Soluciones de conformidad con NERC CIP

Las normas de North American Electric Reliability Corporation (NERC) son un conjunto de normas obligatorias de ciberseguridad diseñadas para proteger las infraestructuras críticas de la red eléctrica. NERC establece y desempeña un papel crucial en la supervisión del cumplimiento de las normas de Protección de Infraestructuras Críticas (CIP) para garantizar la seguridad y fiabilidad de los sistemas del Sistema Eléctrico a Granel (BES) de Norteamérica. Los aspectos clave de las normas NERC CIP son:

  1. Alcance: Las normas se aplican a las empresas de servicios públicos y otras entidades que participan en la explotación de la red eléctrica norteamericana.
  2. Conjunto de normas: Las normas NERC CIP cubren diversos aspectos de la ciberseguridad, como la seguridad física, la seguridad electrónica y la formación del personal.
  3. Standards Range: Las normas están numeradas del CIP-001 al CIP-009, y cada una de ellas aborda distintos ámbitos de la protección de infraestructuras.
  4. Conformidad: Las entidades deben cumplir estas normas para garantizar la fiabilidad y seguridad de la red eléctrica. El incumplimiento puede acarrear importantes sanciones.

Estas normas, y marcos similares como el EPCIP en Europa y el NCIP en Australia, son esenciales para mantener la integridad y seguridad de las redes eléctricas protegiéndolas contra amenazas tanto físicas como cibernéticas. Para lograr la conformidad con NERC CIP no solo son necesarios los productos adecuados, sino también el pleno compromiso de toda la organización, así como una sólida configuración de la infraestructura.

Perle ofrece numerosos productos con funciones y opciones de configuración para simplificar la protección de activos de infraestructuras críticas y ayudar a garantizar que su infraestructura crítica cumple las normas NERC CIP. Instalar la plataforma de gestión central PerleVIEW junto con productos de hardware Perle seleccionados también simplificará el proceso.

Detalles de cumplimiento de NERC CIP de los productos Perle:

NERC CIP Requirement IOLAN SCR Console Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SCRs can be uniquely identified by Serial Number, MAC address, and IMEI
  • PerleVIEW can uniquely identify IOLAN SCRs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, WireGuard, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
  • Serial ports can be used to detect and set alarms
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • LACP
  • WAN/Port fallback
  • Network Health
  • ZTP
  • Various primary and backup services like Alternate Host and PerleVIEW
  • Dual AC Power Inputs
NERC CIP Requirement IOLAN SCG Console Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SCGs can be uniquely identified by Serial Number, MAC address, and IMEI (if SCG with cellular option)
  • PerleVIEW can uniquely identify IOLAN SCGs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular or Modem with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular or Modem with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • LACP
  • WAN/Port fallback
  • Network Health
  • ZTP
  • Various primary and backup services like Alternate Host and PerleVIEW
  • Dual AC or Dual DC Power Inputs
NERC CIP Requirement IOLAN SDSC HV/LDC Terminal Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SDSC HV / LDC can be uniquely identified by Serial Number and MAC address
  • Perle Device Manager can uniquely identify IOLAN SDSCs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Modem with callback support
  • Access is protected as the default configuration
  • 2FA support through AAA
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Modem with callback support
  • Restricted modem access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS, LDAP, NIS, SecurID and Kerberos
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • IPSEC, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email and SNMP
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • Primary and backup redundant network path
  • Various primary and backup services like Alternate Host
  • Dual DC Power Inputs
NERC CIP Requirement IRG Cellular Router Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IRG Routers can be uniquely identified by Serial Number, MAC address, and IMEI
  • PerleVIEW can uniquely identify IRG Routers
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
  • GPIO, I/O, and serial ports can be used to detect and set alarms
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
  • GPIO & I/O events reporting
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • WAN/Port fallback
  • Network Health
  • Various primary and backup services like Alternate Host and PerleVIEW
  • ZTP
NERC CIP Requirement IDS-710 Switch Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IDS managed switches can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify IDS managed switches
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+ and RADIUS alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
  • Relay & I/O events reporting
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • Primary/Backup redundant network path like MRP (Media Redundancy Protocol - IEC 62439-2), Perle’s P-Ring protocol and link Standby
  • PerleVIEW
  • Dual DC Power Inputs
NERC CIP Requirement Fiber Media Converter Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • Perle Managed Media Converters can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify Perle Managed Media Converters
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through Radius
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA Password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • PerleVIEW
  • Dual AC or Dual DC Power Inputs
NERC CIP Requirement Ethernet Extender Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • Perle Managed Ethernet Extenders can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify Perle Managed Ethernet Extenders
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through Radius
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA Password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • PerleVIEW
  • Dual AC or Dual DC Power Inputs

Hi!

¿Tienes una pregunta? ¡Chatea con un especialista en productos en vivo!

¿Tiene alguna pregunta?

Possiamo fornire ulteriori informazioni sui nostri prodotti oppure prepararti un preventivo


email-icon Envíe un correo electrónico
contactus-icon Envíe un correo electrónico callus-icon Llámenos
×

Envíe un correo electrónico