Bandolier 
Digital Bond’s Bandolier Project is funded by the U.S. Department of Energy.
In this project Digital Bond is developing security audit files for more than 20 different control system workstations or servers. The audit files can be used with the Nessus Vulnerability Scanner and other vulnerability scanners to compare a deployed system with the recommended gold standard. Any deviations from the gold standard will be noted in the report.
The Bandolier Audit Files are available to Digital Bond Subscribers as release packages by product family:
Documentation and information on the Bandolier project is available on the SCADApedia.
Digital Bond creates two Bandolier Security Audit Files for each control system component. The .App file was developed by Digital Bond, Inc. This Bandolier Security Audit File is the sole property of Digital Bond, Inc., and Digital Bond retains full ownership rights to this file.
The OS file is a modified version of a .audit file originally written and maintained by Tenable Network Security, www.tenablesecurity.com. The original .audit file is copyright Tenable Network Security. Tenable has granted Digital Bond permission to make modifications to the original .audit file, to produce an updated .audit file, and to distribute this updated .audit file to its customers and partners. Tenable and Digital Bond maintain a collective ownership of this updated .audit file, called a Bandolier Security Audit File for OS checks.
Digital Bond is providing the Bandolier Security Audit File “as is” without: (1) any warranties to the effectiveness or accuracy or (2) the responsibility to make or notify you of any bug fixes or updates of any kind.
Restriction: The Bandolier Security Audit Files or any derivative of these files shall not be posted on any website, bulletin board, ftp server, newsgroup, or other similar mechanism or device without the prior written consent of Digital Bond, Inc.
Digital Bond thanks the Center for Internet Security (“CIS”) for the use of their consensus security configuration Benchmarks as resources in developing the Bandolier audit files. In some instances, Digital Bond has modified the CIS Benchmark recommendations for fit to Industrial Control Systems. Given these modifications, the resulting audit files do not represent the CIS Benchmarks or the result of the CIS consensus process.
Digital Bond has also developed detailed documentation pages for many of the control system specific security audit checks. The links to these audit pages are found included in the audit test results file. The documentation pages are also listed and linked in the subscriber only tables below.
This content is only viewable by subscribers. Please login or subscribe to access this content.
