|
WelcomeThis site is a resource for users, vendors, and third parties in the process control industry who are concerned about information security in an increasingly networked world. Through the NIST initiative on Critical Infrastructure Protection (CIP), we are supporting the development and dissemination of standards for process control and SCADA security. We have established the Process Control Security Requirements Forum (PCSRF), a working group of over 700 members including vendors, system integrators, and end users of industrial control systems. Additional information on the PCSRF can be found here. The
PCSRF is applying the ISO 15408 Common
Criteria methodology to develop security requirements for industrial
process control systems. The first DRAFT of the
System Protection Profile for Industrial Control Systems (SPP-ICS),
which is designed to present a cohesive, cross-industry, baseline set
of security requirements for new industrial control systems, is available
for download and review. The SPP-ICS is designed to be an industry voice
to the industrial control system vendors and system integrators, defining
the security capabilities that are desired in new products and systems.
It is a consensus-based specification, not a NIST specification. There is no intent to suggest or imply that the Government will enforce the adaptation of these requirements. These
security requirements could be specified in procurement RFPs for new
industrial control systems. A SCADA and Control Systems Procurement Project, a joint effort among public and private sectors, is currently underway to develop a common procurement language that can be used by all sectors. Note: All information on this site other than the SPP-ICS document is password protected. Please visit the Join the PCSRF link to request a password. Contact
* No approval or endorsement of any commercial product by the National Institute of Standards and Technology is intended or implied. Certain commercial equipment, instruments, or materials are identified in this report in order to facilitate understanding. Such identification does not imply recommendation or endorsement by the National Institute of Standards and Technology, nor does it imply that the materials or equipment identified are necessarily the best available for the purpose. The National Institute of Standards and Technology is an agency of the U.S. Department of Commerce, located 25 miles north of Washington, D.C. in suburban Gaithersburg, Maryland. A map to NIST is available on-line.
|
|
isd-webmaster@cme.nist.gov
Last updated: October 12, 2006 |