ICS/OT CIP Requirements for BCSI in Alert Emails

Forum|Forum|1 year ago
December 19, 2024
1 reply
946 views

G'day,

This is for those working in ICS/OT: I have set up and tested alerts in FAZ. The email notifications for the alerts via handlers and notification profiles, etc... are sending BCSI information. I have tried to work with support, but they are saying that there is no way to remove the information that is sent in the emails. NERC requirements are clear about this. I can't send hostnames and IP's in the same info resource. Privacy Masking is an option, but it also disables it i FortiView and Log View. Has anyone else come across this and found a solution? Its bad that I can't send the alerts I need in FAZ without the need of another product (SIEM) to do it. If someone has a best practice comment and its condescending in nature, just I know I love you still and happy holidays. Oh... I submitted a NFR for this already.

kgeorge

Staff

Hello @vidmooreda,

I believe, you have already checked this documentation below and that is not service purpose for you as it also mask details in Fortiview,

https://docs.fortinet.com/document/fortianalyzer/7.6.1/administration-guide/347502/privacy-masking

As you have submitted the NFR, you can wait for the Sales Engineer's update on it and move forward accordingly.

Also, we can allow other users here to share their inputs if they have any alternatives on this.

Have a nice day!

vidmooredaAuthor

Visitor III

Thank you for your response, Klint. As I mentioned, privacy masking is NOT an option, due to this also masking those fields in FortiView. I have submitted an NFR and I am working with the Fortinet OT Sales Engineer now to come up with a solution. I have tried everything, but to no avail.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded