Nerc Cip; Security Recommendations And Best Practices - Siemens 9810 Series User Manual

NERC CIP

Security recommendations and best practices

Recommended security configuration
Password best practices
114
North American Electric Reliability Corporation (NERC) Critical Infrastructure
Protection (CIP) is a set of standards and requirements designed to help protect
the North American power generation and transmission system and covers
aspects such as critical cyber asset identification, electronic security perimeters,
and systems security management.
This meter has incorporated security features that allow it to be part of NERC CIP
compliant facility. For example, the security features of this meter include user
accounts with configurable passwords and permissions; network port control
configuration; security access and event log replication to an external server; and
digitally signed firmware.
For more information about NERC or the CIP standards, go to the North American
Electric Reliability Corporation's website at http://www.nerc.com.
Recommended security configuration settings help improve security on your
meter.
• Ensure that your meter requires a password for configuration through the
display or communications.
• Configure the protocol lockouts to help minimize access to your meter.
• Enable advanced security on your meter.
◦ Configure users and passwords to help minimize access to your meter.
• Disable communications for all unused network ports and protocols.
• Change the connection ports from their default values wherever possible.
• Save a copy of your meter's ION Setup security configuration (*.scf) file in a
secure location for future reference or troubleshooting. Your meter's security
configuration file can be loaded onto other meters of the same type to
configure their security settings. Security files are encoded.
• For the highest level of security, use a revenue-locked meter with advanced
security enabled and configured for minimum access.
• Set your meter's time synchronization source to a secure communications
port, and disable time synchronization on all other ports.
Recommended password best practices help to improve security on your meter.
• Change your meter's password from the default value.
• Make your meter's passwords as complex as possible.
NOTE: Make sure that the user password you enter is compatible with the
software used to communicate with your device.
• Schedule regular changes to your meter's passwords.
• Record your meter's passwords in a secure location.
If your meter's user access information is lost, you must return the meter to the
factory, where your meter is reset to its factory defaults and all logged data is lost.
DATA LOSS
Failure to follow these instructions can result in equipment damage.
Record your device's user and password information in a secure location.
NOTICE
Security
7EN05-0390-00