NIST Special Publication

A)
NIST Special Publication 800-53, Revision 4 defines state- of-the-practice security controls and control enhancements that are integrated
into a catalog addressing such areas as: mobile and cloud computing: applications security; trustworthiness, assurance, and resiliency of
| information systems: insider threat; supply chain security; and the advanced persistent threat.
|
The catalog also provides for supplementing the baseline controls with additional control enhancements from the security control catalog |
along with a supplemental guidance section that provides non-prescriptive, additional information for a specific security control.
Organizations can apply the supplemental guidance as appropriate, when defining, developing, and/or implementing security controls. |
ie
APPENDIX D of the document contains the security control baselines that represent the starting point in determining the security controls for ie
low-impact, moderate-impact, and high-impact information systems. The three security control baselines are hierarchical in nature with ee
regard to the security controls employed in those baselines. If a security control is selected for one of the baselines. the family identifier and
control number are listed in the appropriate column. If a security control is not used in a particular baseline, the entry is marked not selected. ie
| | fe
faut
| Please answer the following with regard to APPENDIX D.: | a
| 1.} What control listed in the Control Families addresses remote access to an information system? a
| 2.) What does it state? Be
| 3.) What control enhancements are specified for a Moderate Impact baseline? List the enhancement numbers and what they state. | a
| 4.) What other control in the catalog addresses enforcing access restrictions for remote connections?

B.)
NIST SP 800-82, Guide to Industrial Control Systems(ICS) Security, provides guidance on how te secure Industrial Control Systems (ICS), |
| including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system |
configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety
requirements. The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these |
systems, and provides recommended security countermeasures to mitigate the associated risks. |
The document specifies sets of security controls, control enhancements, and supplemental guidance derived from the application of tailoring
| guidance to security control baselines described in NIST SP 800-53. The baseline controls are the starting point for the security control
| selection process and chosen based on the security category and associate impact level of information systems.

1) a“
According to NIST SP 800-82, what are the key factors that drive design decisions regarding the control, communication, reliability, and
redundancy properties of the (CS?

List the factors and provide a short description of each in your own words.

2
According to NIST SP 800-82, what are the differences/similarities between an ICS and a conventional IT system with regard to:
4.) Facility Accessibility

2.) Performance Requirements

3.) Operating Personnel and Operating Systems |

4.) Managing Change

Sample Solution