NIST SP 800-82 Auditing Standard in CSET Tools
- CSET 5.0 checklist using NIST SP 800-82, ICS Security Auditing Framework, nist sp 800-82
In CSET Tools (Cyber Security Evaluation Tools – Developed by US Department of Homeland Security), NIST SP 800-82 Standard has 12 checklist in total. The following checklist for Industrial Control System (ICS) security assessment are:
- Planning/Policy/Procedures
- Administrative
- Configuration Management
- Audit & Accountability
- Development & Maintenance
- Physical & Environmental
- Access Control
- System & Information Integrity
- Network Architecture
- Communications
- Firewall
- Encryption
As the summary of each checklist, following is the description:
1. Planning/Policy/Procedures
- Corporate concern to ICS Cyber Security
- Management buy-in to security
- Corporate alignment to cover security concern as one of the critical aspect
- Written procedure/policy within the corporate to govern the security compliance
- Business continuity implementation
- Secure interface and deployment of IT into ICS
2. Administrative
- People awareness and knowledge development
- Plan and preparedness for disaster & emergency situation
- Third party security assurance
- System, software/hardware, license, people
- Security assessment and mitigation controls
3. Configuration Management
- Management of Change process
- Inventory tools used for ICS inventory management
- Access protection against ICS configuration information and software
4. Audit & Accountability
- Periodic independent security audit for compliance assessment
- Auditing and log management tools
- Network logs
5. Development & Maintenance
- ICS maintenance program
- ICS testing facilities
- Secure software update and implementation
- Services and ports review process
- Patch management
6. Physical & Environmental
- Single failure and redundancy
- Environmental control
- Electronic noise protection
- Power outage protection
- Cabling installation
7. Access Control
- Access management governance
- Local and remote
- Physical and logical
- Role-Based access control/least privilege
- Password management
- Usage policy, strength, confidentiality
- Web server secure access (ICS access by using web based platform services)
8. System & Information Integrity
- Data protection management on mobile devices (laptop, PDA, USB, Harddisk, DVD)
- DoS protection on ICS environment
- Antivirus and malware protection
- Data flow controls for system secure segregation
- Ports and connection secure management
- Real-time monitoring for network and system problem
9. Network Architecture
- Security perimeter ICS vs Business
- Network security monitoring
- Protection from unauthorized connection
- Secure ICS network design and implementation
- Prohibition of using dual NICs
- DMZ/IDS management for each domain
- The use of IDS/IPS
- Patch update and anvirus security server
10. Communications
- Secure data in communication
- Security checklist covering some ICS communication protocols
- HTTP/HTTPS
- FTP/TFTP/SFTP/SCP
- Modbus/TCP, Ethernet/IP, DNP3,
- SMTP, SNMP, DCOM
- MAC address locking and VLAN
11. Firewall
- Firewall rule set
- Firewall monitoring
- Communication delay due to firewall
- Firewall policy (username and password)
- Allow and block the traffic policy
12. Encryption
- Encryption being used
- Latency due to encryption
0 Comments