Recommended CIP Cyber Security Standards Requirements for Microsoft Windows Server 2008 Systems
|ID: xccdf_org.secpod_benchmark_nerc_cip_Windows_2008_server||Date: (C)2013-09-17 (M)2017-11-22|
|Status: draft||Version: 1.0|
|Platform: cpe:/o:microsoft:windows_server_2008:-||Source: [http://www.nerc.com/pa/Stand/Reliability%20Standards%20Complete%20Set/RSCompleteSet.pdf]|
The North American Electric Reliability Corporation (NERC) maintains comprehensive reliability standards that define requirements for planning and operating the bulk electric system. Among these are eight Critical Infrastructure Protection (CIP) Cyber Security Standards, which specify a minimum set of controls and processes for power generation and transmission companies to follow to ensure the security of the North American power grid.
NERC Standards CIP-002 through CIP-009 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System. These standards recognize the differing roles of each entity in the operation of the Bulk Electric System, the criticality and vulnerability of the assets needed to manage Bulk Electric System reliability, and the risks to which they are exposed. Business and operational demands for managing and maintaining a reliable Bulk Electric System increasingly rely on Cyber Assets supporting critical reliability functions and processes to communicate with each other, across functions and organizations, for services and data. This results in increased risks to these Cyber Assets.
Each CIP has the following focus areas:
CIP-002 - Critical Cyber Asset Identification
CIP-003 - Security Management Controls
CIP-004 - Personnel and Training
CIP-005 - Electronic Security Perimeters
CIP-006 - Physical Security
CIP-007 - Systems Security Management
CIP-008 - Incident Reporting and Response Planning
CIP-009 - Recovery Plans for Critical Cyber Assets