Security Profile for Advanced Metering Infrastructure - Open Smart ...
Security Profile for Advanced Metering Infrastructure - Open Smart ...
Security Profile for Advanced Metering Infrastructure - Open Smart ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
DHS-2.8.4.2 Supplemental Guidance:<br />
Control of in<strong>for</strong>mation system remnants, sometimes referred to as object reuse, or data<br />
remnants, must prevent in<strong>for</strong>mation, including cryptographically protected<br />
representations of in<strong>for</strong>mation previously produced by the AMI system, from being<br />
available to any current user/role/process that obtains access to a shared system resource<br />
(e.g., registers, main memory, secondary storage) after that resource has been released<br />
back to the in<strong>for</strong>mation system. Such in<strong>for</strong>mation must be cleared be<strong>for</strong>e freeing the<br />
resource <strong>for</strong> other use.<br />
DHS-2.8.4.3 Requirement Enhancements:<br />
None.<br />
DHS-2.8.4.4 Rationale:<br />
The purpose of this control is to ensure that in<strong>for</strong>mation that requires a given privilege<br />
level <strong>for</strong> access is not exposed to individuals or processes with a lower privilege level.<br />
Implementing this control provides assurance that in<strong>for</strong>mation security requirements are<br />
being met. DHS-2.8.5 Denial-of-Service Protection<br />
DHS-2.8.5/ NIST SP 800-53 SC-5 Denial-of-Service Protection<br />
DHS-2.8.5.1 Requirement:<br />
AMI components shall protect against or limit the effects of denial-of-service attacks.<br />
DHS-2.8.5.2 Supplemental Guidance:<br />
A variety of technologies exist to limit, or in some cases, eliminate the effects of denialof-service<br />
attacks. For example, network perimeter devices can filter certain types of<br />
packets to protect devices on an organization’s internal network from being directly<br />
affected by denial-of-service attacks.<br />
DHS-2.8.5.3 Requirement Enhancements:<br />
1. The AMI system must restrict the ability of internal or external users to launch<br />
denial-of-service attacks against other AMI components or networks.<br />
2. The AMI system must manage excess capacity, bandwidth, or other redundancy<br />
to limit the effects of in<strong>for</strong>mation flooding types of denial-of-service attacks.<br />
3. Wireless assets and networks are also vulnerable to radio-frequency jamming and<br />
steps must be taken and personnel trained to address tracking and resolution of<br />
such issues. This may include radio-frequency direction finding and other such<br />
technologies.<br />
<strong>Security</strong> <strong>Profile</strong> <strong>for</strong> <strong>Advanced</strong> <strong>Metering</strong> <strong>Infrastructure</strong> Version 1.0<br />
UtiliSec Working Group (UCAIug) December 10, 2009<br />
27