• 6.1 Identify (ID)
  • 6.1.1 Asset Management (ID.AM)
  • 6.1.2 Governance (ID.GV)
  • 6.1.3 Risk Assessment (ID.RA)
  • 6.1.4 Risk Management Strategy (ID.RM)
  • 6.1.5 Supply Chain Risk Management (ID.SC)
• 6.2 Protect (PR)
  • 6.2.1 Identity Management and Access Control (PR.AC)
    • 6.2.1.1 Logical Access Controls (PR.AC)
    • 6.2.1.2 Physical Access Controls (PR.AC-2)
    • 6.2.1.3 Network Segmentation and Isolation (PR.AC-5)
  • 6.2.2 Awareness and Training (PR.AT)
  • 6.2.3 Data Security (PR.DS)
  • 6.2.4 Information Protection Processes and Procedures (PR.IP)
    • 6.2.4.1 Least Functionality (PR.IP-1)
    • 6.2.4.2 Configuration Change Control (Configuration Management) (PR.IP-3)
    • 6.2.4.3 Backups (PR.IP-4)
    • 6.2.4.5 Response and Recovery Plans (PR.IP-9) and Response and Recovery Plan Testing (PR.IP-10)
  • 6.2.6 Protective Technology (PR.PT)
    • 6.2.6.1 Logging (PR.PT-1)
  • 6.2.7 Media Protection (PR.PT-2)
  • 6.2.8 Personnel Security
  • 6.2.9 Wireless Communications
  • 6.2.10 Remote Access
  • 6.2.11 Flaw Remediation and Patch Management
  • 6.2.12 Time Synchronization
• 6.3 Detect (DE)
  • 6.3.1 Anomalies and Events (DE.AE)
  • 6.3.2 Security Continuous Monitoring (DE.CM)
    • 6.3.2.1 Network Monitoring (DE.CM-1)
    • 6.3.2.2 System Use Monitoring (DE.CM-1 and DE-CM-3)
    • 6.3.2.3 Malicious Code Detection (DE.CM-4)
• 6.4 Respond (RS)
  • 6.4.2 Response Communications (RS.CO)
  • 6.4.3 Response Analysis (RS.AN)
• 6.5 Recover (RC)
  • 6.5.1 Recovery Planning (RC.RP)
  • 6.5.2 Recovery Improvements (RC.IM)
  • 6.5.3 Recovery Communications (RC.CO)

NIST Cybersecurity Framework (CSF) をOTシステムに適応するために、考えることが記載されている。おそらく、ここで参照されているのはCSF ver.1.1

ここもまだ知識が浅い所為もあって書いてある以上のことは、あまり考えていない。大体は、特にメモしたくなったことだけ抽出。
ある程度、OTセキュリティに詳しくなった際に再び更新する。

現状は実質、NIST関連ドキュメントまとめ。

6.1 Identify (ID)

6.1.1 Asset Management (ID.AM)

補足資料:

• NIST SP 1800-5 IT Asset Management
• NIST SP 800-53, Rev. 5 Security and Privacy Controls for Information Systems and Organizations

6.1.2 Governance (ID.GV)

補足資料:

• NIST SP 800-39 Managing Information Security Risk   Organization, Mission, and Information System View
• NIST SP 800-37, Rev. 2 Risk Management Framework for Information Systems and Organizations   A System Life Cycle Approach for Security and Privacy
• NIST SP 800-100 Information Security Handbook: A Guide for Managers
• NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

6.1.3 Risk Assessment (ID.RA)

補足資料:

• NIST SP 800-30, Rev. 1 Guide for Conducting Risk Assessments
• NIST SP 800-37, Rev. 2 Risk Management Framework for Information Systems and Organizations   A System Life Cycle Approach for Security and Privacy
• NIST SP 800-39 Managing Information Security Risk   Organization, Mission, and Information System View
• ISA/IEC 62443-3-2:2020 Security for industrial automation and control systems - Part 3-2: Security risk assessment for system design
• NIST SP 800-150 Guide to Cyber Threat Information Sharing

6.1.4 Risk Management Strategy (ID.RM)

補足資料:

• NIST SP 800-37, Rev. 2 Risk Management Framework for Information Systems and Organizations   A System Life Cycle Approach for Security and Privacy
• NIST SP 800-39 Managing Information Security Risk   Organization, Mission, and Information System View
• NIST IR 8179 Criticality Analysis Process Model   Prioritizing Systems and Components

6.1.5 Supply Chain Risk Management (ID.SC)

補足資料:

• NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
• NIST IR 8276 Key Practices in Cyber Supply Chain Risk Management: Observations from Industry

6.2 Protect (PR)

6.2.1 Identity Management and Access Control (PR.AC)

補足資料:

• NIST SP 800-63-3 Digital Identity Guidelines
• NIST SP 800-73-4 Interfaces for Personal Identity Verification(Withdrawn NIST Technical Series Publication)
• NIST SP 800-76-2 Biometric Specifications for Personal Identity Verification
• NIST SP 800-100 Information Security Handbook: A Guide for Managers

6.2.1.1 Logical Access Controls (PR.AC)

補足資料:

• NIST SP 800-63-3 Digital Identity Guidelines
• NIST SP 800-73-4 Interfaces for Personal Identity Verification(Withdrawn NIST Technical Series Publication)
• NIST SP 800-76-2 Biometric Specifications for Personal Identity Verification
• NIST SP 800-78-4 Cryptographic Algorithms and Key Sizes for Personal Identity Verification(Withdrawn NIST Technical Series Publication)
• NIST SP 800-96 PIV Card to Reader Interoperability Guidelines
• NIST SP 800-97 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
• NIST SP 800-162 Guide to Attribute Based Access Control (ABAC) Definition and Considerations

6.2.1.2 Physical Access Controls (PR.AC-2)

補足資料:

• NERC CIP-006-5 Physical Security of BES Cyber Systems

6.2.1.3 Network Segmentation and Isolation (PR.AC-5)

補足資料:

• NIST SP 800-41, Rev. 1Guidelines on Firewalls and Firewall Policy
• NIST SP 800-207 Zero Trust Architecture
• NIST SP 1800-15 Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)
• CPNI FIREWALL DEPLOYMENT FOR SCADA AND PROCESS CONTROL NETWORKS

6.2.2 Awareness and Training (PR.AT)

補足資料:

• NIST SP 800-50 Building an Information Technology Security Awareness and Training Program(Withdrawn NIST Technical Series Publication)
• NIST SP 800-100 Information Security Handbook: A Guide for Managers
• NIST SP 800-181, Rev. 1 Workforce Framework for Cybersecurity (NICE Framework)

6.2.3 Data Security (PR.DS)

補足資料:

• RFC 4949 Internet Security Glossary, Version 2
• FIPS 140-3 SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
• NIST CMVP Cryptographic Module Validation Program
• NIST SP 800-47, Rev. 1 Managing the Security of Information Exchanges
• NIST SP 800-111 Guide to Storage Encryption Technologies for End User Devices
• NIST SP 800-209 Security Guidelines for Storage Infrastructure

6.2.4 Information Protection Processes and Procedures (PR.IP)

6.2.4.1 Least Functionality (PR.IP-1)

補足資料:

• NIST SP 800-167 Guide to Application Whitelisting

6.2.4.2 Configuration Change Control (Configuration Management) (PR.IP-3)

補足資料:

• NIST SP 800‑128 Guide for Security-Focused Configuration Management of Information Systems
• NIST SP 1800-5 IT Asset Management

6.2.4.3 Backups (PR.IP-4)

補足資料:

• NIST SP 800-34, Rev. 1 Contingency Planning Guide for Federal Information Systems
• NIST SP 800-209 Security Guidelines for Storage Infrastructure

6.2.4.5 Response and Recovery Plans (PR.IP-9) and Response and Recovery Plan Testing (PR.IP-10)

補足資料:

• CISA-CIVR CISA’s Cybersecurity Incident and Vulnerability Response Playbooks
• NIST SP 800-34, Rev. 1 Contingency Planning Guide for Federal Information Systems
• NIST SP 800-61, Rev. 2 Computer Security Incident Handling Guide(Withdrawn NIST Technical Series Publication)
• NIST SP 800-83, Rev. 1 Guide to Malware Incident Prevention and Handling for Desktops and Laptops
• NIST SP 800-100 Information Security Handbook: A Guide for Managers
• CISA Handling Destructive Malware
• Federal Emergency Management Agency (FEMA) National Incident Management System
• FEMA National Preparedness Goal

6.2.6 Protective Technology (PR.PT)

6.2.6.1 Logging (PR.PT-1)

補足資料:

• NIST SP 800-92 Guide to Computer Security Log Management

6.2.7 Media Protection (PR.PT-2)

補足資料:

• NIST SP 800-88, Rev. 1 Guidelines for Media Sanitization
• NIST SP 800-100 Information Security Handbook: A Guide for Managers
• NIST SP 800-209 Security Guidelines for Storage Infrastructure

6.2.8 Personnel Security

補足資料:

• NIST SP 800-35 Guide to Information Technology Security Services
• NIST SP 800-73-4 Interfaces for Personal Identity Verification(Withdrawn NIST Technical Series Publication)
• NIST SP 800-76-2 Biometric Specifications for Personal Identity Verification
• NIST SP 800-100 Information Security Handbook: A Guide for Managers
• NICE National Initiative for Cybersecurity Education

6.2.9 Wireless Communications

補足資料:

• NIST SP 800-97 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
• NIST SP 800-121, Rev. 2 Guide to Bluetooth Security
• NIST SP 800-153 Guidelines for Securing Wireless Local Area Networks (WLANs)
• NIST SP 800-187 Guide to LTE Security

6.2.10 Remote Access

補足資料:

• NIST SP 800-52, Rev. 2 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
• NIST SP 800-63B Digital Identity Guidelines Authentication and Lifecycle Management
• NIST SP 800-77, Rev. 1 Guide to IPsec VPNs
• NIST SP 800-113 Guide to SSL VPNs

6.2.11 Flaw Remediation and Patch Management

補足資料:

• NIST SP 800-40, Rev. 4 Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology
• NERC CIP-007 System Security Management
• ISA/IEC 62443-2-3:2015 Patch management in the IACS environment

6.2.12 Time Synchronization

補足資料:

• NIST SP 800-92 Guide to Computer Security Log Management
• NIST IR 8323 Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services

6.3 Detect (DE)

6.3.1 Anomalies and Events (DE.AE)

補足資料:

• NIST SP 800-92 Guide to Computer Security Log Management
• NIST SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
• NIST SP 1800-7 Situational Awareness For Electric Utilities

6.3.2 Security Continuous Monitoring (DE.CM)

補足資料:

• NIST SP 800-53A, Rev. 5 Assessing Security and Privacy Controls in Information Systems and Organizations
• NIST SP 800-55, Rev. 1 Performance Measurement Guide for Information Security(Withdrawn NIST Technical Series Publication)
• NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
• NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
• NIST SP 800-137A Assessing Information Security Continuous Monitoring (ISCM)   Programs: Developing an ISCM Program Assessment

6.3.2.1 Network Monitoring (DE.CM-1)

補足資料:

• NIST SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
• NIST IR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

6.3.2.2 System Use Monitoring (DE.CM-1 and DE-CM-3)

補足資料:

• NIST SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
• NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

6.3.2.3 Malicious Code Detection (DE.CM-4)

補足資料:

• NIST SP 800-83, Rev. 1 Guide to Malware Incident Prevention and Handling for Desktops and Laptops
• NIST SP 1058 Using Host-Based Antivirus Software on Industrial Control Systems: Integration Guidance and a Test Methodology for Assessing Performance Impacts
• CISA Recommended Practice: Updating Antivirus in an Industrial Control System

6.4 Respond (RS)

6.4.2 Response Communications (RS.CO)

補足資料:

• FEMA National Incident Management System
• FEMA Crisis Communications Plans
• NATIONAL CYBER INCIDENT RESPONSE PLAN
• PPD-21 Critical Infrastructure Security and Resilience
• PPD-41 United States Cyber Incident Coordination
• CISA Sector Risk Management Agencies

6.4.3 Response Analysis (RS.AN)

補足資料:

• NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response

6.5 Recover (RC)

6.5.1 Recovery Planning (RC.RP)

補足資料:

• NIST SP 800-184 Guide for Cybersecurity Event Recovery
• NIST SP 800-209 Security Guidelines for Storage Infrastructure

6.5.2 Recovery Improvements (RC.IM)

補足資料:

• NIST SP 800-184 Guide for Cybersecurity Event Recovery

6.5.3 Recovery Communications (RC.CO)

補足資料:

• NIST SP 800-184 Guide for Cybersecurity Event Recovery