The “Catalog of Control Systems Security: Recommendations for Standards Developer, Revision 7” (CoR) from the Control Systems Security Program (CSSP) is now updated and ready to go.
This catalog combines fifteen established industrial control system security standards into one volume, guiding new and experienced owners and operators to view, compare, and evaluate existing security control elements against their particular operational requirements.
Two existing standards were added to the comparison crosswalk:
• The Consensus Audit Guideline for 20 Critical Controls and,
• NRC Regulatory Guide 5.71.
In addition, CSSP reviewed and updated two standards:
• API1164 Second Edition and,
• NERC CIPS 3.
A new feature of the updated CoR includes specific reference sections in five major standards for each control element in the catalog.
These five standards are: 1) NIST SP800-53r3; 2) Consensus Audit Guideline for 20 Critical Controls v2.3; 3) API 1164, Second Edition; 4) NERC CIPS revision 3; and 5) NRC Regulatory Guide 5.71, “Cyber Security Programs for Nuclear Facilities.”
The CoR also identifies and list standards, guidance, and certification documents that pertain to specific industrial critical infrastructure sectors for further user reference.
For information on the CoR, visit the CSSP website.