Catalog of Control Systems Security: Recommendations for Standards Developers
Catalog of Control Systems Security: Recommendations for Standards Developers
Catalog of Control Systems Security: Recommendations for Standards Developers
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.5.12.4 References<br />
NIST SP 800-53r3 SA-12<br />
CAG CC-17<br />
NRC RG 5.71 App. C.12.2<br />
2.5.13 Trustworthiness<br />
2.5.13.1 Requirement<br />
The organization requires that the control system meet an organization-defined level <strong>of</strong><br />
trustworthiness.<br />
2.5.13.2 Supplemental Guidance<br />
The level <strong>of</strong> trustworthiness <strong>for</strong> organizational control systems is defined in terms <strong>of</strong> degree <strong>of</strong><br />
correctness <strong>for</strong> intended functionality and <strong>of</strong> degree <strong>of</strong> resilience to attack by explicitly identified levels <strong>of</strong><br />
adversary capability. In addition, but not as a replacement <strong>for</strong> this expression <strong>of</strong> degree <strong>of</strong> correctness and<br />
resilience, the level <strong>of</strong> trustworthiness may also be described in terms <strong>of</strong> levels <strong>of</strong> developmental<br />
assurance, that is, actions taken in the specification, design, development, implementation, and<br />
operation/maintenance <strong>of</strong> the control system that impact the degree <strong>of</strong> correctness and resilience achieved.<br />
Trustworthiness may be defined as different levels on the basis <strong>of</strong> component-by-component,<br />
subsystem-by-subsystem, function-by-function, or a combination <strong>of</strong> the above. However, typically<br />
functions, subsystems, and components are highly interrelated, making separation by trustworthiness<br />
perhaps problematic and, at a minimum, something that likely requires careful attention in order to<br />
achieve practically useful results.<br />
2.5.13.3 Requirement Enhancements<br />
The organization requires that s<strong>of</strong>tware developers employ s<strong>of</strong>tware quality and validation methods to<br />
minimize flawed or mal<strong>for</strong>med s<strong>of</strong>tware.<br />
2.5.13.4 References<br />
NIST SP 800-53r3 SA-13<br />
NRC RG 5.71 App. C.12.3<br />
2.5.14 Critical In<strong>for</strong>mation System Components<br />
2.5.14.1 Requirement<br />
The organization:<br />
1. Defines and documents all critical hardware and s<strong>of</strong>tware system components that are in service<br />
2. Upgrade existing limited legacy equipment with current or custom developed in<strong>for</strong>mation system<br />
components.<br />
2.5.14.2 Supplemental Guidance<br />
The assumption is that in<strong>for</strong>mation technology products defined by the organization cannot be trusted<br />
due to unacceptable threat potential from the supply chain. Examples would be legacy systems with no<br />
viable alternatives, or existing components that cannot be hardened or enhanced to the required level <strong>of</strong><br />
high security assurance. The organization can deploy custom developed or compensating controls to<br />
achieve high assurance security requirements.<br />
2.5.14.3 Requirement Enhancements<br />
The organization:<br />
1. Identifies in<strong>for</strong>mation system components <strong>for</strong> which alternative sourcing is not possible<br />
32