System and information integrity
This section describes Itron’s policy for managing the risks to the Itron Azure environment from system flaws/vulnerabilities, malicious code, unauthorized code changes, and inadequate error handling. This policy applies to all staff, contracts, or third-party owners, operators, and users who access or use the Itron Azure environment and the outcomes it hosts. This policy applies to all Itron Azure environment production assets including all software, applications, services, data, and infrastructure.
The infrastructure team, developer teams, and users of the Itron Azure environment are responsible for ensuring they adhere to procedures and controls that demonstrate compliance with this policy. Teams are responsible for assigning resources necessary to achieve compliance. Itron management commits to actively supporting the teams with complying with this policy by ensuring the policy is reviewed and approved, responsibilities are defined, and resources and budget are available. Any Itron employee being in scope found to have violated this policy may be subject to disciplinary action. The severity of the incident shall govern the severity of the action taken (from a verbal warning up to termination).
Policy
This policy is based on the NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Rev 4 System and Information Integrity (SI) control family guidelines.
System and information integrity procedures
Itron adheres to formal, documented system and information integrity procedures for the Itron Azure environment that facilitate the implementation of the system and information integrity policy and associated system and information integrity controls. The system and information integrity procedures document addresses scope, roles, responsibilities and the system and information integrity processes and procedures necessary to ensure Itron implements best practices with regard to system configuration, security, and error handling for the Itron Azure environment, the outcomes, and services it hosts.
Security flaw remediation
Security flaws in the Itron Azure environment and the outcomes it hosts are identified, reported to designated organizational personnel, and corrected. Announced security flaws and potential vulnerabilities in third-party applications and services used by the Itron Azure environment and the outcomes it hosts are reported by the owning team to designated organizational personnel and corrected. Updates related to flaw remediation are tested for effectiveness and potential side effects before installation. The degree and type of testing done are appropriate for the specific flaw remediation activity. Critical security-relevant updates (for example, patches, hotfixes, and anti-virus signatures) are installed as quickly and securely as possible with a goal of fixing the issue within 30 days of its discovery. Flaw remediation is incorporated into the Itron Azure environment configuration management procedures, to track and verify remediation actions.
Malicious code protection
Malicious code protection mechanisms (for example, anti-malware applications) are deployed at Itron Azure environment entry and exit points and on Itron Azure environment hosted VMs to detect and eradicate malicious code. Malicious code protection mechanisms are updated whenever new releases are available, in accordance with the Itron Azure environment configuration management policy and procedures. Malicious code protection mechanisms are configured to perform regular scans or real-time scans, to block or quarantine malicious code, and to send an alert to appropriate personnel if any malicious code is detected.
Information system monitoring
The Itron Azure environment is monitored to detect attacks and indicators of potential attacks. The Itron Azure environment is monitored to detect unauthorized access to its assets. Any detection of attack or unauthorized access is immediately reported to the infrastructure team and Itron Security.
Security alerts, advisories, and directives
Security alerts, advisories, and directives are received on an on-going basis from the Itron Azure environment’s cloud service provider and the Itron Azure environment's firewall vendors. Any security alerts, advisories, and directives received are reviewed by designated organizational personnel and implemented as quickly and securely as possible to remediate the security flaws, with a recommended maximum of 30 days.
Software and information integrity
Software integrity is verified via configuration management, auditing procedures, and employed tools to be able to detect unauthorized changes to the Itron Azure environment and its assets.
Information input validation
The validity of input information is checked to prevent cross-site scripting and injection attacks.
Error handling
Error messages generated by Itron Azure environment assets provide the information necessary for corrective actions without revealing sensitive information, or information that could be exploited by an adversary. Error messages are only revealed to authorized personnel.
Predictable failure prevention
Itron Azure environment system components that provide security capability are deployed in pairs to provide redundancy. Transfers of responsibility between, or substitution of, paired components does result in a compromise of security.
Procedure
All Itron Azure environment environments and assets are subject to the Itron Azure environment system and information integrity policy, and the system and information integrity procedures documented here.
Security flaw remediation
Itron artifacts. The security flaw remediation process described in the Itron Azure environment Security Architecture document ensures that all third-party components are updated regularly, and any security vulnerabilities are patched if necessary. Security flaws and potential vulnerabilities identified during security assessments and risk assessment activities are remediated as described in the security assessment and authorization procedures and risk assessment procedures. Security flaws identified during security incident response activities are remediated as described in the security incident response procedures.
Third-party artifacts. The infrastructure team and developer teams are responsible for the application of security-relevant updates (for example patches, service packs, and hotfixes) for the Itron Azure environment-hosted third-party applications and services that their team is responsible for. This includes applying updates to (not a complete list):
-
Infrastructure team
-
Web application firewalls (WAF)
-
Network virtual appliance firewalls
-
Kubernetes
-
Operational tooling (for example, applications used for logging, alerting, or tracing)
-
VM operating systems on all team-owned VMs
-
Team-owned Azure services that are not automatically updated by Microsoft
-
Any other team-owned third-party applications and services
-
-
Developer teams:
-
Operating systems on all team-owned VMs/Docker containers
-
Team-owned Azure services that are not automatically updated by Microsoft
-
Any other team-owned third-party applications and services
-
Teams describe their strategies for ensuring that the third-party artifacts they are responsible for are up to date with security-relevant updates in their Security Architecture documentation. The strategies described include the processes followed, frequencies of recurring activities, roles, and responsibilities. Where security-relevant updates are to be applied manually, teams document the work required to deploy and appropriately test the update in an ADS Work Item. Where security-relevant updates are applied automatically an ADS Work Item is not required. The Itron Azure environment configuration management process is used to track and prioritize the ADS Work Items. Prioritization is based on risk assessment. Procedures defined in Itron Azure environment configuration management procedures safeguard against insecure code within Itron developed software being released into Itron Azure environment environments. Scanning tools are run against code within Itron-developed software to prevent insecure code from being deployed to Itron Azure environment production instances.
Malicious code protection
Malicious code includes, for example, spyware, viruses, worms, and Trojan horses. Malicious code insertions occur through the exploitation of information system vulnerabilities.
-
Firewalls. The Itron Azure environment uses reputation-based WAFs and Network Virtual Appliance Firewalls at the entry and exit points to prevent malicious code from entering the Itron Azure environment. The firewalls are maintained by the infrastructure team.
-
Endpoint protection agents. Microsoft Antimalware for Azure Cloud Services and Virtual Machines are used for real-time protection to identify and remove viruses, spyware, and other malicious software. Microsoft Antimalware extension on the Itron Azure environment Windows VMs is enabled by default and checked by Azure Policy. This ensures that alerts triggered by Microsoft Antimalware are surfaced in Azure Security Center. The infrastructure team monitors Azure Security Center for reports of Antimalware protection issues and events. When an antimalware event occurs, it is reported to Itron Security for analysis. The Itron Azure environment security incident response procedures are followed as required.
-
Insecure code. Itron Azure environment configuration management procedures safeguard against insecure code within Itron developed software being released into Itron Azure environment environments.
Information system monitoring
Access to the Itron Azure environment is controlled as described in access control, identification, and authorization procedures. Auditing of access to the Itron Azure environment is controlled as described in audit and accountability procedures. The infrastructure team reports any detection of unauthorized access to Itron Security. Itron Security reports any detection of unauthorized access to the infrastructure team.
WAF and Network Virtual Appliance Firewall logs are transferred to a centralized audit log storage on a secure channel which is constantly reviewed by Itron Security. Audit log storage is described in the audit and accountability procedures.
Advanced detections available in Azure Security Center Standard Tier are leveraged to provide security event monitoring, threat detection, and intrusion detection capabilities for the Itron Azure environment. Advanced detection mechanisms available in the WAF and Network Virtual Appliance firewalls are also leveraged to provide security event monitoring, threat detection, and intrusion detection capabilities for the Itron Azure environment. The infrastructure team is responsible for the configuration, management, and use of Azure Security Center for the Itron Azure environment Azure subscriptions. Itron Security performs additional continuous monitoring of the security status of Itron Azure environment deployments as described in the audit and accountability procedures. The infrastructure team reports any detection of a realized threat or intrusion to Itron Security and the Itron Azure environment security incident response procedures are followed. Itron Security reports any detection of a realized threat or intrusion to the infrastructure team and the Itron Azure environment security incident response procedures are followed. Windows Defender Advanced Threat Protection with Azure Security Center is used on all Itron Azure environment Windows Servers. Log Analytics Agent is installed by default on all Itron Azure environment Windows and Linux VMs. Azure Policy ensures that the agents are always installed during VM provisioning.
File integrity monitoring
Azure Security Center’s File Integrity Monitoring is used to validate the integrity of Windows files, Windows registries, and Linux files within VMs hosted in the Itron Azure environment. Azure Security Center sends an alert to Itron Security if the file integrity on a VM is compromised.
Information input validation
The developer teams are responsible for prescreening and validating inputs to their services to prevent the insertion of malicious commands, and to prevent cross-site scripting and injection attacks. Teams describe how they check the syntax and semantics of input information, against a defined acceptable format and content, in their team’s Security Architecture documentation. Code scan results provide validation.
Error handling
The infrastructure team and developer teams are responsible for ensuring that error messages generated by their Itron Azure environment hosted artifacts do not expose any Personally Identifiable Information or confidential information. Access to error messages is captured in audit logs and described in audit and accountability procedures. At this time, DI applications do not transmit any data considered Personally Identifiable Information.