CIP-003-7 Supplemental Material
Reference Model 1 – Host-based Inbound & Outbound Access Permissions The Responsible Entity may choose to utilize a host-based firewall technology on the low impact BES Cyber System(s) itself that manages the inbound and outbound electronic access permissions so that only necessary inbound and outbound electronic access is allowed between the low impact BES Cyber System(s) and the Cyber Asset(s) outside the asset containing the low impact BES Cyber System(s). When permitting the inbound and outbound electronic access permissions using access control lists, the Responsible Entity could restrict communication(s) using source and destination addresses or ranges of addresses. Responsible Entities could also restrict communication(s) using ports or services based on the capability of the electronic access control, the low impact BES Cyber System(s), or the application(s).
Routable communications entering or leaving the asset containing low impact BES Cyber System(s)
Routable Protocol
Low impact BES Cyber System
Asset containing low impact BES Cyber System(s)
Communication between a low impact BES Cyber System and a Cyber Asset outside the asset
Non-routable Protocol
Routable Protocol
Reference Model 1
Page 36 of 57
Made with FlippingBook - Online magazine maker