[SCADASEC] IBM is offering 'SCADA security best practices'...
Clint Bodungen
clint at cidgcorp.com
Wed Feb 13 11:29:21 CST 2008
I am personally a big fan and supporter of 800-53. In fact, I use it as a
huge base-line for many of my Gap Analysis projects, even when the project
does not call for NIST, and it is cross-referenced throughout my book. I
was really curious to see what elaborated and supportive conversation that
playing devil's advocate would produce. I really appreciate your comments.
Clint
-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of ljknews
Sent: Wednesday, February 13, 2008 11:11 AM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] IBM is offering 'SCADA security best practices'...
At 10:51 AM -0600 2/13/08, Clint Bodungen wrote:
> Not agreeing nor disagreeing with you... just playing devil's advocate.
> Does being a Federal Agency make them infallible? Is it truly the
"highest
> standard?" Historically speaking I'm not sure I would always put Federal
> and "Highest Standard" in the same category. Sometimes yes and sometimes
no
> but does it apply here?
I have paid a _lot_ of attention to 800-53, and it far better
than anything else I have seen. The only security issue from
any domain I have seen that it does not cover is handling of
classified security levels and categories, but the federal
government has other regulations applicable to that. I have
heard rumblings that those other regulations may be rewritten
in the style of 800-53.
But test this for yourself. Pick up a copy from
http://csrc.nist.gov/publications/PubsSPs.html#800-53_Rev2
and using the table in Appendix D, choose a topic about which
you are particularly concerned. Use the control number for
that topic to find the 800-53 control description in Appendix
F and report back to us regarding what you think.
====================
In response to claims that the current ISO document has a lot
of the same stuff, the 800-53 project leader responded that ISO
did not cover many areas until they saw it in 800-53.
--
Larry Kilgallen
_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec
To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html
scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec
More information about the scadasec
mailing list