NERC CIP Sustainment Situational Awareness and Security Event Information Management
NERC CIP compliance requires that appropriate documented audit trails be readily available, at a minimum, in the event that a security incident is suspected to have occurred.  Situational awareness and security information event management consider the current state of threats, vulnerabilities, operations and assets both within and outside of the organization’s area of control and influence. This awareness is defined through active correlation of the current state of cyber, operational and physical activity. Working with the NERC Responsible Entity, Encari defines the appropriate events to monitor, correlate and respond to, as well as how to appropriately manage the log archive and necessary report generation mechanisms.
Continuing CIP compliance requires ongoing and continuous review of logs. If your organization needs to maintain and review logs for many devices, you may have realized that an automated solution will save you a lot of time – probably the equivalent of one or two FTEs! Security information event management (SIEM) and log management systems provide a means to automate this process, as well as provide the capability for real-time alerting should a breach occur. Encari’s consultants can help your organization choose and implement an appropriate SIEM or log management system.