NERC Security Guideline– Best Practice References v1.0
March 2013
The purpose of this guideline is to provide a comprehensive list of documentation and links to already
established material related to cybersecurity best practices. This is a living document and it is intended
that it will be updated on at least an annual basis. Suggestions for added topics, documents, or links can
be sent to [email protected] for NERC CIPC committee review and approval.
Topics
Business Network
Electronic
Connectivity
Business Continuity
References
•
NIST Special Publication 800-47 - Interconnecting Information Technology Systems
http://csrc.nist.gov/publications/nistpubs/800-47/sp800-47.pdf
•
NIST Special Publication 800-34, Revision 1 - Contingency Planning
http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov112010.pdf
•
NIST Special Publication 800-84, Revision - Guide to Test, Training, and Exercise
Programs for IT Plans and Capabilities
http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf
•
Business Continuity Planning Guide
http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf
•
Canadian Standards Association (CSA) – Z1600-08 - Emergency Management and
Business Continuity Programs ($)
http://shop.csa.ca/en/canada/injury-prevention/z1600-08/invt/27028572008/
•
National Fire Protection Association (NFPA) 1600: Standard on Disaster / Emergency
Management and Business Continuity Programs ($)
http://www.nfpa.org/aboutthecodes/AboutTheCodes.asp?DocNum=1600
Cyber Security
• NIST Special Publication 800-61, Revision 2 (Draft), January 2012 - Computer Security
Incident Response
Incident Handling Guide
Planning (incident
http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf
reporting elements of
this guideline to be
• Developing an Industrial Control Systems Cybersecurity Incident Response Capability,
combined with
2009
Threat and Incident
http://www.usert.gov/control_systems/practices/documents/finalReporting Guideline)
RP_ics_cybersecurity_incident_response_100609.pdf.
• NIST Special Publication 800-86 - Guide to Integrating Forensic Techniques into Incident
Response
http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf
Page 1 of 5
NERC Security Guideline– Best Practice References v1.0
March 2013
• DHS Cyber Threat Source Descriptions
http://www.us-cert.gov/control_systems/csthreats.html
• DHS Recommended Practice: Creating Cyber Forensics Plans for Control Systems
http://www.us-cert.gov/control_systems/pdf/Forensics_RP.pdf
• NIST Special Publication 800-83 - Guide to Malware Incident Prevention and Handling
http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf
• Handbook for Computer Security Incident Response Teams (CSIRTs) - Carnegie Mellon;
http://www.sei.cmu.edu/library/abstracts/reports/03hb002.cfm
• State of the Practice of Computer Security Incident Response Teams
(CSIRTs) - Carnegie Mellon
http://www.sei.cmu.edu/library/abstracts/reports/03tr001.cfm
• NIST Special Publication 800-82 – Guide to Industrial Control Systems (ICS) Security
http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-inal.pdf
• NERC Security Guideline for the Electricity Sector: Threat and Incident Reporting
http://www.nerc.com/files/Incident-Reporting.pdf
• Department of Energy Electric Disturbance Events (OE-417)
http://www.oe.netl.doe.gov/oe417.aspx
• ICS-CERT TECHNICAL INFORMATION PAPER
ICS-TIP-12-146-01—CYBER INTRUSION MITIGATION STRATEGIES
http://www.us-cert.gov/control_systems/pdf/ICS-TIP-12-146-01.pdf
Identity and Access
Management
• ISO/IEC 27002 - Information technology - Security techniques - Code of practice for
information security management.
• NIST Special Publication 800-63-1 Electronic Authentication Guideline
http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf
•
Intrusion Detection
US-CERT Control Systems Security Program (CSSP) - Authentication, Authorization, and
Access Control For Direct and Remote Connectivity
http://www.us-cert.gov/control_systems/csstandards.html#authen
• DHS Report – Preventing and Defending Against Cyber Attacks – June 2011
http://www.dhs.gov/xlibrary/assets/preventing-and-defending-against-cyberattacks.pdf
Page 2 of 5
NERC Security Guideline– Best Practice References v1.0
March 2013
• NIST Special Publication 800-94 Intrusion Detection Systems
http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
•
US-CERT Control Systems Security Program (CSSP) – Placement and Use of IDSs and
IDPSs
http://www.us-cert.gov/control_systems/csstandards.html#place
IT Firewall
• NIST Special Publication800-41 Rev 1 Guidelines on Firewalls and Firewall Policy
http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf
•
Risk Management
Risk Assessment
US-CERT Control Systems Security Program (CSSP) – Establishing Network
Segmentation, Firewalls, and DMZs
http://www.us-cert.gov/control_systems/csstandards.html#estab
• Electricity SubSector Cybersecurity Risk Management Process
http://energy.gov/sites/prod/files/Cybersecurity%20Risk%20Management%20Process%
20Guideline%20-%20Final%20-%20May%202012.pdf
•
NIST Special Publication 800-39 - Managing Information Security Risk
http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
•
Public Safety Canada – Risk Management Guide for Critical Infrastructure Sectors
http://www.nfpa.org/aboutthecodes/AboutTheCodes.asp?DocNum=1600
•
NIST Special Publication 800-30, Revision 1 – Guide for Conducting Risk Assessments
http://csrc.nist.gov/publications/drafts/800-30-rev1/SP800-30-Rev1-ipd.pdf
•
US-CERT Control Systems Security Program (CSSP) – Establishing and Conducting Asset,
Vulnerability, and Risk Assessments
http://www.us-cert.gov/control_systems/csstandards.html#conduct
Patch Management • DHS Recommended Practice for Patch Management of Control Systems
for Control Systems
http://www.uscert.gov/control_systems/practices/documents/PatchManagementRecommendedPracti
ce_Final.pdf
• DHS Recommended Practice: Improving Industrial Control System Cybersecurity with
Defense-In-Depth Strategies
http://www.uscert.gov/control_systems/practices/documents/Defense_in_Depth_Oct09.pdf
Page 3 of 5
NERC Security Guideline– Best Practice References v1.0
March 2013
•
NIST Special Publication 800-40, Revision 2 - Creating a Patch and Vulnerability
Management Program
http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf
• IEEE Recommended Practice for Microprocessor-Based Protection Equipment Firmware
Control C37.231-2006, IEEE
http://standards.ieee.org/findstds/standard/C37.231-2006.html
Securing Remote
Access to Electronic
Control and
Protection Systems
• NERC Guidance for Secure Interactive Remote Access
http://www.nerc.com/fileUploads/File/Events%20Analysis/FINALGuidance_for_Secure_Interactive_Remote_Access.pdf
•
Industrial Control
System Security
NIST Special Publication 800-46, Revision 1 - Guide to Enterprise Telework and Remote
Access Security
http://csrc.nist.gov/publications/nistpubs/800-46-rev1/sp800-46r1.pdf
• NIST Special Publication 800-82 Guide to Industrial Control Systems (ICS)
Security http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf
• NSA - A Framework for Assessing and Improving the Security Posture of Industrial
Control Systems (ICS)
http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/ics.shtml
• IEEE 1686-2007: IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber
Security Capabilities
Smart Grid
• NISTR 7628 Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture,
and High-Level Requirements
http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol1.pdf
• NISTR 7628 Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid
http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol2.pdf
• NISTR 7628 Guidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analysis and References
http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol3.pdf
Page 4 of 5
NERC Security Guideline– Best Practice References v1.0
March 2013
General
•
US-CERT Control Systems Security Program (CSSP)
http://www.us-cert.gov/control_systems/csstandards.html
Page 5 of 5