|
|
| Regulations & Compliance |
 prev | index | next  |
 |
Federal Energy Regulatory Commission
(FERC) Security Standards |
|
http://www.securitymanagement.com/library/ferc_guidelines2.pdf/
Description
These Security Standards are described in Appendix G of the FERC Security Guidelines.
The purpose of the Security Standards is to safeguard the extremely mutually interdependent electric grid. To assure that the luck of security on one recourse doesn't compromise the security and risk grid and market failure for a market or grid as a whole.
Federal Energy Regulatory Commission (FERC) Security Standards for market resources are primarily focused on electronic systems, including hardware, software, data, related communications networks, control systems as they impact the grid or market, and personnel.
The initial set of standards represents the minimum set of measures derived from commonly accepted industry standards, such as Common Criteria, CTSEC, ITSEC, IPSEC, ISO17799, NIST Guidelines and the NERC Security Guidelines.
The FERC Security Standards apply to:
- The market operations of RTOs (Regional Tranmission Organizations) & ISOs (Independent Systems Operators) and Marketers & power producers
- Transmission owners
- Load serving entities
- NERC ( North American Electric Reliability Council ) and the reliability authorities
- Other power-generating units that participate in an electric market
- Other power purchasers
Areas addressed include:
- Security and risk assessment
- Communications
- Physical and cyber security
- Employment screening
- Protecting sensitive information
- Incident response and management
- Continuity of business practices
Failure to comply with these security standards will result in loss of direct access privileges to the electric market.
Malicious acts directed against the electric market, shall be prosecuted by FERC and law enforcement agencies to the full extent of the law, including the recovery of damages.
Audit Body
On an annual basis, every participant shall file with FERC a self certification signed by an officer of the company indicating compliance with these standards and identifying any areas of non-compliance.
Industry Affected
The market operations of RTOs (Regional Transmission Organizations), ISOs (Independent Systems Operators)marketers, power producers,
transmission owners, load serving entities, reliability authorities and power-generating units that participate in the electric market.
Distributed Taps & FERC Compliance
1. Security and risk assessment:
A greater view into your network helps your company to assess the potential risk.
2. Physical/cyber security & protecting sensitive information:
VSS Taps can be used in combination with IDS and Forensics tools to assure the the cyber security of the network.
3. Incidence response and management:
VSS monitoring Taps work in combination with IDS and monitoring systems to send messages and alerts to individuals or groups, informing them incidents and prompting action. At the same time, commands to routers and other network devices can block an attacker's access, or instructions can be passed to a patch management or configuration system. These capabilities address requirements that, having identified a threat, security specialists must work to mitigate the potential for damage and correct out-of-policy situations.
4. Continuity of business:
VSS taps enable you to monitor your entire network 24x7 without impacting network performance, making sure that the network is secure and reliable.
|
|
|
| prev | index | next |
|
