NIST SP 800-82 Auditing Standard in CSET Tools

NIST SP 800-82 Auditing Standard in CSET Tools

NIST SP 800-82 Auditing Standard in CSET Tools

  • CSET 5.0 checklist using NIST SP 800-82, ICS Security Auditing Framework, nist sp 800-82

In CSET Tools (Cyber Security Evaluation Tools – Developed by US Department of Homeland Security), NIST SP 800-82 Standard has 12 checklist in total. The following checklist for Industrial Control System (ICS) security assessment are:

  • Planning/Policy/Procedures
  • Administrative
  • Configuration Management
  • Audit & Accountability
  • Development & Maintenance
  • Physical & Environmental
  • Access Control
  • System & Information Integrity
  • Network Architecture
  • Communications
  • Firewall
  • Encryption

As the summary of each checklist, following is the description:
1. žPlanning/Policy/Procedures

  • Corporate concern to ICS Cyber Security
  • Management buy-in to security
  • Corporate alignment to cover security concern as one of the critical aspect
  • Written procedure/policy within the corporate to govern the security compliance
  • Business continuity implementation
  • Secure interface and deployment of IT into ICS

2. žAdministrative

  • People awareness and knowledge development
  • Plan and preparedness for disaster & emergency situation
  • Third party security assurance
    • System, software/hardware, license, people
  • Security assessment and mitigation controls

3. žConfiguration Management

  • Management of Change process
  • Inventory tools used for ICS inventory management
  • Access protection against ICS configuration information and software

ž4. Audit & Accountability

  • Periodic independent security audit for compliance assessment
  • Auditing and log management tools
  • Network logs

5. žDevelopment & Maintenance

  • ICS maintenance program
  • ICS testing facilities
  • Secure software update and implementation
  • Services and ports review process
  • Patch management

6. žPhysical & Environmental

  • Single failure and redundancy
  • Environmental control
  • Electronic noise protection
  • Power outage protection
  • Cabling installation

7. žAccess Control

  • Access management governance
    • Local and remote
    • Physical and logical
  • Role-Based access control/least privilege
  • Password management
    • Usage policy, strength, confidentiality
  • Web server secure access (ICS access by using web based platform services)

ž8. System & Information Integrity

  • Data protection management on mobile devices (laptop, PDA, USB, Harddisk, DVD)
  • DoS protection on ICS environment
  • Antivirus and malware protection
  • Data flow controls for system secure segregation
  • Ports and connection secure management
  • Real-time monitoring for network and system problem

9. žNetwork Architecture

  • Security perimeter ICS vs Business
  • Network security monitoring
  • Protection from unauthorized connection
  • Secure ICS network design and implementation
    • Prohibition of using dual NICs
    • DMZ/IDS management for each domain
    • The use of IDS/IPS
  • Patch update and anvirus security server

10. žCommunications

  • Secure data in communication
  • Security checklist covering some ICS communication protocols
    • HTTP/HTTPS
    • FTP/TFTP/SFTP/SCP
    • Modbus/TCP, Ethernet/IP, DNP3,
    • SMTP, SNMP, DCOM
    • MAC address locking and VLAN

11. žFirewall

  • Firewall rule set
  • Firewall monitoring
  • Communication delay due to firewall
  • Firewall policy (username and password)
  • Allow and block the traffic policy

12. žEncryption

  • Encryption being used
  • Latency due to encryption

ž
ž
 

0 Comments

Leave Reply

Your email address will not be published. Required fields are marked *