Catalog of Control Systems Security: Recommendations for Standards Developers  [open pdf - 831KB]
"This catalog presents a compilation of practices that various industry bodies have recommended to increase the security of control systems from both physical and cyber attacks. The recommendations in this catalog are grouped into 19 families, or categories, that have similar emphasis. The recommendations within each family are displayed with a summary statement of the recommendation, supplemental guidance or clarification, and a requirement enhancements statement providing augmentation for the recommendation under special situations. This catalog is not limited for use by a specific industry sector. All sectors can use it to develop a framework needed to produce a sound cybersecurity program. The number of new and updated published Cyber Security Standards and guidelines has increased significantly this past year. An attempt has been made to reference and include the best practices introduced by these new and updated documents to interested users for consideration as input into individual industrial cybersecurity plans under development and review. This catalog should be viewed as a collection of guidelines and recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cybersecurity standards for control systems. The recommendations in this catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cybersecurity standards specific to their individual security needs. These recommendations are subservient to existing legal rules and regulations pertaining to specific industry sectors, and the user is urged to consult and follow those applicable regulations."
United States. Computer Emergency Readiness Team: http://www.us-cert.gov/