Configuration Change Management
CRSI works with leading energy companies in North America to develop and implement comprehensive Configuration Change Management Programs for BES Cyber Systems and Transient Cyber Assets. NERC CIP-010 requires each Responsible Entity to implement one or more documented processes for configuration change management and vulnerability testing for BES Cyber Systems and Transient Cyber Assets. A common shortcoming we find with new programs, is a lack of documentation on the baseline configuration, tracking of changes to affected assets, and vulnerability testing.
Energy companies call CRSI to conduct their annual NERC CIP-010 R3 Cyber Vulnerability Assessments for BES Cyber Systems. Our CVA Methodology follows the guidelines from OSSTMM 3.0 to meet NERC CIP-010 requirements. We also incorporate guidance from NIST SP 800-53A, NIST SP 800-115 and ISO 27001:2005. Using state-of-the-art testing tools, our consultants scan the network to identify vulnerabilities, provide mitigation recommendations, and prepare a detailed report formatted to provide auditors an easy-to-follow action plan to verify compliance. The end result is a clean set of reports to simplify the audit process.
In today’s mobile world, Transient Cyber Assets and Removable Media create a new set of requirements to be managed and controlled. CRSI provides our partners the procedures to detect and manage transient devices, including storage devices for transit and use.
CRSI services include:
- Configuration Change Management Process Development
- Baseline Configuration Change Documentation Review
- Cyber Vulnerability Assessments
- Transient Cyber Assets and Removable Media Plan Development
- Transient Cyber Assets Detection Exercises
CRSI strategically partnered with more than 250 utilities in the last five (5) years for their NERC CIP Compliance Solutions. To find out more about how to create your Security Compliance Roadmap, call us today to schedule a free, no obligation consultation.