IC Home > Book References > CIP Book > Chapter 8

This web page is dedicated to the Second Edition of "Critical Infrastructure: Homeland Security and Emergency Preparedness", authored by Bob Radvanovsky and Allan McDougall.

Information contained within this web page offer references that are web-based in nature, as a measure of preserving the information contained within this book. The reason for doing this will ensure that references aren't lost, and can be quickly, and easily, retrieved for those requiring further information.

References are broken down based on each chapter contained within the book. This web page is dedicated to Chapter 8: Standards and Guidelines.

Chapter 8: Standards and Guidelines. This chapter outlines relevant standards, guidelines, and protocols from various agencies, associations, and councils such as the National Fire Prevention Association (NFPA) and how they might apply to critical infrastructure. It also outlines two new standards from the NFPA that are established for on-site premise security, mostly applying to electrical wiring for security systems closed-circuit television cameras, perimeter control systems, etc.

All links referenced are stored in a single file in Adobe Acrobat's PDF format.

  • (Revised) Implementation Plan for Cyber Security Standards CIP-002-1 through CIP-009-1, North American Electric Reliability Council [ch8ref1]
  • A Comparison of Oil and Gas Segment Cyber Security Standards, Control Systems Security and Test Center, U.S. Department of Homeland Security, INEEL/EXT-04-02462, Revision 0 [ch8ref2]
  • Visualization and Controls Program Peer Review 2006, AGA 12 Cryptographic Security Analysis, National SCADA Test Bed, U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability [ch8ref3]
  • AGA 12, Part 2 Performance Test Plan, National SCADA Test Bed, U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability, November 2006 [ch8ref4]
  • A Summary of Control System Security Standards Activities in the Energy Sector, National SCADA Test Bed, U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability, October 2005 [ch8ref5]
  • www.cidx.org [ch8ref6]
  • www.cidx.org/Default.aspx?tabid=855 [ch8ref7]
  • The NIST Process Control Security Requirements Forum (PCSRF) and the Future of Industrial Control System Security, National Institute of Standards and Technology, May 2004 [ch8ref8]
  • Process Control Security Requirements Forum Security Profile Specification (SPS), NIST, August 26, 2002 [ch8ref9]
  • Recommended Security Controls for Federal Information Systems, NIST Special Publication 800-53, Revision 2, National Institute of Standards and Technology, December 2007 [ch8ref10]
  • Guide to Industrial Control Systems (ICS) Security, Final Public Draft, NIST Special Publication 800-82, National Institute of Standards and Technology, September 2008 [ch8ref11]
  • U.S. General Accounting Office, Hazardous Materials Training: DOT and Private Sector Initiatives Generally Complement Each Other, GAO/RCED-00-190 (Washington, D.C., July 2000) [ch8ref12]
  • U.S. General Accounting Office, Rail Safety and Security: Some Actions Already Taken to Enhance Rail Security, but Risk-Based Plan Needed, GAO-03-435 (Washington, D.C., April 2003) [ch8ref13]
  • NIST [Docket No.: 080506635–8697–01] Announcing Approval of the Withdrawal of Ten Federal Information Processing Standards (FIPS) organizations, and Federal, State, and local government organizations; Federal Register/Vol. 73, No. 170/Tuesday, September 2, 2008/Notices; Federal Register (73 FR 51276) [ch8ref14]
  • www.itl.nist.gov/fipspubs/withdraw.htm [ch8ref15]
  • Federal Information Processing Standards Publication 113, May 30, 1985, standard Computer Data Authentication, NIST FIPS 113 [ch8ref16]
  • Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher (Revised 19 May 2008); Information Security, Computer Security Division, Information Technology Laboratory, NIST, May 2004, Special Publication 800-67, Version 1.1 [ch8ref17]
  • F.A.Q.—FIPS 201, NASA SEWP Security Center, National Aeronautics and Space Administration, May 6, 2005 [ch8ref18]
  • Federal Information Processing Standards Publication FIPS 201 [ch8ref19]
  • Process Control System Cyber Security Standards—an Overview, 52nd International Instrumentation Symposium, Idaho National Laboratories, INL/CON-06-01317 [ch8ref20]
  • Guidance for Addressing Cyber Security in the Chemical Industry v3.0, American Chemistry Council’s Chemical Information Technology Council (ChemITC)™ - Chemical Sector Cyber Security Program, May 2006 [ch8ref21]
  • ISA-TR99.00.01-2004, Security Technologies for Manufacturing and Control Systems [ch8ref22] [ch8ref22a]
  • ANSI/ISA-TR99.00.02-2004 Integrating Electronic Security into the Manufacturing and Control Systems Environment [ch8ref23]
  • API Standard 1164, SCADA Security, 1st Ed. (September 1, 2004) [ch8ref24]
  • csrc.nist.gov/cc [ch8ref25] [ch8ref25a] [ch8ref25b]
  • Common Criteria for Information Technology Security Evaluation, Part 1: Introduction / General Model v3.1, Revision 1 (September 2006) [ch8ref26]
  • CC/CEM Documentation [ch8ref27]
  • en.wikipedia.org/wiki/Common_Criteria [ch8ref28]
  • en.wikipedia.org/wiki/ISO_17799 [ch8ref29]
  • www.isd.mel.nist.gov/projects/processcontrol [ch8ref30]
  • www.hhs.gov/ocr/hipaa [ch8ref31]
  • thomas.loc.gov/cgi-bin/bdquery/z?d109:s.00544 [ch8ref32]
  • thomas.loc.gov/cgi-bin/bdquery/z?d109:SN00544:@@@D&summ2=m& [ch8ref33]
  • www.ftc.gov/privacy/privacyinitiatives/glbact.html [ch8ref34]
  • www.oalj.dol.gov/public/whistleblower/references/reference_works/sox_digest.htm [ch8ref35]
  • www.hssd.us [ch8ref36]
  • www.itl.nist.gov/fipspubs/geninfo.htm [ch8ref37]
  • Federal Information Processing Standards Publication FIPS 113, Computer Data Authentication [ch8ref38]
  • Federal Information Processing Standards Publication FIPS 140-2 (Supersedes FIPS PUB 140-1, January 11, 1994), Security Requirements for Cryptographic Modules [ch8ref39]
  • csrc.nist.gov/cryptval [ch8ref40]
  • National Institute of Standards and Technology Communications Security Establishment, Frequently Asked Questions for the Cryptographic Module Validation Program [ch8ref41]
  • Federal Information Processing Standards Publication FIPS 180-2 (Supersedes FIPS PUB 180-1, August 1, 2002) [ch8ref42]
  • Federal Information Processing Standards Publication FIPS 186-2 (Supersedes FIPS PUB 186-1, January 27, 2000), Digital Signature Standard (DSS) [ch8ref43]
  • Federal Information Processing Standards Publication FIPS 191, Guideline for the Analysis of Local Area Network Security [ch8ref44]
  • Federal Information Processing Standards Publication FIPS 197, Advanced Encryption Standard (AES) [ch8ref45]
  • Federal Information Processing Standards Publication FIPS 199, Standards for Security Categorization of Federal Information and Information Systems [ch8ref46]
  • www.nssn.org/about.aspx [ch8ref47]
  • System Protection Profile - Industrial Control Systems v1.0 [ch8ref48]
  • www.its.bldrdoc.gov/projects/devglossary/_plain_text.html [ch8ref49]
  • www.its.bldrdoc.gov/fs-1037/dir-007/_0960.htm [ch8ref50]
  • Federal Information Processing Standards Publication FIPS 190, Guideline for the Use of Advanced Authentication Technology Alternatives [ch8ref51]