tag:blogger.com,1999:blog-9122514974659083342.post6415424388200997189..comments2024-02-02T22:30:20.736-05:00Comments on Chemical Facility Security News: NIST Info on 2nd Framework WorkshopPJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-9122514974659083342.post-70414795971460199152013-06-03T00:32:13.918-04:002013-06-03T00:32:13.918-04:00Of course the NISTCSF will deal with control syste...Of course the NISTCSF will deal with control systems issues. :) It's being developed (among other things) in support of the executive order's outcome-based perspective on cybersecurity (which, also of course, would naturally consider control systems since their failure tends to create significantly bad outcomes). <br /><br />I'm curious what in the EO made you think it was EO-centric?<br /><br />The level in the security stack at which both the EO and the CSF operate at is higher than the level at which the distinctions between IT/ICS happen and so are inclusive of both without the need to distinguish between the two in policy statements.Anonymousnoreply@blogger.com