COP_2023_V7_pages
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
automatically. Others are testing and verifying the security configurations of implemented systems and<br />
investigating incidences that can compromise system or network security.<br />
https://www.open-scap.org/features/standards/<br />
20. ANSI<br />
The ANSI (American National Standards Institute) framework contains standards, information, and technical<br />
reports which outline procedures for implementing and maintaining Industrial Automation and Control Systems<br />
(IACS). The framework applies to all organisations that implement or manage IACS systems. The framework<br />
consists of four categories as defined by ANSI. The first category contains foundational information like security<br />
models, terminologies, and concepts. The second category addresses the aspects involved in creating and<br />
maintaining IACS cyber security programs. The third and fourth categories outline requirements for secure system<br />
integration and security requirements for product development, respectively.<br />
https://www.ansi.org/<br />
21. NIST SP 800-12<br />
This framework provides an overview of control and computer security within an organisation. Also, NIST SP 800-12<br />
focuses on the different security controls an organisation can implement to achieve a strengthened cyber security<br />
defence. Although most of the control and security requirements were designed for federal and governmental<br />
agencies, they are highly applicable to private organisations seeking to enhance their cyber security programs. NIST<br />
SP 800-12 enables companies to maintain policies and programs for securing sensitive IT infrastructure and data.<br />
https://csrc.nist.gov/CSRC/media/Publications/sp/800-12/rev-1/draft/documents/sp800_12_r1_draft.pdf<br />
22. NIST SP 800-14<br />
NIST SP 800-14 is a unique publication that provides detailed descriptions of commonly used security principles.<br />
The publication enables organisations to understand all that needs to be included in cyber security policies. As a<br />
result, businesses ensure to develop holistic cyber security programs and policies covering essential data and<br />
systems. Besides, the publications outline specific measures which companies should use to strengthen already<br />
implemented security policies. In total, the NIST SP 800-14 framework describes eight security principles with a<br />
total of 14 cyber security practices.<br />
https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=890092<br />
23. NIST SP 800-26<br />
Whereas the NIST SP 800-14 framework discusses the various security principles used to secure information<br />
and IT assets, NIST SP 800-26 provides guidelines for managing IT security. Implementing security policies alone<br />
cannot enable a company to realise optimum cyber security since they require frequent assessments and<br />
evaluations. For example, the publication contains descriptions for conducting risk assessments and practices<br />
for managing identified risks. It is a highly useful framework that ensures organisations maintain effective cyber<br />
security policies. A combination of different NIST publications can ensure businesses maintain adequate cyber<br />
security programs.<br />
https://csrc.nist.gov/publications/detail/sp/800-26/archive/2001-11-01<br />
52 MASS UK Industry Conduct Principles and Code of Practice Version 7