The PMC Group LLC

Home

Services

Cybersecurity Workshops

Cybersecurity Resources

Infrastructure

IT and OT

Management and Business

Real Estate

Clients and Projects

About Us

Contact Us

Engineering a better tomorrow today

CONTROL SYSTEM CYBERSECURITY GUIDES AND CHECKLISTS

These Control System Risk Management Framework guides and checklists were developed for the DoD ESTCP 2017 R&D projects, but can be used by any organization with minor tailoring.

Facility-Related Control Systems Information Assurance Guide 12-2016 - this guide expands on the UFC and establishes the requirement for Subject Matter Experts, a Test and Development Environment with a list of free tools, a Design and Construction Sequence Table for new and modernization projects with FAT and SAT submittals, and contract language for RMF ATO package submittals (SSP, ISCP, SAR, POAM, EICP, EIRP, SAP).

Facility-Related Telecommunications and Networking Guide 12-2016 - this guide expounds on the DoD UFC and describes the internal and external Passive Optical Networks (PONs) components and design criteria for the Joint Information Environment (JIE).

Control Systems Master List 12-2016 - this Master List breaksdown the top-level control system name, sub-system name, preliminary recommended C-I-A impact value, and the information/data types for each CS.

Control Systems FAT and SAT Checklist 12-2016 - this checklist is based on the DHS ICS-CERT Control Systems Procurement guide for Factory Acceptance Testing (FAT) and Site Acceptance Testing (SAT) and is used in conjunction with the IA Guide Design and Construction Sequence Table.

Control Systems Penetration Testing Guide 12-2016 - this checklist is based on the EPRI Smart Grid Penetration Guide and SANS Penetration Testing Scope and Rules of Engagement and is used in conjunction with the IA Guide Design and Construction Sequence Table.

DTRA DoD ACI TTP Workshop
DTRA SAME Webinar

Contact Michael Chipley if you would like the Word and Excel versions of these guides and checklists

ARTICLES AND PRESENTATIONS

Design Guidance For Cybersecurity Of Facility-Related Control Systems

Your Building Control Systems Have Been Hacked. Now What?

Cybersecurity and Its Impact on Installation Energy Management

Cybersecuring Industrial Control Systems

DOCUMENTS

Department of Defense Instruction 8500.01, Cybersecurity, March 2014 (available online at www.dtic.mil)

Department of Defense Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), March 2014 (available online at www.dtic.mil)

Department of Defense Instruction 8140 Cyberspace Workforce Management (available online at http://www.wbdg.org/pdfs/dod_cyberworkforce.pdf)

Department of Defense Instruction 8530 Cybersecurity Activities Support to DoD Information Network Operations March 2016 (available online at http://www.wbdg.org/pdfs/DODI_853001_2016.pdf)

Department of Defense Industrial Control Systems Advanced Tactics, Techniques and Procedures Jan 2016 (available online at http://www.wbdg.org/pdfs/jbasics_aci_ttp_2016.pdf)

Department of Defense Handbook for Self-Assessing Security Vulnerabilities & Risks of Industrial Control Systems on DoD Installations (available online at

http://www.wbdg.org/pdfs/ics_handbook.pdf)

Federal Information Processing Standard 200 Minimum Security Requirements for Federal Information and Information Systems

Federal Information Processing Standard 201-2 Personal Identity Verification (PIV) of Federal Employees and Contractors

National Institute of Standards and Technology Special Publication 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems, February 2010

National Institute of Standards and Technology Special Publication 800-53 R4 Security and Privacy Controls for Federal Information Systems and Organizations 2013

National Institute of Standards and Technology Special Publication 800-82 R2 Guide to Industrial Control Systems (ICS) Security 2015

National Institute of Standards and Technology Special Publication SP 800-115 Technical Guide to Information Security Testing and Assessment 2008

Department of Veterans Affairs Mental Health Facilities Design Guide 2010

Department of Veterans Affairs Office of Information & Technology Design Guide 2011

Department of Veterans Affairs Telecommunications and Special Telecommunication Design Manual (TDM) 01-2016

Unified Facility Criteria Design 4-510-01 Military Medical Facilities 2014

UFC 3-410-01 Utility Monitoring And Control System (UMCS) Front End And Integration 2016 (DRAFT)

UFC 3-410-02 Direct Digital Control For HVAC And Other Building Control Systems 2016 (DRAFT)

UFGS 23 09 00 Instrumentation and Control for HVAC (available online at www.wbdg.org)

UFGS 23 09 23.01 LonWorks® Direct Digital Control for HVAC and Other Building Systems (available online at www.wbdg.org)

UFGS 23 09 23.02 BACnet Direct Digital Control for HVAC andOther Building Systems (available online at www.wbdg.org)Roles and Responsibilities

UFGS 25 10 10 Utility Monitoring And Control System (UMCS) Front End And Integration (available online at www.wbdg.org)

Government Accounting Office Report 15-6 Federal Facility Cybersecurity 2014

Building Industry Consulting Service International (BICSI) Telecommunications Distribution Methods Manual (TDMM)

National Fire Protection Association (NFPA) 101 Life Safety Code 2015

UL 639 Intrusion Detection Standard 2007

UL 60950-1 Information Technology Equipment - Safety - Part 1: General Requirements 2013

Building Industry Consulting Service International (BICSI) Telecommunications Distribution Methods Manual (TDMM)

National Fire Protection Association (NFPA) 101 Life Safety Code 2015

TIA-1179 Healthcare Facility Telecommunications Cabling 2010

TIA-942-A Telecommunications Infrastructure Standard For Data Centers 2014

TIA-569-D Commercial Building Standard For Telecommunications Pathways And Spaces 2015

TIA-758      Customer-Owned Outside Plant Telecommunications Infrastructure Standard 2012

TIA-606-B Administration Standard For Commercial Telecommunications Infrastructure 2012

TIA-568-C.2 Balanced Twisted-Pair Telecommunications Cabling And Components Standard 2009

TIA-1152 Requirements For Field Test Instruments 2009

TIA Tsb-155-A Guidelines For The Assessment And Mitigation Of Installed Category 6 Cabling To Support 10gbase-T 2010

TIA-568-C.4 Broadband Coaxial Cabling And Components Standard 2011

TIA-604-4-B Focis 4 - Fiber Optic Connector Intermateability Standard, Type Fc And Fc-Apc 2004

TIA-607-C Telecommunications Grounding (Earthing) And Bonding For Customer Premises 2015

TIA-568-C.2 Balanced Twisted-Pair Telecommunications Cabling And Components Standard Rev C 2009

TIA-568-C.3 Optical Fiber Cabling Components Standard Rev C 2008

TIA-568-C.4 Broadband Coaxial Cabling And Components Standard Rev C 2011

TIA-568.0-D Generic Telecommunications Cabling For Customer Premises 2015

TIA-568.1-D Commercial Building Telecommunications Cabling Standard 2015

TIA-862-B Building Automation Systems Cabling Standard 2016

UL 60950-1 Information Technology Equipment - Safety - Part 1: General Requirements 2013

Engineering a better tomorrow today

2019 The PMC Group LLC
Website Protection powered by SiteLock™