NERC Security Guideline– Best Practice References v1.0 March 2013 The purpose of this guideline is to provide a comprehensive list of documentation and links to already established material related to cybersecurity best practices. This is a living document and it is intended that it will be updated on at least an annual basis. Suggestions for added topics, documents, or links can be sent to esisac@nerc.com for NERC CIPC committee review and approval. Topics Business Network Electronic Connectivity Business Continuity References • NIST Special Publication 800-47 - Interconnecting Information Technology Systems http://csrc.nist.gov/publications/nistpubs/800-47/sp800-47.pdf • NIST Special Publication 800-34, Revision 1 - Contingency Planning http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov112010.pdf • NIST Special Publication 800-84, Revision - Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf • Business Continuity Planning Guide http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf • Canadian Standards Association (CSA) – Z1600-08 - Emergency Management and Business Continuity Programs ($) http://shop.csa.ca/en/canada/injury-prevention/z1600-08/invt/27028572008/ • National Fire Protection Association (NFPA) 1600: Standard on Disaster / Emergency Management and Business Continuity Programs ($) http://www.nfpa.org/aboutthecodes/AboutTheCodes.asp?DocNum=1600 Cyber Security • NIST Special Publication 800-61, Revision 2 (Draft), January 2012 - Computer Security Incident Response Incident Handling Guide Planning (incident http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf reporting elements of this guideline to be • Developing an Industrial Control Systems Cybersecurity Incident Response Capability, combined with 2009 Threat and Incident http://www.usert.gov/control_systems/practices/documents/finalReporting Guideline) RP_ics_cybersecurity_incident_response_100609.pdf. • NIST Special Publication 800-86 - Guide to Integrating Forensic Techniques into Incident Response http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf Page 1 of 5 NERC Security Guideline– Best Practice References v1.0 March 2013 • DHS Cyber Threat Source Descriptions http://www.us-cert.gov/control_systems/csthreats.html • DHS Recommended Practice: Creating Cyber Forensics Plans for Control Systems http://www.us-cert.gov/control_systems/pdf/Forensics_RP.pdf • NIST Special Publication 800-83 - Guide to Malware Incident Prevention and Handling http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf • Handbook for Computer Security Incident Response Teams (CSIRTs) - Carnegie Mellon; http://www.sei.cmu.edu/library/abstracts/reports/03hb002.cfm • State of the Practice of Computer Security Incident Response Teams (CSIRTs) - Carnegie Mellon http://www.sei.cmu.edu/library/abstracts/reports/03tr001.cfm • NIST Special Publication 800-82 – Guide to Industrial Control Systems (ICS) Security http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-inal.pdf • NERC Security Guideline for the Electricity Sector: Threat and Incident Reporting http://www.nerc.com/files/Incident-Reporting.pdf • Department of Energy Electric Disturbance Events (OE-417) http://www.oe.netl.doe.gov/oe417.aspx • ICS-CERT TECHNICAL INFORMATION PAPER ICS-TIP-12-146-01—CYBER INTRUSION MITIGATION STRATEGIES http://www.us-cert.gov/control_systems/pdf/ICS-TIP-12-146-01.pdf Identity and Access Management • ISO/IEC 27002 - Information technology - Security techniques - Code of practice for information security management. • NIST Special Publication 800-63-1 Electronic Authentication Guideline http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf • Intrusion Detection US-CERT Control Systems Security Program (CSSP) - Authentication, Authorization, and Access Control For Direct and Remote Connectivity http://www.us-cert.gov/control_systems/csstandards.html#authen • DHS Report – Preventing and Defending Against Cyber Attacks – June 2011 http://www.dhs.gov/xlibrary/assets/preventing-and-defending-against-cyberattacks.pdf Page 2 of 5 NERC Security Guideline– Best Practice References v1.0 March 2013 • NIST Special Publication 800-94 Intrusion Detection Systems http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf • US-CERT Control Systems Security Program (CSSP) – Placement and Use of IDSs and IDPSs http://www.us-cert.gov/control_systems/csstandards.html#place IT Firewall • NIST Special Publication800-41 Rev 1 Guidelines on Firewalls and Firewall Policy http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf • Risk Management Risk Assessment US-CERT Control Systems Security Program (CSSP) – Establishing Network Segmentation, Firewalls, and DMZs http://www.us-cert.gov/control_systems/csstandards.html#estab • Electricity SubSector Cybersecurity Risk Management Process http://energy.gov/sites/prod/files/Cybersecurity%20Risk%20Management%20Process% 20Guideline%20-%20Final%20-%20May%202012.pdf • NIST Special Publication 800-39 - Managing Information Security Risk http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf • Public Safety Canada – Risk Management Guide for Critical Infrastructure Sectors http://www.nfpa.org/aboutthecodes/AboutTheCodes.asp?DocNum=1600 • NIST Special Publication 800-30, Revision 1 – Guide for Conducting Risk Assessments http://csrc.nist.gov/publications/drafts/800-30-rev1/SP800-30-Rev1-ipd.pdf • US-CERT Control Systems Security Program (CSSP) – Establishing and Conducting Asset, Vulnerability, and Risk Assessments http://www.us-cert.gov/control_systems/csstandards.html#conduct Patch Management • DHS Recommended Practice for Patch Management of Control Systems for Control Systems http://www.uscert.gov/control_systems/practices/documents/PatchManagementRecommendedPracti ce_Final.pdf • DHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-In-Depth Strategies http://www.uscert.gov/control_systems/practices/documents/Defense_in_Depth_Oct09.pdf Page 3 of 5 NERC Security Guideline– Best Practice References v1.0 March 2013 • NIST Special Publication 800-40, Revision 2 - Creating a Patch and Vulnerability Management Program http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf • IEEE Recommended Practice for Microprocessor-Based Protection Equipment Firmware Control C37.231-2006, IEEE http://standards.ieee.org/findstds/standard/C37.231-2006.html Securing Remote Access to Electronic Control and Protection Systems • NERC Guidance for Secure Interactive Remote Access http://www.nerc.com/fileUploads/File/Events%20Analysis/FINALGuidance_for_Secure_Interactive_Remote_Access.pdf • Industrial Control System Security NIST Special Publication 800-46, Revision 1 - Guide to Enterprise Telework and Remote Access Security http://csrc.nist.gov/publications/nistpubs/800-46-rev1/sp800-46r1.pdf • NIST Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf • NSA - A Framework for Assessing and Improving the Security Posture of Industrial Control Systems (ICS) http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/ics.shtml • IEEE 1686-2007: IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities Smart Grid • NISTR 7628 Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol1.pdf • NISTR 7628 Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol2.pdf • NISTR 7628 Guidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analysis and References http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol3.pdf Page 4 of 5 NERC Security Guideline– Best Practice References v1.0 March 2013 General • US-CERT Control Systems Security Program (CSSP) http://www.us-cert.gov/control_systems/csstandards.html Page 5 of 5
© Copyright 2024