Sample Workflow Templates - PAS Integrity Software Suite - 7.3 - Administration & Configuration - Intergraph

Integrity Administration Guide

Language
English
Product
PAS Integrity Software Suite
Subproduct
Cyber
Search by Category
Administration & Configuration
PAS Version
7.3

Workflows allow you to document work processes involved with configuration management for your industrial control system (ICS) and other assets managed within the configuration database. You can start a workflow case manually or based on condition changes within the database. You can also associate a workflow with changes.

For example, you can configure a workflow to detect changes within the configuration database. To ensure each change is reviewed and approved, you can link an asset change to an administrative approval of a workflow reconciliation.

Integrity provides several sample workflow templates to meet security best practices and common compliance criteria. To avoid overwriting a sample template, save a template as a new workflow definition, and then modify the new definition.

To use a sample workflow template, you need to complete several configuration tasks. The following list summarizes the sample workflow templates:

Asset Disposal Workflow

Documents the chain of custody of handling an asset as it is removed from service. The workflow is active until all sensitive information on the device is wiped and the supporting evidence of the destruction of the information is documented and attached to the Asset Disposal case number.

Configuration Change, Implementation

Documents the process to implement a change in a production system. This process includes the configuration change and any related configuration policy changes. If a Configuration Change, Testing case initiated the Configuration Change, Implementation case, the testing case number is included in the implementation case notes.

Configuration Change, Testing

Documents the process to test a proposed change and capture the test results for compliance requirements. If the proposed change identifies a defect in the configuration policies, the workflow covers the modification to the configuration policy and the approval steps for the policy change. If a workflow case has an associated configuration policy, a Configuration Change, Implementation case is created when the Configuration Change, Testing case is closed. The implementation case covers all assets that are monitored by the configuration policy, and it is associated with each location.

Periodic Review

Notifies owners of documents, reports, and lists that need to be reviewed at a certain frequency. For an example Annual Review, when there are 30 days left before the anniversary of the last approval date, the workflow starts a case, runs the report, and sends the report to the owner for review. The trackable case is associated with the review, and once the review has been completed, the next review date is set.

Security Incident Response

Documents security incidents based on your specific incident response procedure. The workflow incorporates all internal and regulatory notifications, captures the following steps, and includes the ability to document the lessons learned while updating the mitigation steps and incident response procedures:

  • Assessing: Identifying and investigating an issue to determine whether there is an incident based on a set of configurable rules.

  • Classifying: Identifying the threat level and severity of the incident.

  • Declaring: Notifying the stake holders about the incident.

  • Containing: Performing the steps to contain the threat and stop the attack.

  • Restoring: Performing the steps required to return to normal operations.

Vulnerability Assessment

Guides patch management tasks, including evaluating and applying patches to mitigate vulnerabilities.