Understanding Baselines in ICS Integrity - PAS ICS Integrity - 7.3 - Help - Intergraph

ICS Integrity Help

Language
English
Product
PAS ICS Integrity
Subproduct
ICS
Search by Category
Help
PAS Version
7.3

When you create a baseline in ICS Integrity, you are creating an asset. The baseline assets need to reside somewhere in the asset hierarchy, with a defined location, so that they are visible in the ICS Integrity web interface. ICS Integrity features, such as Query Builder and Change Tracker, work as they do for any other asset.

The hierarchy structure within a baseline asset replicates the structure from the corresponding assets. For every object in the baseline, all lineages need to be found, and for each object in each lineage, a duplicate object is created in the baseline. Relationships are also created between objects in each lineage. If you create a baseline from two different assets, such as a Honeywell TPS asset and a PAS Recon asset, the resulting hierarchy in the baseline asset contains a hierarchy from each source asset, and they appear as parallel hierarchies.

In ICS Integrity, you create a baseline using queries and filters to include the assets you want and the important attributes and settings for those assets. Baseline types allow you to identify categories of assets and the relative risk levels. Then, you can use baselines to identify where existing assets deviate from the settings and attributes in the baselines. You can also create baselines that identify open ports and the services that use those ports. With baseline management, you can more easily identify configurations that deviate from your approved standards.

The ICS Integrity web interface displays the latest version of each baseline. As standards change, such as when new patches are released for software you use, you need to update your defined baselines. You can create a new version of a baseline by locking the baseline. ICS Integrity saves a locked version of the current baseline and then replaces the baseline in the hierarchy with a new, unlocked version that you can then modify and use.