• Home »
• National SCADA Test Bed

The following standards and documents are applicable to Control System cyber security (Note - this list is not all inclusive):

• AGA Report No. 12, Cryptographic Protection of SCADA Communications, Part 1: Background, Policies and Test Plan, American Gas Association, March 2006
• API Standard 1164, Pipeline SCADA Security, September 2004
• API Security Guidelines for the Petroleum Industry, April 2005
• Guidance for Addressing Cybersecurity in the Chemical Industry, Version 3.0, May 2006 (The CIDX Cyber Security Initiative was consolidated into the Chemical Sector Cyber Security Program under the Chemical Information Technology Council in 2006.)
• Catalog of Control Systems Security: Recommendations for Standards Developers, Department of Homeland Security National Cyber Security Division, Control Systems Security Program, January 2008
• 6 CFR Part 27, Chemical Facility Anti Terrorism Standard (CFATS), Department of Homeland Security, April 2007
• CIGRE B5.22, Wi-Fi Protected Access for Protection and Automation, International Council on Large Electric Systems, 2007
• FIPS PUB 140-2, Security Requirements for Cryptographic Modules, NIST, December 2002
• FIPS PUB 140-3 (DRAFT), Security Requirements for Cryptographic Modules, NIST, 2007
• ISO/IEC 15408, Information technology - Security techniques - Evaluation criteria for IT security, 2005
• ISO/IEC 17799, Information technology - Code of practice for information security management, June 2005 (Redesignated ISO/IEC 27002:2005)
• ISO/IEC 27001:2005, Information technology - Security techniques - Information security management systems - Requirements, October 2005
• ISO/IEC 27002:2005, Information technology - Code of practice for information security management, June 2005 (Redesignation of ISO/IEC 17799:2005)
• IEC 61850-SER, Communication Networks and Systems in Substations
• IEC 60870-6, Telecontrol Equipment and Systems Part 6: Telecontrol protocols compatible with ISO standards and ITU-T recommendations, (Also referred to as IEC standard TASE.2)
• IEC 62351-1, Power systems management and associated information exchange - Data and communications security - Part 1: Communication network and system security - Introduction to security issues, May 2007
• IEC/PAS 62443-3, Security for Industrial Process Measurement and Control, 2008
• IEC TR 62210, Power system control and associated communications - Data and communication security, May 2003
• IEEE Std 1402-2000, IEEE Guide for Electric Power Substation Physical and Electronic Security, January 2000
• IEEE Std 1686-2007, IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities, February 2008
• IEEE P1613-2003, Standard Environmental and Testing Requirements for Communications Networking Devices in Electric Power Substations, 2003
• IEEE P1777/D1, Draft Recommended Practice for Using Wireless Data Communications in Power System Operations, Draft D1, February 2007
• ANSI/ISA-99.00.01-2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts and Models, October 2007
• ISA-99.00.02-2008, Security for Industrial Automation and Control Systems, Part 2: Establishing an Industrial Automation and Control System Security Program, December 2008
• ANSI/ISA-TR99.00.01-2007, Security Technologies for Industrial Automation and Control Systems, January 2007
• ANSI/ISA-TR99.00.02-2004, Integrating Electronic Security into the Manufacturing and Control Systems Environment, April 2004
• NEI 04-04 Rev 1, Review of Nuclear Energy Institute (NEI) Cyber Security Program for Nuclear Reactors, November 2005
• NERC Standard CIP-002 through -009, Cyber Security, June 2006
• NERC Security Guidelines for the Electricity Sector: Control System - Business Network Electronic Connectivity, May 2005
• NERC Security Guidelines for the Electricity Sector: Vulnerability and Risk Assessment, June 2002
• NIST System Protection Profile - Industrial Control Systems, April 2004
• NIST - Field Device Protection Profile For SCADA Systems In Medium Robustness Environments, Version 0.71, May 2006
• NIST Special Publication 800-53 Revision 2, Recommended Security Controls for Federal Information Systems, December 2007, (Appendix I addresses Industrial Control Systems)
• NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security, FINAL PUBLIC DRAFT, September 2008