Protect Phase: Summary & Audit Readiness
Phase Objective
The Protect Phase is about Hardening. Using the blueprints from Identify, we implement technical barriers, access controls, and physical safeguards to minimize the vessel’s attack surface.
Core Compliance Deliverables
To pass an IACS UR E26/E27 audit, the following technical safeguards and logs must be active. Click the links to access the specific playbooks for each Pillar.
Network Control
Evidence of physical or logical (VLAN) separation between IT and OT zones.
View Pillar A →Access & Identity
Verified use of MFA for remote access and RBAC policies for system interaction.
View Pillar B →Endpoint Hardening
Confirmation that unused ports are disabled and OS services are limited.
View Pillar C →Data Integrity
Documented patch management and verified offline configuration backups.
View Pillar D →Physical & Power
Securing physical access to OT spaces and ensuring UPS power resilience.
View Pillar E →Auditor “Cheat Sheet”
Expect the Class Surveyor to perform a “Spot Check” on these specific hardening controls during an annual survey.
Evidence Needed: Firewall ACL list showing the blocked traffic between zones.
Evidence Needed: Physical inspection and a Key Management Log showing controlled access.
Evidence Needed: Point to the “Golden Image” SSD kept in the secure offline vault.
Watching the Horizon: Detection
Your defenses are up and your assets are hardened. Now, we must implement the “Eyes and Ears” of the vessel. The next phase covers Intrusion Detection (IDS), Security Logging, and Continuous Monitoring.
Begin Phase 3: DETECT →