Appendix A List of Acronyms¶
ANSI |
American National Standards Institute |
ARP |
Address Resolution Protocol |
CERT |
Computer Emergency Readiness Team |
CIS |
Center for Internet Security |
CISA |
Cybersecurity and Infrastructure Security Agency |
CSV |
Comma-Separated Value |
DER |
Distributed Energy Resource(s) |
ESAM |
Energy Sector Asset Management |
HART |
Highway Addressable Remote Transducer |
HMI |
Human-Machine Interface |
ICMP |
Internet Control Message Protocol |
ICS |
Industrial Control System(s) |
IEC |
International Electrotechnical Commission |
IED |
Intelligent Electronic Device |
IETF |
Internet Engineering Task Force |
IIoT |
Industrial Internet of Things |
IP |
Internet Protocol |
ISA |
International Society of Automation |
ISACA |
Information Systems Audit and Control Association |
ISO |
International Organization for Standardization |
LTE |
Long-Term Evolution |
MAC |
Media Access Control |
NCCoE |
National Cybersecurity Center of Excellence |
NICE |
National Initiative for Cybersecurity Education |
NIST |
National Institute of Standards and Technology |
OS |
Operating System |
OT |
Operational Technology |
PLC |
Programmable Logic Controller |
RARP |
Reverse Address Resolution Protocol |
RFC |
Request for Comments |
SCADA |
Supervisory Control and Data Acquisition |
SIEM |
Security Information and Event Management |
SP |
Special Publication |
SPAN |
Switched Port Analyzer |
TAP |
Test Access Points |
TCP |
Transmission Control Protocol |
TLS |
Transport Layer Security |
UDP |
User Datagram Protocol |
UMD |
University of Maryland |
VPN |
Virtual Private Network |
Appendix B References¶
- B1
K. Stouffer et al., Guide to Industrial Control Systems (ICS) Security, National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 Revision 2, NIST, Gaithersburg, MD, May 2015. Available: https://doi.org/10.6028/NIST.SP.800-82r2.
- B2
Joint Task Force Transformation Initiative, Guide for Conducting Risk Assessments, NIST SP 800-30 Revision 1, NIST, Gaithersburg, MD, Sept. 2012. Available: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf.
- B3
Joint Task Force, Risk Management Framework for Information Systems and Organizations, NIST SP 800-37 Revision 2, NIST, Gaithersburg, MD, Dec. 2018. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf.
- B4
NIST. Risk Management Framework: Quick Start Guides. [Online]. Available: https://csrc.nist.gov/projects/risk-management/risk-management-framework-quick-start-guides.
- B5
Joint Task Force Transformation Initiative, Guide for Conducting Risk Assessments, NIST SP 800-30 Revision 1, NIST, Gaithersburg, MD, Sept. 2012. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf.
- B6
Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Cyber Threat Source Descriptions. [Online].Available: https://www.us-cert.gov/ics/content/cyber-threat-source-descriptions.
- B7
CISA ICS-CERT. National Cyber Awareness System. Alerts. [Online]. Available: https://www.us-cert.gov/ncas/alerts.
- B8
MITRE. Common Vulnerabilities and Exposures. [Online]. Available: https://cve.mitre.org/.
- B9
NIST. National Vulnerability Database. Common Vulnerability Scoring System. [Online]. Available: https://nvd.nist.gov/vuln-metrics/cvss.
- B10
CISA ICS-CERT. National Cyber Awareness System. Report Incidents, Phishing, Malware, or Vulnerabilities. [Online]. Available: https://www.us-cert.gov/report.
- B11
NIST, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, Apr. 16, 2018. Available: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
- B12
Joint Task Force Transformation Initiative, Security and Privacy Controls for Federal Information Systems and Organizations NIST SP 800-53 Revision 4, NIST, Gaithersburg, MD, Apr. 2013. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf.
- B13
W. Newhouse et al., National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST SP 800-181, NIST, Gaithersburg, MD, Aug. 2017. Available: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-181.pdf.
- B14
NIST, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, Apr. 16, 2018. Available: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.