Resources, Tools, and Publications

This section is the collection of key NIST publications, resources related to control systems, and tools that can used in the Test and Development and Production Environments for Continuous Monitoring and Auditing.

Product List by Product and Date Posted
Product Date Posted

DHS Interagency Security Committee Securing Government Assets through Combined Traditional Security and Information Technology White Paper

Guidance

To address physical security, today's security professional uses protection in depth through layered security as one of many tools to mitigate risks. Most often, security professionals procure and employ IT assets and infrastructure to obtain protection in depth for tangible and intangible assets for which the security organization is responsible. The layered security approach may include Video Monitoring Systems (VMS) (formerly known as Closed-Circuit Video Equipment [CCVE] or video systems), intrusion detection systems (IDS) and electronic physical access control systems (PACS) either as stand-alone or an integrated environment to accomplish the tasks of deterrence, detection, delay, and response, and to serve as a force multiplier for security staff assigned to achieve those and other tasks.

Jun 2015

DHS ICS-CERT Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies

Guidance

This recommended practice document provides guidance for developing mitigation strategies for specific cyber threats and direction on how to create a Defense-in-Depth security program for control system environments. The document presents this information in four parts: 1) “Background and Overview” outlines the current state of ICS cybersecurity and provides an overview of what defense in depth means in a control system context; 2) “ICS Defense-in-Depth Strategies” provides strategies for securing control system environments; 3) “Security Attacks” outlines how threat actors could carry out attacks against critical infrastructures and the potential impact to ICSs and networks; and 4)“Recommendations for Securing ICS” provides resources for securing ICSs based on the current state-of-the-art methods and lessons learned from ICS-CERT activities, national and sector-specific standards for ICS security, and tools and services available through ICS-CERT and others that can be used to improve the security posture of ICS environments.

Jun 2018

DoD CIO RMF Knowledge Service Portal EIE PIT Control Systems (requires CAC)

Guidance

Establishes the policy and step-by-step guidance to create a RMF package for FRCS -  Site Overview.

Jun 2018

DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting

This is the DFARS Contract clause an investigator should look for in their contract/subcontract. If the ESTCP contract does not include this clause, contact the ESTCP office so a modification can be issued.

Jun 2018

DFARS Guidance to Stakeholders for Implementing Defense Federal Acquisition Regulation Supplement

Guidance

This guidance is intended for stakeholders charged with protection of unclassified controlled technical information (CTI) resident on or transiting through contractor information system(s) covered by DFARS 252-204-7012 (Safeguarding Unclassified Controlled Technical Information). CTI is technical information with military or space application that is subject to controls on its access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. This guide will assist stakeholders in carrying out their responsibilities should a defense contractor report a compromise on a contract that contains unclassified CTI.

Jun 2015

DoD Advanced Cyber Industrial Control System Tactics, Techniques, and Procedures (ACI TTP)

Guidance

Establishes the requirement for a Jump-Kit Rescue CD with the Fully Mission Capable Baseline configurations, how to Detect, Mitigate and Recover a FRCS that has been attacked/compromised.

Mar 2018

DISA Enclave Test and Development Security Technical Implementation Guide (STIG)

Guidance

This STIG is used to properly configure the hardware and software of the Test and Development Environment. The CIO community will typically provision the TDE (the traditional IT front end telecommunications, networking, firewalls, servers, workstations, laptops, etc.) Designers and System Integrators should be aware of what security controls are provided by the TDE.

Jun 2018

DISA Enclave Security Technical Implementation Guide (STIG)

Guidance

This STIG is used to properly configure the hardware and software of the Enclave environment. The CIO community will typically provision the Platform Enclave (the traditional IT front end telecommunications, networking, firewalls, servers, workstations, laptops, etc.). Designers and System Integrators should be aware of what security controls are provided by the Enclave.

Jun 2018

DISA Cloud Computing Security Requirement Guide

Guidance

This Cloud Computing SRG outlines the security model by which DoD will leverage cloud computing along with the security controls and requirements necessary for using cloud-based solutions. Facilities data is categorized as Level 4 Controlled Unclassified Information and has additional security controls to the CNSII baseline. Facility-Related Control Systems data will move from being locally hosted to being hosted in a DISA Defense Enterprise Computing Center (DECC) or FedRAMP Cloud Service Provider (CSP). Designers and System Integrators should be aware of what security controls are required. 

May 2018

DHS ICS-CERT, FBI and NSA Seven Steps to Effectively Defend Industrial Control Systems

Guidance

Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it’s not a matter of if an intrusion will take place, but when. In Fiscal Year (FY) 2015, 295 incidents were reported to ICS-CERT, and many more went unreported or undetected. The capabilities of our adversaries have been demonstrated and cyber incidents are increasing in frequency and complexity. Simply building a network with a hardened perimeter is no longer adequate. Securing ICSs against the modern threat requires well-planned and well-implemented strategies that will provide network defense teams a chance to quickly and effectively detect, counter, and expel an adversary. This paper presents seven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems.

May 2016

CNSSI 4009 Committee on National Security Systems (CNSS) Glossary

Guidance

This instruction applies to all U.S. Government Departments, Agencies, Bureaus and Offices; supporting contractors and agents; that collect, generate process, store, display, transmit or receive classified or controlled unclassified information or that operate, use, or connect to National Security Systems (NSS), as defined herein.

May 2015

CNSSI 1253 Security Categorization And Control Selection For National Security Systems

Guidance

Provides all Federal Government departments, agencies, bureaus, and offices with guidance on the first two steps of the Risk Management Framework (RMF), Categorize and Select, for national security systems (NSS). This Instruction builds on and is a companion document to National Institute of Standards and Technology (NIST) Special Publication (SP), 800-53, Security and Privacy Controls for Federal Information Systems and Organizations; therefore, it is formatted to align with that document’s section numbering scheme. This Instruction should be used by information systems security engineers, authorizing officials, senior information security officers, and others to select and agree upon appropriate protections for an NSS.

May 2014
Share