If you have difficulty in submitting comments on draft standards you can use a commenting template and email it to admin.start@bsigroup.com. The commenting template can be found here.
Standards Development
Replace the whole content of “Scope” with the following:
“This document provides detailed technical control system component requirements (CRs) associated with the seven foundational requirements (FRs) including defining the requirements for automation control systems capability security levels and their components, SL-C(component).
The seven foundational requirements (FRs) are:
a) identification and authentication control (IAC),
b) use control (UC),
c) system integrity (SI),
d) data confidentiality (DC),
e) restricted data flow (RDF),
f) timely response to events (TRE), and
g) resource availability (RA).
These seven foundational requirements provide a basis for the technical security requirements in this document. The first of these, FR-1, addresses the capabilities necessary to reliably identify and authenticate all users (humans, software processes, and devices) attempting to access the component. FR-2 addresses the capabilities necessary to enforce the assigned privileges of an authenticated user (human, software process, and device) to perform actions on a component and monitor use of these privileges. FR-3 addresses the capabilities necessary for the integrity of the component to protect against unauthorized manipulation or modification. FR-4 addresses the capabilities necessary for the confidentiality of information on communication data flows and in data stored at rest and processed by the component to prevent unauthorized disclosure. FR-5 addresses the capabilities necessary to support segmentation of networks and data flows and limit unnecessary and unwanted flow of data. FR-6 addresses the capabilities necessary to respond to security violations by notifying the proper authority, reporting needed evidence of a violation and taking timely corrective action when incidents are discovered. FR-7 addresses the capabilities necessary to protect the availability of components against the degradation or denial of essential functions and services.
Within each FR, the technical security requirements are grouped into security levels as a basis for selection of security measures as part of a risk-based approach.”
Required form fields are indicated by an asterisk (*) character.
You are now following this standard. Weekly digest emails will be sent to update you on the following activities:
You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.
You have successfully unsubscribed from weekly updates for this standard.
Comment by: