[SCADASEC] Cyber Security Procurement Language for Control Systems

[Bob Radvanovsky]

URL: http://www.us-cert.gov/control_systems/
Document URL: http://www.us-cert.gov/control_systems/pdf/SCADA_Procurement_DHS_Final_to_Issue_08-19-08.pdf

Cyber Security Procurement Language for Control Systems

The U.S. Department of Homeland Security Control Systems Security Program, Idaho National Laboratory, Chief Information Security Officer of New York State, and the SANS Institute established an initiative in March 2006 to bring public and private sector entities together to improve the security of control systems. The Cyber Security Procurement Language Project Workgroup comprises 242 public and private sector
entities from around the world representing asset owners, operators, and regulators. Additionally, over 20 vendors participate in a working group to assist in reviewing and producing the procurement language. The results of this endeavor represent the joint effort of the public and private sectors focused on the development of common procurement
language for use by all control systems stakeholders. The goal is for federal, state, and local asset owners and regulators to obtain a common control systems security understanding; using these procurement guidelines will help foster this understanding and lead to integration of security into control systems.

Cyber Security Procurement Language for Control Systems provides information and specific examples of procurement language text to assist the control systems community, both owners and integrators, in establishing sufficient control systems security controls within contract relationships to ensure an acceptable level of risk.