With regard to BCSI (BES (Bulk Electric System) Cyber System Information) in the cloud, responsible entity sentiments at the moment may be akin to Prince Hamlet as he contemplated death and suicide, “bemoaning the pain and unfairness of life but acknowledging that the alternative might be worse.”
As currently written and subject to enforcement, components of CIP-011-2 quite frankly make it near impossible to be compliant in designating a cloud-hosted BCSI repository much less actually choosing to store documentation classified as such in your favorite Document Management SaaS.
I won’t debate whether or not this is a decision any responsible and security-conscious steward of BCSI would make lightly, but it is an inevitability that the question will be posed to those of you who are Tripwire admins. From purely a compliance monitoring perspective, I wanted to take some time to enlighten you about some capabilities in the Tripwire suite of solutions that you can leverage. But first, a word on the Standard Drafting Team’s (SDT) recent activity.
On January 16th, 2020 the SDT held a webinar titled “BES Cyber System Information Access Management” to report on the progress…