NERC CIP reporting revolves around changes to the NERC CIP baseline, so Tripwire is a natural way to find the information required and build reports. Tripwire’s allowlisting solution defines the lists of allowed ports, services, software, etc., on each device and the data baselined by TE about each of those is compared to the allowed list of ports, software, etc. The result is an assessment. The NERC CIP baseline is the list of what is running, and allowed on the system.
Read full article on Tripwire – The State of Security