How should unauthorized changes to the baseline configuration be handled?

Handling unauthorized changes to the baseline configuration is crucial for maintaining the integrity and security of critical infrastructure systems. When there are changes that deviate from the established baseline configuration, it is essential to document and investigate these changes thoroughly. This process ensures that any potential security risks or vulnerabilities introduced by the unauthorized changes are identified and addressed.

Documenting the unauthorized changes provides a record that can be reviewed later, which is important for compliance with NERC CIP standards. Investigating the changes allows personnel to understand the nature of the alterations and evaluate their impact on the system. This proactive approach is necessary to mitigate risks, ensure the system's reliability, and maintain compliance with regulatory standards.

In contrast, ignoring the changes or implementing them without scrutiny can lead to security vulnerabilities, compliance failures, and potential operational disruptions. Requesting user feedback before acting may also delay necessary corrective actions and not provide the insight needed to address security concerns effectively. Such measures do not prioritize the critical assessment required to protect the infrastructure, making documentation and investigation the most prudent response.