Industrial Internet Security Framework v 1.0 | Page 111

Security Framework

11: Security Configuration and Management

updates to reconfigure affected systems. The feedback loop is analogous to the Monitor (Event
Gathering), Analyze (Aggregate/Correlate and Alarms), and Act (Automated Responses and Policy
Deployment) as described in chapter 10.
11.4.3 POLICY ASSIGNMENT AND DELIVERY
Within the management process, the security policy must be defined for each endpoint. Having
a coarse-grained mechanism to define this policy across a number of endpoints in an efficient
manner is desirable. The management process must be scalable, and optimized for a human to
be part of the process.
Appropriate policy settings should be exposed to the human so she can correctly configure the
controls on the endpoint. Reuse and automation is needed to simplify policy management.
Policy should be pushed to a number of endpoints at once. A structured policy with policy subelements enables reuse of the elements across a number of different policies. A policy library can
be built up that combines the various policy sub-elements in different combinations without
redefining policy for a minor change. Default policy sub-elements ease defining policy by
managing divergence from the default, rather than redefining the entire policy.
Endpoint security policy should be assignable to an endpoint or a group of endpoints. This allows
the endpoint to be managed at an atomic level, or with other endpoints that share common
functionality, without needing to create a policy for each individually.
An automated mechanism to deliver the machine policy to the endpoints is strongly advised.
Tracking the policy and sub-elements in place on each endpoint allows for more oversight of the
policy management process. Automation scales, and minimizes the impact of human error.

11.5 ENDPOINT CONFIGURATION AND MANAGEMENT
Once machine policy has been set on an endpoint, the policy settings configured during the policy
authoring and delivered to the endpoint must be activated and enforced. This includes parsing
the policy and providing each affected security control with the appropriate policy sub-element.
Each control should receive the policy sub-element related to it, be able to understand the
configuration and act upon it. The management platform need not have insight into the control’s
configuration; it only exposes the UI controls and stores the results. Nor do the policy delivery
steps need insight into the control’s configuration; they only ensure the policy is delivered to the
right endpoint with proper integrity and confidentiality. Only the control itself, on the endpoint,
needs to understand the configuration settings saved on the management console.
To implement new security controls, only two components need to be built: the policy element
that a human configures, and the security control parser that resides on the endpoint and
translates the machine policy sub-elements into the appropriate settings.
Once the policy has been applied to the endpoint, any events that result from policy violations
should be communicated off the endpoint.

IIC:PUB:G4:V1.0:PB:20160926

- 111 -