We’ve talked occasionally about using the Bandolier audit templates to help with various standards compliance efforts. There is now a SCADApedia article that more formally describes how and where Bandolier links to the NERC CIP requirements.
Earlier this week I presented on our DoE projects to the SPP CIPWG, a group particularly concerned with NERC CIP. (SPP is the NERC RE and RTO for my region.) As I described to them, the Bandolier templates are not a silver bullet for any of the requirements but can certainly help with several of the CIP-007 mandates for servers and workstations. One of the useful features is the ability to save the audit reports for evidence that the audit happened and that the security configuration has not changed over time.
But what if there is not a Bandolier template for your control system application or you have a custom system? First, stay tuned because we will be adding many other systems to the published list. Second, if you would like a system added to the list and are willing to work with Digital Bond and the vendor to identify the “Gold Standard” configuration, send us an email.