Catalog of Control Systems Security: Recommendations for Standards Developers
Catalog of Control Systems Security: Recommendations for Standards Developers
Catalog of Control Systems Security: Recommendations for Standards Developers
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2.4.12.2 Supplemental Guidance<br />
This control may be satisfied by similar requirements fulfilled by another organizational entity other<br />
than the control system security program. Organizations should avoid duplicating actions already covered.<br />
2.4.12.3 Requirement Enhancements<br />
None<br />
2.4.12.4 References<br />
NIST SP 800-53r3 PE-14<br />
NRC RG 5.71 C.3.2<br />
2.4.13 Water Damage Protection<br />
2.4.13.1 Requirement<br />
The organization protects the control systems from damage resulting from water leakage by ensuring<br />
that master shut<strong>of</strong>f valves are accessible, working properly, and known to key personnel.<br />
2.4.13.2 Supplemental Guidance<br />
This control may be satisfied by similar requirements fulfilled by another organizational entity other<br />
than the control system security program. Organizations should avoid duplicating actions already covered.<br />
2.4.13.3 Requirement Enhancements<br />
The organization implements automated mechanisms to close shut<strong>of</strong>f valves and provide notification<br />
to key personnel in the event <strong>of</strong> a water leak within facilities containing control systems.<br />
2.4.13.4 References<br />
NIST SP 800-53r3 PE-15<br />
NRC RG 5.71 C.3.2, C.9<br />
2.4.14 Delivery and Removal<br />
2.4.14.1 Requirement<br />
The organization authorizes and limits the delivery and removal <strong>of</strong> control system components<br />
(i.e., hardware, firmware, s<strong>of</strong>tware) from control system facilities and maintains appropriate records and<br />
control <strong>of</strong> that equipment. The organization documents policies and procedures governing the delivery<br />
and removal <strong>of</strong> control system assets in the control system security plan.<br />
2.4.14.2 Supplemental Guidance<br />
The organization secures delivery areas and, if possible, isolates delivery areas from the control<br />
system to avoid unauthorized physical access.<br />
2.4.14.3 Requirement Enhancements<br />
None<br />
2.4.14.4 References<br />
NIST SP 800-53r3 PE-16<br />
20