Appendix 3 NIST SP 800-82 Security Measures
This appendix presents the security measures proposed in the NIST SP800-82r4 guide. More details are given in this guide (Stouffer et al. 2015), with guidance on the implementation of these measures for industrial control system (ICS). The measurements are aligned with those proposed in SP 800-53 (NIST 2014).
Table A3.1. NIST SP 800-82 security measures
| ACCESS CONTROL – AC | ||||
| AC-1 | Access Control Policy and Procedures | x | x | x |
| AC-2 | Account Management | x | x | x |
| AC-2 (1) | ACCOUNT MANAGEMENT | AUTOMATED SYSTEM ACCOUNT MANAGEMENT | x | x | |
| AC-2 (2) | ACCOUNT MANAGEMENT | REMOVAL OF TEMPORARY/EMERGENCY ACCOUNTS | x | x | |
| AC-2 (3) | ACCOUNT MANAGEMENT | DISABLE INACTIVE ACCOUNTS | x | x | |
| AC-2 (4) | ACCOUNT MANAGEMENT | AUTOMATED AUDIT ACTIONS | x | x | |
| AC-2 (5) | ACCOUNT MANAGEMENT | INACTIVITY LOGOUT/TYPICAL USAGE MONITORING | x | ||
| AC-2 (11) | ACCOUNT MANAGEMENT | USAGE CONDITIONS | x | ||
| AC-2 (12) | ACCOUNT MANAGEMENT | ACCOUNT MONITORING/ATYPICAL USAGE | x | ||
| AC-2 (13) | ACCOUNT MANAGEMENT | ACCOUNT REVIEWS | x | ||
| AC-3 | Access Enforcement | x | x | x |
| AC-4 | Information Flow Enforcement | x | x | |
| AC-5 | Separation of Duties | x | x | |
| AC-6 | Least Privilege | x | x | |
| AC-6 (1) | LEAST PRIVILEGE | AUTHORIZE ACCESS TO SECURITY FUNCTIONS | x | x | |
| AC-6 (2) | LEAST PRIVILEGE | NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONS | x | x | |
| AC-6 (3) | LEAST PRIVILEGE | NETWORK ACCESS TO PRIVILEGED COMMANDS | x | ||
| AC-6 (5) | LEAST PRIVILEGE | PRIVILEGED ACCOUNTS | x | x | |
| AC-6 (9) | LEAST PRIVILEGE ... | |||
Get Cybersecurity of Industrial Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
