![Page 1: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/1.jpg)
Project 2016-02CIP ModificationsWebinar on Standard Drafting Team Considerations for the Use of Virtualization in the CIP EnvironmentApril 18, 2017
![Page 2: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/2.jpg)
RELIABILITY | ACCOUNTABILITY2
• NERC Antitrust Guidelines It is NERC’s policy and practice to obey the antitrust laws and to avoid
all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition.
• Notice of Open Meeting Participants are reminded that this webinar is public. Notice of the
webinar was posted on the NERC website and the access number was widely distributed. Speakers on the call should keep in mind that the listening audience may include members of the press and representatives of various governmental authorities, in addition to the expected participation by industry stakeholders.
Administrative Items
![Page 3: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/3.jpg)
RELIABILITY | ACCOUNTABILITY3
• Opening Remarks and Introduction of Presenters
• Administrative Items Antitrust and Disclaimers Webinar Format
• Standard Drafting Team
• Hypervisors
• What is multi-tenancy?
• Questions and Answers
Agenda
![Page 4: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/4.jpg)
RELIABILITY | ACCOUNTABILITY4
CIP Standard Drafting Team
![Page 5: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/5.jpg)
RELIABILITY | ACCOUNTABILITY5
Virtualization Webinar Summary
1. Hypervisors Template Considerations Why VM guest need to be treated as CyberAsset Security Patches address ongoing Hypervisor Vulnerabilities
2. What is multi-tenancy? Define Multi-tenancy, Tenants, Overlay, and Underlay Building a multi-tenant environment Introduce ESZ Concept
![Page 6: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/6.jpg)
RELIABILITY | ACCOUNTABILITY6
Hypervisor Templates – VDI Use Cases
![Page 7: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/7.jpg)
RELIABILITY | ACCOUNTABILITY7
Hypervisor Templates – VDI Use Cases
![Page 8: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/8.jpg)
RELIABILITY | ACCOUNTABILITY8
Hypervisor Templates – VDI Use Cases
![Page 9: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/9.jpg)
RELIABILITY | ACCOUNTABILITY9
Hypervisor Templates – VDI Use Cases
![Page 10: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/10.jpg)
RELIABILITY | ACCOUNTABILITY10
Hypervisor Templates – VDI Use Cases
![Page 11: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/11.jpg)
RELIABILITY | ACCOUNTABILITY11
HV Templates – Dormant Images
![Page 12: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/12.jpg)
RELIABILITY | ACCOUNTABILITY12
HV Templates – Dormant Images
![Page 13: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/13.jpg)
RELIABILITY | ACCOUNTABILITY13
HV Templates – Dormant Images
![Page 14: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/14.jpg)
RELIABILITY | ACCOUNTABILITY14
HV Templates – Dormant Images
![Page 15: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/15.jpg)
RELIABILITY | ACCOUNTABILITY15
CIP Considerations for the Gold Images
![Page 16: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/16.jpg)
RELIABILITY | ACCOUNTABILITY16
Considerations for Templates in CIP-010
• Baseline Templates Could be created for Database Servers, Webservers, etc Contains no specific application settings but is up to date with security
patches and baselined software packages for rapid deployment
• CIP-010 Part 1.1 requires the development of a baseline configuration individually or by group, demonstration of compliance for the VMs could be achieved by using the baseline configuration of the Master Image, all baseline configuration elements being identical to the master image for all instances created.
![Page 17: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/17.jpg)
RELIABILITY | ACCOUNTABILITY17
VM’s as Software on Cyber Assets
![Page 18: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/18.jpg)
RELIABILITY | ACCOUNTABILITY18
VM’s as Software on Assets: Ports/Services
![Page 19: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/19.jpg)
RELIABILITY | ACCOUNTABILITY19
VM’s as Software on Assets: Ports/Services
![Page 20: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/20.jpg)
RELIABILITY | ACCOUNTABILITY20
VM’s treated as CA’s: Ports/Services
![Page 21: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/21.jpg)
RELIABILITY | ACCOUNTABILITY21
VM’s treated as Software on bare-metal HV: Malware Prevention
![Page 22: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/22.jpg)
RELIABILITY | ACCOUNTABILITY22
VM’s treated as Software on bare-metal HV: Malware Prevention
![Page 23: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/23.jpg)
RELIABILITY | ACCOUNTABILITY23
VM’s treated as Software on bare-metal HV: Malware Prevention
![Page 24: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/24.jpg)
RELIABILITY | ACCOUNTABILITY24
VM’s treated as Software on bare-metal HV: Malware Prevention
![Page 25: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/25.jpg)
RELIABILITY | ACCOUNTABILITY25
VM’s treated as Software on bare-metal HV: Malware Prevention
![Page 26: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/26.jpg)
RELIABILITY | ACCOUNTABILITY26
VM’s treated as Software on bare-metal HV: Malware Prevention
![Page 27: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/27.jpg)
RELIABILITY | ACCOUNTABILITY27
VM’s treated as Software on Hosted HV: Malware Prevention
![Page 28: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/28.jpg)
RELIABILITY | ACCOUNTABILITY28
• Hypervisors and VM’s should be treated as discrete cyber assets It is difficult to keep proper redundancy strategies in place with
hypervisors when treating VM’s as software on the CA Bare-metal hypervisors have strong separation using an independent
resource scheduler that prevents malware from accessing the backplane. Hosted platforms do not have this separation and require additional steps to maintain security such as management plane isolation
Malware detection considerations need to be applied direction to all operating systems involved. Applying them at the hypervisor is not sufficient to ensure security
Hypervisor : Bare-Metal and Hosted Considerations
![Page 29: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/29.jpg)
RELIABILITY | ACCOUNTABILITY29
• Because the hypervisor ensures the separation of guests, it needs to be patched regularly: Security patches address ongoing Hypervisor vulnerabilities such as VM
escape attacks Hypervisor is a Cyber Asset; afforded same controls including physical
security NIST bare-metal hypervisors have a smaller attack surface (SP800-125
chapter 2)o Reduced devices driverso Management Plane Separation
Hypervisor Threats
![Page 30: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/30.jpg)
RELIABILITY | ACCOUNTABILITY30
1. Hypervisors Template Considerations Why VM guest need to be treated as PCA's Security Patches address ongoing Hypervisor Vulnerabilities
2. What is multi-tenancy? Define Multi-tenancy, Tenants, Overlay, and Underlay Building a multi-tenant environment Introduce ESZ Concept
Virtualization Webinar Summary
![Page 31: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/31.jpg)
RELIABILITY | ACCOUNTABILITY31
• Multi-Tenancy - an environment where a shared infrastructure serves multiple tenants.
• Tenants –discrete groups of applications, functions, or environments that share a common resource with specific privileges or security levels that consume resources from the shared infrastructure. The instances (Tenants) are logically isolated but physically interconnected.
• Underlay Network – A network that supports Overlay Networks. It does not trust the overlay network.
• Overlay Network – A network utilized by Tenant. It is unaware that the underlay network exists.
• Centralized Management System - A centralized system for administration or configuration of BES Cyber Systems, including but not limited to systems management, network management, storage management or patch management
Multi-Tenancy Definitions
![Page 32: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/32.jpg)
RELIABILITY | ACCOUNTABILITY32
Multi-Tenancy: Management and Data Plane Isolation
![Page 33: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/33.jpg)
RELIABILITY | ACCOUNTABILITY33
Multi-Tenancy: Basic Physical Devices
![Page 34: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/34.jpg)
RELIABILITY | ACCOUNTABILITY34
Multi-Tenancy: Centralized Management Systems
![Page 35: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/35.jpg)
RELIABILITY | ACCOUNTABILITY35
Multi-Tenancy : Adding Tenant Networks
![Page 36: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/36.jpg)
RELIABILITY | ACCOUNTABILITY36
Multi-Tenancy : Adding Tenant Networks
![Page 37: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/37.jpg)
RELIABILITY | ACCOUNTABILITY37
Multi-Tenancy : Add Some Storage
![Page 38: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/38.jpg)
RELIABILITY | ACCOUNTABILITY38
Multi-Tenancy : Add some VM’s
![Page 39: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/39.jpg)
RELIABILITY | ACCOUNTABILITY39
Multi-Tenancy : Add a Firewall
![Page 40: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/40.jpg)
RELIABILITY | ACCOUNTABILITY40
• Multi-Tenancy Considerations VM Infrastructures are designed to support Multi-Tenancy from the
ground up and should be considered to be Multi-Tenant environments even if there is only one Tenant
Tenant Systems should not have access to the management plane (Logical Isolation at a minimum, Physical is best)
Underlay hardware assumes the highest level of security because it required for all Tenants to perform their functions
Tenants “Transit” the Underlay, but have no means of accessing it
Multi-Tenancy: Considerations
![Page 41: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/41.jpg)
RELIABILITY | ACCOUNTABILITY41
• The SDT is considering the creation of a construct called an Electronic Security Zone to describe controls used to separate Tenants with logical isolation This concept would be used to separate the management plane from
the data plane The concept can be used to create other ESZ’s within an ESP (Such as to
isolate outbound communication, or to split a storage array) Devices that support multi-tenancy need to use the management ESZ to
communicate with their Centralized Management System(CMS) Not limited to networking concepts, can be used to model any type of
logical control
ESZ Concept
![Page 42: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/42.jpg)
RELIABILITY | ACCOUNTABILITY42
ESZ Example: Management Plane Isolation
![Page 43: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/43.jpg)
RELIABILITY | ACCOUNTABILITY43
ESZ Example: DMZ Seperation
![Page 44: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/44.jpg)
RELIABILITY | ACCOUNTABILITY44
ESZ Example: DMZ Seperation
![Page 45: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/45.jpg)
RELIABILITY | ACCOUNTABILITY45
ESZ Example: DMZ Seperation
![Page 46: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/46.jpg)
RELIABILITY | ACCOUNTABILITY46
ESZ Example: ESZ vs ESP
![Page 47: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/47.jpg)
RELIABILITY | ACCOUNTABILITY47
ESP and ESZ Interaction?
![Page 48: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/48.jpg)
RELIABILITY | ACCOUNTABILITY48
• The SDT is considering the creation of a construct called an Electronic Security Zone to describe controls used to separate Tenants with logical isolation This concept would be used to separate the management plane from
the data plane The concept can be used to create other ESZ’s within an ESP (Such as to
isolate outbound communication, or to split a storage array) Devices that support multi-tenancy need to use the management ESZ to
communicate with their Centralized Management System(CMS) Not limited to networking concepts, can be used to model any type of
logical control
ESZ Considerations
![Page 49: Project 2016-02 CIP Modifications - NERC 201602... · 2017-04-20 · Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization](https://reader035.vdocuments.us/reader035/viewer/2022070822/5f29900a4a08994f7e3b0957/html5/thumbnails/49.jpg)
RELIABILITY | ACCOUNTABILITY49