[SCADASEC] IBM is offering 'SCADA security best practices'...
ljknews
ljknews at mac.com
Wed Feb 13 10:47:05 CST 2008
At 8:51 AM -0700 2/13/08, Joe Weiss wrote:
> All federal power agencies already must follow NIST SP800-53 (FISMA) by
> federal law. Why should they be held to a higher standard than non
> federal power agencies?
That is a political issue, but that is the current status.
By the way, the reason I specified 800-53a is that the final
draft release of that document shows a much more stringent
attitude toward 800-53 assessment that most security folk
might be expecting.
http://csrc.nist.gov/publications/PubsDrafts.html#800-53A
For instance, the rules for PE-8 might seem comfortable,
but the fact that annual security assessment must include
the review techniques on page F-171 is likely a bit more
than some would expect.
> -----Original Message-----
> From: scadasec-bounces at news.infracritical.com
> [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of ljknews
> Sent: Wednesday, February 13, 2008 7:26 AM
> To: scadasec at news.infracritical.com
> Subject: Re: [SCADASEC] IBM is offering 'SCADA security best
> practices'...
>
> At 8:08 AM -0600 2/13/08, wboyes at putman.net wrote:
>
>> Utilities who depend on
>> following the NERC CIPs are in for a great shock when they find
>> themselves continuing to be vulnerable.
>
> That is less of a shock than if there were a law change and
> they found themselves responsible for following 800-53a.
--
Larry Kilgallen
More information about the scadasec
mailing list