S4_Call
AAA  AAA 

Bandolier

Bandolier helps asset owners and vendors identify and audit optimal security configuration for control system servers and workstations. In this Department of Energy funded project, Digital Bond partners with leading control system application vendors to establish practical security configuration guidance for SCADA, DCS, and other industrial control system components. Digital Bond then creates and distributes specialized security audit files that can be used with the Nessus vulnerability scanner. Bandolier, in conjunction with Nessus, is the most widely used security tool in industrial control systems. Customized operating system and application-level Nessus audit files are available now for over twenty control system components, with more on the way.

Overview

  • Defines optimal security configuration for SCADA and DCS servers and workstations
  • Provides vendor-supported, customized security audit files for control system applications
  • Provides a safe and effective way to audit control system components

How it Works

  • No client software, services, or agents are required on the control system server or workstation
  • User uploads Bandolier security audit files to the Nessus vulnerability scanner
  • Nessus policy compliance plugins make a low impact connection to the control system server or workstation
  • Nessus uses built-in operating system functionality to compare the settings on the control system server to those defined in the Bandolier security audit file
  • Nessus provides a report that shows whether each setting matched what is in the Bandolier security audit file

Bandolier and Nessus Policy Compliance Process

For asset owners and operators, the audit files provide a way to verify that their systems are in an optimal, vendor-supported security configuration – both at the time of delivery to hold the vendors accountable and for ongoing, routine security auditing. In addition, the Bandolier reports provide valuable evidence for NERC CIP and other regulatory compliance requirements. Vendors like Telvent, AREVA, and OSIsoft are using Bandolier to help deliver hardened systems. They use Bandolier for acceptance testing and for routine security validation testing in the patch and update process.

Download Bandolier Security Audit Files

Watch the Bandolier Demonstration Video

Read the Bandolier FAQ

Learn How Bandolier is Different from Traditional Vulnerability Scanning

See Audit Check Documentation

Read More about Bandolier on the SCADApedia