R1.3 For a change that deviates from the baseline, update the baseline configuration
16
![Page 17: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/17.jpg)
Protect: Information Protection• Configuration Management Controls
– CM-2: Baseline Configuration
• Establish a baseline configuration that contains software, OS, patches, network topology, and placement in system architecture
• Formally documented and reviewed
• New baselines are built based on changing requirements
17
![Page 18: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/18.jpg)
Protect: Information Protection• Enhancements for CM-2: Baseline
Configuration– Reviews and updates
• Recurring frequency not driven by change
• Part of installation or upgrade
– Automation support for accuracy • Hardware, software and patch inventory tools
• Configuration management tools
18
![Page 19: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/19.jpg)
Protect: Information Protection• Enhancements for CM-2: Baseline
Configuration– Retention of previous configurations
• Restore points
– Development and test environments• Baselining test and production systems
• The results of testing are representative of the proposed changes to operational systems
19
![Page 20: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/20.jpg)
Protect: Information Protection• Configuration Management Controls
– CM-6: Configuration Settings
• Configuration settings based on checklists and reflect most restrictive mode consistent with requirements
• Implements configuration settings
• Identifies any deviations from organizational requirements
20
![Page 21: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/21.jpg)
Protect: Information Protection• Enhancements for CM-6: Configuration
Settings
– Automated centralized management/application/verification
• Software assisted management of applications and verification
21
![Page 22: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/22.jpg)
Protect: Information Protection• PR.IP-3: Configuration change control
processes are in place
– CIP-010 R1.2 Authorize and document changes that deviate from the existing baseline configuration.
– CIP-010 R1.4 Security controls verification and documentation
22
![Page 23: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/23.jpg)
Protect: Information Protection• Configuration Management Controls
– CM-3: Configuration Change Control
• Determines which changes are configuration-controlled
• Reviews and approves proposed configuration with an understanding of the security impact
• Documents rationality for change
• Retains change documentation
• Audits and review activities associated with changes
23
![Page 24: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/24.jpg)
Protect: Information Protection• Enhancements for CM-3: Configuration Settings
– Automated document, notification and prohibition of change• The change is documented in a system and is automatically
sent to designation personnel to approval
• The change cannot proceed without approval
• Notification that change is complete
– Test, validate and document• Testing does not interfere with production
24
![Page 25: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/25.jpg)
Protect: Information Protection• Configuration Management Controls
– CM-4: Security Impact Analysis
• Security impact analysis is conducted prior to the change
25
![Page 26: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/26.jpg)
Protect: Information Protection• Enhancements for CM-4: Security Impact
Analysis– Separate test environments
• Physical or logical separation
• Virtual machine copies of production
– Verification of security functions• Security software and settings are functioning as
required
26
![Page 27: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/27.jpg)
NIST Cybersecurity Framework
27
CIP-010 R2
![Page 28: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/28.jpg)
Detect: Security Continuous Monitoring
• DE.CM-1: The network is monitored to detect potential cybersecurity events
– CIP-010 R2 Monitor changes to the baseline configuration. Investigate unauthorized changes.
28
![Page 29: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/29.jpg)
Detect: Security Continuous Montoring
• Configuration Management Controls
– CM-6: Configuration Settings
• Monitors and controls changes to the configuration settings
29
![Page 30: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/30.jpg)
Detect: Security Continuous Monitoring
• Enhancements for CM-6: Configuration Settings
– Automated central management
• The same system that manages baseline configurations also monitors for changes
– Respond to unauthorized changes
• Email notification of detected unauthorized changes sent to designated personnel
30
![Page 31: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/31.jpg)
NIST/ES-C2M2 Abstracted ArchitectureCIP Documentation Architecture
RiskManagement
Asset, ChangeAnd Configuration
Management
Identity andAccess
Management
Threat andVulnerabilityManagement
SituationalAwareness
Event and Incident Response,
Continuity of Operations
Cyber SecurityPolicy
CIP-002R1 BES Cyber System Identification
CIP-002R2 Identification Review
CIP-003R1-R3 Cyber Security Policy
CIP-003R4 Delegations
CIP-004R1-R2 Security Awareness Program
CIP-004R3 Personnel Risk Assessment
CIP-004R4 Access Management Program
CIP-004R5 Access Revocation
CIP-005R1 Electronic Security Perimeter
CIP-005R2 Interactive Remote Access
CIP-006P1.1-P1.2 Physical Security Plan
CIP-006R2 Visitor Control Program
CIP-006R3 PACS Maintenance and Testing
CIP-007R1 Ports and Services
CIP-007R2 Security Patch Management
CIP-007R3 Malicious Code Prevention
CIP-007R4 Security Event Monitoring
CIP-007R5 System Access Control
CIP-008R1-R3 Incident Response Plans
CIP-009R1-R3 Recovery Plans
CIP-010R1 Configuration Change Management
CIP-010R2 Configuration Monitoring
CIP-010R3 Vulnerability Assessments
CIP-011R1 Information Protection
CIP-014R1 Physical Security Risk Assessment
CIP-014R2-R3 Assessment Review and Notification
CIP-014R4 Physical Security Vulnerability
Assessment
CIP-014R5 Physical Security Plan
CIP-014R6 Physical Security Plan Review
WorkForce Management
CIP-006P1.4-P1.9 Physical Security Plan
CIP-011R2 BES Cyber Asset Reuse and Disposal
CIP-007R5.7 System Access Control
31
![Page 32: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/32.jpg)
NIST/ES-C2M2 Abstracted Architecture
Asset, ChangeAnd Configuration
Management
CIP-005R1 Electronic Security Perimeter
CIP-005R2 Interactive Remote Access
CIP-007R1 Ports and Services
CIP-010R1 Configuration Change Management
CIP-011R2 BES Cyber Asset Reuse and Disposal
CIP-010R2 Configuration Monitoring
32
![Page 33: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/33.jpg)
Asset & Configuration Management Policy
33
![Page 34: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/34.jpg)
Configuration Change Management Process
34
![Page 35: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/35.jpg)
Speaker Introduction
• TID Control System Cybersecurity Analyst
• Senior IT Analyst City of Turlock(2002-2015)
• B.S. Computer Information Systems (2012)
• 13 years in IT, 3 years in OT/EMS/Compliance
• Married 13 years, 3 Children
35
![Page 36: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/36.jpg)
36
“A goal without a plan is just a wish.”
– Antoine de Saint-Exupéry
![Page 37: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/37.jpg)
Planning for Automation
37
• Holistic view of Cyber Security and Data management • Standard data schema / Define once reference many
times.• Create data definitions for input.• Leverage database driven comparison methods for
controls.• Supplement Data inputs with required compliance
information.• Summarize data for reporting.
![Page 38: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/38.jpg)
Keys to Success• Established and performed processes manually
before we automated anything
• Have not automated everything. Still a lot more that we can do.
• Perform processes manually for items that fall outside of our automation scope.
• Review automated processes regularly to ensure accuracy and consistency.
38
![Page 39: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/39.jpg)
ID.AM-2: Software Platforms/Applications Inventory
• Starting point is our CIP-2 R5.1 Cyber asset list.• Create a new or associate assets with an existing
baseline• CIP-010 R1.1-R1.5 Baseline Components
– CIP-010 R1.1.1 Operating Systems– CIP-010 R1.1.2-1.1.3 Software– CIP-010 R1.1.4 Network ports– CIP-010 R1.1.5 Security Patches
39
![Page 40: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/40.jpg)
Management of CIP 2 R5.1 Asset Example
40
![Page 41: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/41.jpg)
Baseline Association Example
41
![Page 42: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/42.jpg)
Baseline Creation Example
42
![Page 43: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/43.jpg)
PR.IP-3 Configuration change control
• CCM required for any changes.
• CCM recorded for the summary of changes.
• Security controls verification produced to document that security controls have not changed.
43
![Page 44: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/44.jpg)
CM Process Example
44
![Page 45: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/45.jpg)
Baseline Change to CM Relationships
45
![Page 46: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/46.jpg)
Security Controls Verification
46
![Page 47: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/47.jpg)
PR.IP-1 Baseline changes/Updates
• Gather inputs from multiple systems.
• Use database comparison methods against those inputs.
• Accept changes to baselines and add supplemental compliance information
• Summarize data for reporting
• Generate required evidence to demonstrate compliance.
47
![Page 48: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/48.jpg)
Baseline Change Example
48
![Page 49: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/49.jpg)
DE.CM-1 Baseline changes/Updates
• Gather inputs from multiple systems.
• Use database comparison methods against those inputs.
• Accept changes to baselines and add supplemental compliance information
• Summarize data for reporting
• Generate required evidence to demonstrate compliance.
49
![Page 50: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/50.jpg)
Change Management
Ticket
Security Controls
Verfication
Are there any baseline
changes?
Associated Baseline changes to a Change
Management Number
Baseline Software Inventory
Report
Start End
DatabaseClient
Automation
Compliance Database
Application
BCA
BCA
Native Commands Validation
Validation
Perform Security Controls
Verification
Baseline Changes
Summary Report
Review Evidence
Complete Change
Management Ticket
NO
YES
Validate Baseline
50
![Page 51: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/51.jpg)
References• DHS, DOE, Carnegie Mellon University. (2014 February).
Electric Subsector Cybersecurity Capability Maturity Model Version 1.1.
• NIST. (February 2014). Framework for Improving Critical Infrastructure Cybersecurity Version 1.0.
• NIST. (April 2013). NIST Special Publication 800-53- Security and Privacy Controls for Federal Information Systems and Organizations, Revision 4.
51
![Page 52: Cyber Asset Lifecycle and Change Management Management- Cole.pdf · Management Asset, Change And Configuration Management Identity and Access Management Threat and Vulnerability Management](https://reader036.vdocuments.net/reader036/viewer/2022062506/5f0f252f7e708231d442b615/html5/thumbnails/52.jpg)
Questions?• Dave Arounsack, CCIE #43254
Water & Energy Management System [email protected] 209-883-8657
• Michael Cole, CCNP, CISSP Control System Cybersecurity [email protected] 209-883-8245
• Daniel LourencoControl System Cybersecurity [email protected] 209-883-8208
52