TDi Technologies Vendor for Electric Light and Power

TDi Technologies 1600 10th Street, Suite B Plano, TX 75074 972-509-8534 http://www.tditechnologies.com/energy-utility-resources

About TDi Technologies TDi Technologies is the leader in IT Foundation Management, delivering IT Foundation Management solutions to the Energy and Utilities industries. The company's solutions help Utility companies reduce operating costs, meet compliance requirements, secure the critical assets, and improve IT service delivery. TDi Technologies is the first solution provider to offer a unified system of operation and management over the IT foundation. The company's patented technology provides automation, optimization, control and management capabilities that dramatically improve the ability of IT to meet the demands of the business.

CIP-005-5 R2 DRAFT: Understanding the Security Requirements for Remote Access Management to the Bulk Energy System (9/23/11)

CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised by remote access. This 3rd in the series whitepaper discusses the requirements and approaches to meeting the challenge of Remote Access Management for the Bulk Energy System (BES).
Understanding the Security Requirements for Remote Access Management to the Bulk Energy System”. CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised by remote access. The whitepaper discusses the requirements and approaches to meeting the challenge of Remote Access Management for the Bulk Energy System (BES).

Topics covered in the whitepaper include:

Discussion of key requirements of CIP-005-5 R2 and Remote Access Management

Explanation of the traditional role performed by Intermediate Devices for remote access

Discussion of the advanced role of the Intermediate Device as a single source of all remote access activity

Summary of the Best Practice for Remote Access Management

CIP-010-5 R1 and R2 DRAFT: The Importance of Baseline Configuration as a Critical Security Management Control (9/23/11)

The Second in a Series of NERC CIP Whitepapers, this paper addresses baseline configuration management as a way to reduce or eliminate security gaps resulting from Cyber Assets that are not properly configured.
CIP-010-5 brings into the CIP Regulations baseline configuration management as a way to reduce or eliminate security gaps resulting from Cyber Assets that are not properly configured. This paper discusses different approaches to this challenge and how best practices can be employed to eliminate security gaps for the Bulk Energy System (BES).

Topics covered in the whitepaper include:

Examination of the types of configuration information stored on Cyber Assets

Description of the practical application of Baseline Configuration Management

Discussion on the process for controlling assets to a defined, “most secure” configuration when triggered by external factors (new patch, IT change, etc.)

Discussion on the process for detecting and resolving unauthorized changes and for validating authorized changes

Understanding the cyber security threats and risks imposed by not managing the baseline configuration of cyber assets

CIP-007-5 R1 DRAFT:Understanding the Importance and Relevance of Configuration Ports to Utility Cyber Security (9/23/11)

This whitepaper addresses key areas relating to configuration ports where the specific implications of security vulnerabilities are not understood by the industry at large.
Topics covered in the whitepaper include:

Examination of configuration ports and how they apply to the NERC-CIP standard

Description of the role configuration ports play in managing Critical Cyber Assets

Discussion on the severity of the Cyber Security threat to the critical infrastructure

Guidance on Best Practices for active monitoring and control of the configuration ports