[SCADASEC] IBM is offering 'SCADA security best practices'...
ljknews
ljknews at mac.com
Wed Feb 13 11:11:28 CST 2008
At 10:51 AM -0600 2/13/08, Clint Bodungen wrote:
> Not agreeing nor disagreeing with you... just playing devil's advocate.
> Does being a Federal Agency make them infallible? Is it truly the "highest
> standard?" Historically speaking I'm not sure I would always put Federal
> and "Highest Standard" in the same category. Sometimes yes and sometimes no
> but does it apply here?
I have paid a _lot_ of attention to 800-53, and it far better
than anything else I have seen. The only security issue from
any domain I have seen that it does not cover is handling of
classified security levels and categories, but the federal
government has other regulations applicable to that. I have
heard rumblings that those other regulations may be rewritten
in the style of 800-53.
But test this for yourself. Pick up a copy from
http://csrc.nist.gov/publications/PubsSPs.html#800-53_Rev2
and using the table in Appendix D, choose a topic about which
you are particularly concerned. Use the control number for
that topic to find the 800-53 control description in Appendix
F and report back to us regarding what you think.
====================
In response to claims that the current ISO document has a lot
of the same stuff, the 800-53 project leader responded that ISO
did not cover many areas until they saw it in 800-53.
--
Larry Kilgallen
More information about the scadasec
mailing list