Solutions de conformité aux normes NERC CIP

Les normes de la North American Electric Reliability Corporation (NERC) sont un ensemble de normes de cybersécurité obligatoires destinées à protéger les infrastructures critiques du réseau électrique. La NERC établit et joue un rôle crucial dans le contrôle du respect des normes de protection des infrastructures critiques (CIP) afin de garantir la sécurité et la fiabilité du Bulk Electric System (BES), le système de production et de transport d’électricité d’Amérique du Nord. Les principaux aspects des normes CIP de la NERC sont les suivants :

  1. Champ d’application: Les normes s’appliquent aux entreprises de services publics et aux autres entités impliquées dans l’exploitation du réseau électrique nord-américain.
  2. Exigences: Les normes CIP de la NERC couvrent divers aspects de la cybersécurité, y compris la sécurité physique, la sécurité électronique et la formation du personnel.
  3. Éventail des normes: Les normes sont numérotées de CIP-001 à CIP-009, chacune traitant de différents domaines de la protection des infrastructures.
  4. Conformité: Les entités doivent se conformer à ces normes pour garantir la fiabilité et la sécurité du réseau électrique. La non-conformité peut entraîner des sanctions importantes.

Ces normes, ainsi que des cadres similaires tels que l’EPCIP en Europe et le NCIP en Australie, sont essentiels pour maintenir l’intégrité et la sécurité des réseaux électriques en les protégeant à la fois contre les menaces physiques et cybernétiques. La mise en conformité avec les normes CIP de la NERC nécessite non seulement les bons produits, mais aussi l’engagement total de l’ensemble de l’organisation, ainsi que des infrastructures solides.

Perle propose de nombreux produits dotés de fonctionnalités et d’options de configuration qui simplifient la sécurisation des actifs des infrastructures critiques et contribuent à garantir la conformité de ces dernières aux normes CIP de la NERC. Le déploiement de la Plate-forme de gestion centrale PerleVIEW avec des produits matériels Perle sélectionnés simplifiera également le processus.

Informations de Conformité NERC CIP des produits Perle:

NERC CIP Requirement IOLAN SCR Console Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SCRs can be uniquely identified by Serial Number, MAC address, and IMEI
  • PerleVIEW can uniquely identify IOLAN SCRs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, WireGuard, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
  • Serial ports can be used to detect and set alarms
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • LACP
  • WAN/Port fallback
  • Network Health
  • ZTP
  • Various primary and backup services like Alternate Host and PerleVIEW
  • Dual AC Power Inputs
NERC CIP Requirement IOLAN SCG Console Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SCGs can be uniquely identified by Serial Number, MAC address, and IMEI (if SCG with cellular option)
  • PerleVIEW can uniquely identify IOLAN SCGs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular or Modem with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular or Modem with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • LACP
  • WAN/Port fallback
  • Network Health
  • ZTP
  • Various primary and backup services like Alternate Host and PerleVIEW
  • Dual AC or Dual DC Power Inputs
NERC CIP Requirement IOLAN SDSC HV/LDC Terminal Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SDSC HV / LDC can be uniquely identified by Serial Number and MAC address
  • Perle Device Manager can uniquely identify IOLAN SDSCs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Modem with callback support
  • Access is protected as the default configuration
  • 2FA support through AAA
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Modem with callback support
  • Restricted modem access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS, LDAP, NIS, SecurID and Kerberos
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • IPSEC, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email and SNMP
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • Primary and backup redundant network path
  • Various primary and backup services like Alternate Host
  • Dual DC Power Inputs
NERC CIP Requirement IRG Cellular Router Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IRG Routers can be uniquely identified by Serial Number, MAC address, and IMEI
  • PerleVIEW can uniquely identify IRG Routers
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
  • GPIO, I/O, and serial ports can be used to detect and set alarms
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
  • GPIO & I/O events reporting
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • WAN/Port fallback
  • Network Health
  • Various primary and backup services like Alternate Host and PerleVIEW
  • ZTP
NERC CIP Requirement IDS-710 Switch Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IDS managed switches can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify IDS managed switches
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+ and RADIUS alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
  • Relay & I/O events reporting
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • Primary/Backup redundant network path like MRP (Media Redundancy Protocol - IEC 62439-2), Perle’s P-Ring protocol and link Standby
  • PerleVIEW
  • Dual DC Power Inputs
NERC CIP Requirement Fiber Media Converter Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • Perle Managed Media Converters can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify Perle Managed Media Converters
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through Radius
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA Password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • PerleVIEW
  • Dual AC or Dual DC Power Inputs
NERC CIP Requirement Ethernet Extender Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • Perle Managed Ethernet Extenders can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify Perle Managed Ethernet Extenders
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through Radius
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA Password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • PerleVIEW
  • Dual AC or Dual DC Power Inputs

Hi!

Avez-vous une question? Discutez en direct avec un spécialiste produit !

Questions sur le produit

Nous pouvons vous offrir plus d’informations sur nos produits ou vous préparer un devis


email-icon Envoyer un Email
contactus-icon Envoyer un Email callus-icon Nous Appeler
×

Envoyer un Email