Department of Homeland Security: Cyber Security Procurement Language for Control Systems [open pdf - 732KB]
"The U.S. Department of Homeland Security Control Systems Security Program, Idaho National Laboratory, Chief Information Security Officer of New York State, and the SANS Institute have established an initiative to bring public and private sector entities together to improve the security of control systems. The goal is for private and public asset owners and regulators to come together and adopt procurement language that will help ensure security integration in control systems. The Cyber Security Procurement Language for Control Systems effort was established in March 2006. The results of this endeavor represent the joint effort of the public and private sectors focused on the development of common procurement language for use by all control systems stakeholders. The goal is for federal, state, and local asset owners and regulators to obtain a common control systems security understanding; using these procurement guidelines will help foster this understanding and lead to integration of security into control systems. The Cyber Security Procurement Language Project Workgroup comprises 242 public and private sector entities from around the world representing asset owners, operators, and regulators. In addition, over 20 vendors participate in a working group to assist in reviewing and producing the procurement language. […] This document provides information and specific examples of procurement language text to assist the control systems community, both owners and integrators, in establishing sufficient control systems security controls within contract relationships to ensure an acceptable level of risk."
United States- Computer Emergency Readiness Team (US- CERT): http://www.us-cert.gov/