Standards related to Industrial IoT security discussed in this book are summarized here for quick referenence.
- CWE: Common Weakness Enumeration
- FIPS 140-2: Security Requirements for Cryptographic Modules
- FIPS 180-4: NIST-CSRC Secure Hash Standard (SHS)
- ISO/IEC 197702: Specification on Software Tagging
- ISA 62443-1-1: Security for Industrial Automation and Control Systems Part 1 – Terminology, Concepts, and Models
- ISA/IEC 62443-3-3: Security for Industrial Automation and Control Systems Part 3-3 – System Security Requirements and Security Levels
- ISO/IEC 15408: Common Criteria for Information Technology Security Evaluation
- NIST SP 800-155: Boot-process integrity measurement
- NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
- ISA95: Purdue Enterprise Reference Architecture Enterprise-Control System Integration
- ISA-99: Industrial Automation and Control Systems Security (https://www.isa.org/isa99/)
- IEC 62443: Industrial Network and System Security
- IEC 62541: OPC Unified Architecture Specification
- IEC 61850: Substation Automation Protocols
- IEEE 1588: IEEE Standard for a Precision Clock Synchronization Protocol for Network Measurement and Control Systems
- NIST SP 800-53 Rev 4: Recommended Security and Privacy Controls for Federal Information Systems and Organizations
- NIST SP 800-82 Rev 2: Guide to Industrial Control Systems (ICS) Security, May 2015
- NIST SP 800-52: Guidelines on the Selection and Use of Transport-Layer Security
- TIA-942-A (http://www.tia-942.org/): ANSI/TIA-942-A: Telecommunications Infrastructure Standard for Datacenters (http://blog.siemon.com/standards/tia-942-and-tia-942-a-%E2%80%9Cdata-center-infrastructure%E2%80%9D-standards)
- ISO/IEC 27001: A high-level management systems standard and its associated cloud-service-specific standards: ISO/IEC 27017 (for security) and ISO/IEC 27018 (for protection of personal data)
- Standards addressing specific aspects of cloud computing: ISO/IEC 27033 for network security, ISO/IEC 27034 for application security, ISO/IEC 19086 for cloud service SLAs
- Technology-specific security standards: Such as OASIS KMIP (key management), FIPS 140-2 (approved cryptographic modules), and OASIS SAML 2.0 (security assertions, used in IdAM implementations)
- ISO/IEC 20889: Standardizes de-identification techniques
- US National Institute of Standards and Technology (NIST) Special Publication 800-175B: Provides guidance on strong cryptographic methods
- NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing
Some useful documents on cloud security include the following:
- CSCC white paper Cloud Security Standards: What to Expect and What to Negotiate V2.0 (http://www.cloud-council.org/deliverables/CSCC-Cloud-Security-Standards-What-to-Expect-and-What-to-Negotiate.pdf)
- Cloud Control Matrix: https://downloads.cloudsecurityalliance.org/initiatives/ccm/CCM_v3_Info_Sheet.pdf
- Cloud Customer Architecture for Securing Workloads on Cloud Services: Published by Cloud Security Council
- SAFEcode/CSA: Practices for Secure Development of Cloud Applications
- Cloud computing –Benefits, risks, and recommendations for information security: Published by European Union Agency for Network and Information Security (ENISA)