New spec describes managing security
A second standard in the ISA99 series Security for Industrial Automation and Control Systems was approved by the American National Standards Institute (ANSI). The new standard, ANSI/ISA-99.02.01-2009, Establishing an Industrial Automation and Control Systems Security Program, describes elements to set up a cyber security management system and provides guidance on how to meet the requirements for each element. Topics include policies, procedures, practices and personnel.
“The great value of this standard is that it draws together the best thinking on industrial cyber security management from experts at leading companies across the globe,” said Jim Gilsinn of the US National Institute of Standards and Technology. Gilsinn served as the lead editor of the standard.
The new standard follows last year’s publication of the first standard in the series, ANSI/ISA-99.00.01, which serves as the basis of all standards in the ISA99 series by presenting key concepts, terminology and models. Additional ISA99 standards under development will cover how to operate a security program after it is designed and implemented, and technical security requirements for industrial automation and control systems.