Standards Support

SFCI Standard Support

Compliance managers need solutions that assist in security compliance efforts, both now and in the future. This demands scalable solutions that are managed centrally. SEL solutions can assist in these efforts.

Regulatory Compliance

Keeping up with regulations and achieving North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance is a demanding, yet necessary, job for compliance managers, both now and in the future. In order to meet these daily demands, they need centrally managed, scalable solutions and technology that can collect and report the correct data, making compliance easier and providing the appropriate functionality.

SEL Solutions for NERC CIP

Cybersecurity isn’t something that can be achieved by one person, product, or technology. SEL believes in layered security protections and building security from the system level. Whether you need to manage one substation or hundreds, we create manageable, scalable solutions that protect the system and help meet NERC CIP requirements.

SEL practices solid engineering techniques, including documenting all product features and access methods, and ensuring transparency with device services. We provide security analysis of code and perform negative testing as part of our comprehensive program to deliver high-quality, robust products.

Log Management

  • Device-level user logging and data authentication
  • Simple Network Management Protocol (SNMP) support
  • Detailed activity logs to the command level
  • Syslog for integrating log measurement into existing systems
  • Offsite storage
  • Proxy services that generate user command reports and trace all actions performed on intelligent electronic devices (IEDs) to individual users

Trust Management

  • Centralized key management
  • X 509 certificate support
  • Automated password configuration and management
  • Security gateways to enforce complex passwords and ensure no default passwords are in service
  • Access and authentication rights configured from a single location

Change Control

  • Centralized IED configuration and firmware tracking
  • 10,000 IED connection directory in acSELerator Team SEL-5045 Software
  • Proxied command line interface to IEDs

Access Control

  • Control for both Ethernet and serial data entering or exiting the electronic security perimeter
  • Proxy for legacy devices, instantly improving security without firmware upgrades
  • Port-level security and configurable access levels on local and remote access
  • Strong password enforcement
  • Centralized user authentication
  • Deny-by-default firewall configuration
  • Lightweight Directory Access Protocol (LDAP) compliant access control

Encryption

  • Wireless, Ethernet, SONET, and serial encryption
  • Support for point-to-point, multidrop, and many-to-many
  • Centralized key management
  • Internet Protocol Security (IPSec) virtual private networks (VPNs) for site-to-site security

Malware Protection

  • Embedded whitelist malware protection
  • Granular memory protection technology
  • Digitally signed firmware images

SEL Security Testing and Design Services for NERC CIP

SEL provides penetration testing, vulnerability scanning, and NERC CIP compliance audit testing. Our certified security professionals support your efforts in developing sustainable security plans, policies, and procedures. We design security starting at the device closest to the critical asset and working up to the user, ensuring authentication, authorization, and accountability are intact at each stage.

NERC CIP Associated Documents

NERC CIP Standards

Literature

Literature

Publications (Newest First)

Drawings