Yesterday the Department of Energy published
the Energy Sector Cybersecurity
Framework Implementation Guidance. This is the DOE’s approach to helping
“the energy sector establish or align existing cybersecurity risk management
programs to meet the objectives of the Cybersecurity Framework released by the
National Institutes of Standards and Technology (NIST) in February 2014”.
I’ve had a chance to just glance through the 24 page
document and it looks like it provides a pretty good summary of the Framework
and looks at how the Framework can be applied to cybersecurity management under
a number of DOE related security programs and processes.
The discussion about the Framework implementation
using the DOE’s Cybersecurity Capability Maturity Model (C2M2) approach is
quite detailed. There is a lengthy table mapping the C2M2 practices to the
Framework Core and another describing how the C2M2 practices can be utilized in
establishing the Framework Tier ranking.
Since DOE components have probably been looking at
cybersecurity concerns longer than most any non-military agency of the US
Government, it is nice to see their take on the NIST Framework. It is somewhat
disheartening though that this document took almost a year to field.
BTW: Thanks to ICS-CERT for
pointing at this document.
Posts
No comments:
Post a Comment