- Page 1 and 2: Catalog of Control Systems Security
- Page 3: ACKNOWLEDGMENT This document was de
- Page 8 and 9: 2.4.20 Power Equipment and Power Ca
- Page 10 and 11: 2.10.9 Non-Local (Remote) Maintenan
- Page 12 and 13: 2.17 Monitoring and Reviewing Contr
- Page 14 and 15: IT information technology Key crypt
- Page 16 and 17: Typically, legacy control systems d
- Page 18 and 19: Table 1. (continued). Catalog of Re
- Page 20 and 21: 2.2.1.2 Supplemental Guidance The s
- Page 22 and 23: 2.2.5.3 None Requirement Enhancemen
- Page 24 and 25: 2.3.2.4 References NIST SP 800-53r3
- Page 26 and 27: 2.3.6.2 Supplemental Guidance Acces
- Page 28 and 29: c. The roles, responsibilities, man
- Page 30 and 31: 2.4.3.4 References NIST SP 800-53r3
- Page 32 and 33: 2.4.7.4 References NIST SP 800-53r3
- Page 34 and 35: 2.4.12.2 Supplemental Guidance This
- Page 36 and 37: software) integrity checks, and dis
- Page 38 and 39: 2.4.20.2 Supplemental Guidance None
- Page 40 and 41: 2.5.3.3 Requirement Enhancements No
- Page 42 and 43: 2.5.6.4 References NIST SP 800-53r3
- Page 44 and 45: 2.5.10.3 Requirement Enhancements 1
- Page 46 and 47: 2.5.12.4 References NIST SP 800-53r
- Page 48 and 49: 2.6.1.4 References NIST SP 800-53r3
- Page 50 and 51: NRC RG 5.71 C.3.1.3, C.4.2, App. B.
- Page 52 and 53: 2.6.6.3 Requirement Enhancements 1.
- Page 54 and 55:
4. The organization disables networ
- Page 56 and 57:
2.6.11.4 References NIST SP 800-53r
- Page 58 and 59:
incident. The organization determin
- Page 60 and 61:
2.7.7 Investigation and Analysis 2.
- Page 62 and 63:
2.7.11.3 Requirement Enhancements T
- Page 64 and 65:
2.8.3 Security Function Isolation 2
- Page 66 and 67:
2.8.6.4 References NIST SP 800-53r3
- Page 68 and 69:
3. Failure of a cryptographic mecha
- Page 70 and 71:
validated by the Cryptographic Modu
- Page 72 and 73:
2.8.16.4 References NIST SP 800-53r
- Page 74 and 75:
NRC RG 5.71 App. 3.1.1, App. B.3.6,
- Page 76 and 77:
2.8.25 Thin Nodes 2.8.25.1 Requirem
- Page 78 and 79:
2.8.30.2 Supplemental Guidance Virt
- Page 80 and 81:
2.9 Information and Document Manage
- Page 82 and 83:
2.9.4.2 Supplemental Guidance A min
- Page 84 and 85:
2.9.8 Information and Document Dest
- Page 86 and 87:
3. The information system maintains
- Page 88 and 89:
2.10.3.4 References NIST SP 800-53r
- Page 90 and 91:
NRC RG 5.71 App. C.4.1 2.10.7 Maint
- Page 92 and 93:
4. The organization requires that r
- Page 94 and 95:
2.11.2.3 Requirement Enhancements 1
- Page 96 and 97:
2.11.6.2 Supplemental Guidance The
- Page 98 and 99:
2.12.3.3 Requirement Enhancements N
- Page 100 and 101:
3. Incorporates lessons learned fro
- Page 102 and 103:
malware infection effects. This ass
- Page 104 and 105:
2.12.13.2 Supplemental Guidance The
- Page 106 and 107:
of encryption for backup informatio
- Page 108 and 109:
2.13.1.2 Supplemental Guidance The
- Page 110 and 111:
on internal data structures within
- Page 112 and 113:
3. In situations where the ICS cann
- Page 114 and 115:
2.14.2.3 Requirement Enhancements 1
- Page 116 and 117:
2.14.4.2 Supplemental Guidance Cont
- Page 118 and 119:
API 1164r2 Annex B.5.1.1.5 NERC CIP
- Page 120 and 121:
API 1164r2 7.2.2.1, 7.3.7 NERC CIPS
- Page 122 and 123:
2.14.13 Predictable Failure Prevent
- Page 124 and 125:
API 1164r2 Annex A NERC CIPS CIP 00
- Page 126 and 127:
2.15.5.2 Supplemental Guidance Devi
- Page 128 and 129:
2.15.7.3 Requirement Enhancements 1
- Page 130 and 131:
2.15.10.2 Supplemental Guidance Use
- Page 132 and 133:
2.15.13.2 Supplemental Guidance The
- Page 134 and 135:
NRC RG 5.71 App. B.1.1, App. B.1.4
- Page 136 and 137:
2.15.18.4 References NIST SP 800-53
- Page 138 and 139:
API 1164r2 5.4 NRC RG 5.71 App. B.3
- Page 140 and 141:
2.15.25 Access Control for Mobile D
- Page 142 and 143:
1. The types of applications that c
- Page 144 and 145:
2.15.30 User-Based Collaboration an
- Page 146 and 147:
1. Determines, based on a risk asse
- Page 148 and 149:
CAG CC-6 NERC CIPS CIP 002-3 throug
- Page 150 and 151:
NERC CIPS CIP 007-3 D1.4 NRC RG 5.7
- Page 152 and 153:
system from installation through th
- Page 154 and 155:
NERC CIPS CIP 002-3 through CIP 009
- Page 156 and 157:
2.17.3.4 References NIST SP 800-53r
- Page 158 and 159:
4. In special situations, for examp
- Page 160 and 161:
2.18.3.4 References NIST SP 800-53r
- Page 162 and 163:
2.18.6.3 Requirement Enhancements N
- Page 164 and 165:
impacts to other organizations (e.g
- Page 166 and 167:
2.18.12 Identify, Classify, Priorit
- Page 168 and 169:
2.19.2.3 Requirement Enhancements N
- Page 170 and 171:
2.19.7 Enterprise Architecture 2.19
- Page 172 and 173:
availability). Inherent in defining
- Page 174 and 175:
4. GLOSSARY: DEFINITIONS OF TERMS T
- Page 176 and 177:
Term Definition Confidential Spoken
- Page 178 and 179:
Term Definition Facility A plant, b
- Page 180 and 181:
Term Definition Label In data proce
- Page 182 and 183:
Plan of Action and Milestones Term
- Page 184 and 185:
Role-based Access Control Term Defi
- Page 186 and 187:
Term Definition Software A set of p
- Page 188 and 189:
5. DOCUMENTS REFERENCED The followi
- Page 190 and 191:
Chemical: Chemical Information Tech
- Page 192 and 193:
Appendix A Cross Reference of Stand
- Page 194 and 195:
2.1.1 2.2.1 Security Policy and Pro
- Page 196 and 197:
2.5.8 2.5.9 2.5.10 2.5.11 2.5.12 Se
- Page 198 and 199:
2.8.9 Communication Confidentiality
- Page 200 and 201:
AGA12-1 AGA12-2 FIPS 140-2 API 1164
- Page 202 and 203:
2.13.7 2.14.1 Media Sanitization an
- Page 204 and 205:
2.15.27 2.15.28 2.15.29 2.15.30 2.1
- Page 206:
2.18.11 2.18.12 2.19.1 2.19.2 2.19.