CHAPTER 2: PRODUCT DESCRIPTION SECURITYB90 LOW IMPEDANCE BUS DIFFERENTIAL SYSTEM – INSTRUCTION MANUAL 2-52• Security event reporting through the Syslog protocol for supporting Security Information Event Management (SIEM)systems for centralized cybersecurity monitoring• Strong encryption of all access and configuration network messages between the EnerVista software and UR devicesusing the Secure Shell (SSH) protocol, the Advanced Encryption Standard (AES), and 128-bit keys in Galois CounterMode (GCM) as specified in the U.S. National Security Agency Suite B extension for SSH and approved by the NationalInstitute of Standards and Technology (NIST) FIPS-140-2 standards for cryptographic systemsCyberSentry user rolesCyberSentry user roles (Administrator, Engineer, Operator, Supervisor, Observer) limit the levels of access to various URdevice functions. This means that the EnerVista software allows for access to functionality based on the user’s logged inrole.Example: Administrative functions can be segmented away from common operator functions, or engineering type access,all of which are defined by separate roles (see figure) so that access of UR devices by multiple personnel within asubstation is allowed.One role of one type is allowed to be logged in at a time. For example, one Operator can be logged in but not a secondOperator at the same time. This prevents subsets of settings from being changed at the same time.Figure 2-2: CyberSentry user rolesThe table lists user roles and their corresponding capabilities.Table 2-3: Permissions by user role for CyberSentryRoles Administrator Engineer Operator Supervisor ObserverComplete access Complete accessexcept forCyberSentrySecurityCommandmenuAuthorizeswritingDefault roleDevice Definition R R R R RSettings|---------- Product Setup|--------------- Security(CyberSentry)RW R R R R|--------------- Supervisory See table notes R R See tablenotesR|--------------- Display Properties RW RW R R R|--------------- Clear Relay Records(settings)RW RW R R R|--------------- Communications RW RW R R R|--------------- Modbus User Map RW RW R R R|--------------- Real Time Clock RW RW R R R|--------------- Oscillography RW RW R R R
