August 6, 2013

NERC CIP Compliance with Gatekeeper

Built for CIP Compliance

Gatekeeper is built from the ground up with NERC CIP Compliance in mind. Escort centric features, visit logging, dashboards, awareness tools, and reports are all designed to facilitate CIP regulation requirements. Access to Physical Security Perimeters is logged with Gatekeeper touch-screen kiosks, expediting the process of logging visitors in and out of your physical security perimeters.

Logging access to physical areas has traditionally been performed using a paper log. While this is considered an acceptable method for addressing CIP-006 requirements, the regional entities enforcing CIP standards have cited many issues with this approach.

CIP Escort Requirements

Gatekeeper validates Escorts first for each physical security perimeter they are entering. If valid, the system permits them to escort guests into each secure area (Escort-Centric). Gatekeeper's industry-leading escort-centric design is engineered for compliance and audit-ready reporting.

Force 5's Gatekeeper, alleviates the following concerns:

  • Enforcing the Use of the Logbook

  • Validation of Personnel

  • Limited Visibility Into Who, When and Why Individuals are Accessing Areas

  • Ensuring the Completeness, Accuracy and Continuity of Recorded Information

Logging access to physical areas has traditionally been performed using a paper log. While this is considered an acceptable method for addressing CIP-006 requirements, the regional entities enforcing CIP standards have cited many issues with this approach. Force 5 has developed Gatekeeper, a computerized logging system to alleviate the following concerns.

 

CIP-006 – Cyber Security – Physical Security of BES Cyber Systems

Purpose:
To manage physical access to BES Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES.

CIP-006-5 Table R2 – Visitor Control Program

Part

2.1

Applicable System

High Impact BES Cyber Systems and their associated:
1. EACMS; and
2. PCA
Medium Impact BES Cyber Systems with External Routable Connectivity and their associated:
1. EACMS; and
2. PCA

Requirements

Require continuous escorted access of visitors (individuals who are provided access but are not authorized for unescorted physical access) within each Physical Security Perimeter, except during CIP Exceptional Circumstances.

Measures

An example of evidence may include, but is not limited to, language in a visitor control program that requires continuous escorted access of visitors within Physical Security Perimeters and additional evidence to demonstrate that the process was implemented, such as visitor logs.

How Does Gatekeeper Help?

Gatekeeper is the industry’s first escort centric logging system designed specifically to document the entry and exit of escorts, guests and visitors. Gatekeeper exceeds logging requirements, validating personnel, credentials and performing real-time risk analysis using multiple information sources.

CIP-006-5 Table R2 – Visitor Control Program

Part

2.2

Applicable System

High Impact BES Cyber Systems and their associated:
1. EACMS; and
2. PCA
Medium Impact BES Cyber Systems with External Routable Connectivity and their associated:
1. EACMS; and
2. PCA

Requirements

Require manual or automated logging of visitor entry into and exit from the Physical Security Perimeter that includes date and time of the initial entry and last exit, the visitor’s name, and the name of an individual point of contact responsible for the visitor, except during CIP Exceptional Circumstances.

Measures

An example of evidence may include, but is not limited to, language in a visitor control program that requires continuous escorted access of visitors within Physical Security Perimeters and additional evidence to demonstrate that the process was implemented, such as dated visitor logs that include the required information.

How Does Gatekeeper Help?

Gatekeeper is the industry’s first escort centric logging system designed specifically to document the entry and exit of escorts, guests and visitors. Gatekeeper exceeds logging requirements, validating personnel, credentials and performing real-time risk analysis using multiple information sources.

CIP-006-5 Table R3 – Physical Access Control System Maintenance & Testing Program

Part

2.3

Applicable System

Physical Access Control Systems (PACS) associated with:

  • High Impact BES Cyber Systems, or
  • Medium Impact BES Cyber Systems with External Routable Connectivity

Locally mounted hardware or devices at the Physical Security Perimeter associated with:

  • High Impact BES Cyber Systems, or
  • Medium Impact BES Cyber Systems with External RoutableConnectivity

Requirements

Maintenance and testing of each Physical Access Control System and locally mounted hardware or devices at the Physical Security Perimeter at least once every 24 calendar months to ensure they function properly.

Measures

An example of evidence may include, but is not limited to, a maintenance and testing program that provides for testing each Physical Access Control System and locally mounted hardware or devices associated with each applicable Physical Security Perimeter at least once every 24 calendar months and additional evidence to demonstrate that this testing was done, such as dated maintenance records, or other documentation showing testing and maintenance has been performed on each applicable device or system at least once every 24 calendar months.

How Does Gatekeeper Help?

Kiosks report their availability to log a visit and are capable of running offline in the event of a network outage.