Skip to Main Content
Buried within critical infrastructure control system applications and the operating systems on which they run are hundreds of settings that affect security. It is often difficult for asset owners to identify and audit these settings on their control system servers and workstations. Bandolier, a Digital Bond research project funded by the U.S. Department of Energy, addresses this problem. Digital Bond works with vendors and asset owners to identify the optimal security configuration for popular control system applications, and these settings are compiled into security audit files for use in vulnerability scanning tools. Over twenty application components from ten unique vendors are involved in the project. This paper examines the process of extracting security configuration data from the control system applications, describes the function of a security audit file, and demonstrates how asset owners and application vendors are using Bandolier to help secure critical infrastructure across various sectors.