Download document () of 20
Send email
Download
You have exceeded the download limit
Timely patch management is a key requirement in ensuring the continued safe operation of control systems. For this reason, NERC CIP-007 R3 requires that utilities implement a Security Patch Management program for tracking, evaluating, testing and installing applicable cyber security software patches for all Cyber Assets within the Electronic Security Perimeter.
Many of Eaton's grid automation system solutions are based on Microsoft technology. Microsoft publishes security updates for its operating systems and applications on a regular basis. However, the deployment of a security update is a costly operation that can result in disruption of service. The decision that a utility needs to make is whether the cost of the update outweighs the risk faced from a potential attack stemming from an unpatched system.
As part of its program to help utilities meet NERC CIP requirements, Eaton evaluates the applicability of Microsoft security updates to its products and provides a compatibility recommendation. These reports identify the Eaton grid automation system solutions software that has been successfully tested with Microsoft security updates, the status of Eaton’s testing and Eaton’s recommendation based on the test results.
Microsoft security updates are published on the second Tuesday of each month. Eaton is committed to providing a guidance report within ten days of receipt of updates.
