Maritime Bulk Liquids Transfer Cybersecurity Framework Prof
Year: 2018 Language: english Author: U.S. Coast Guard, the National Institute of Standards and Technology (NIST) Genre: Guide Format: PDF Quality: eBook Number of pages: 154 Description: This MBLT CFP serves to assist in cybersecurity risk assessments for those entities involved in MBLT operations as overseen by the USCG. It is intended to act as non‐mandatory guidance to organizations conducting MBLT operations within facilities and vessels under the regulatory control of the USCG under the Code of Federal Regulations (CFR) 33 CFR 154‐156. This MBLT CFP serves to collect recommended cybersecurity safeguards and describes the desired minimum state of cybersecurity for those organizations in the MBLT context.
Contents
Executive Summary ..................................................................................................................................... iv Background .............................................................................................................................................. iv The Profile................................................................................................................................................ iv Benefits ..................................................................................................................................................... v 1. Introduction ............................................................................................................................................. 1 1.1. Purpose ......................................................................................................................................... 1 1.2. Audience and How to Use this Document ................................................................................... 1 1.3. Document Structure ..................................................................................................................... 2 1.4. Overview of the MBLT CFP ........................................................................................................... 2 2. Background .............................................................................................................................................. 5 2.1. Cybersecurity and the Critical Infrastructure .............................................................................. 5 2.2. Cybersecurity Risk in the MBLT Enterprise .................................................................................. 5 2.2.1. Information Technology (IT) and Operational Technology (OT) ................................................. 6 2.2.2. IT Cybersecurity Risk .................................................................................................................... 6 2.2.3. OT Cybersecurity Risk ................................................................................................................... 6 2.3. Regulatory Context ....................................................................................................................... 7 3. Using the Cybersecurity Framework ....................................................................................................... 9 3.1. Cybersecurity Framework Basic Elements ................................................................................... 9 3.2. Cybersecurity Framework Profiles ............................................................................................. 10 3.3. Developing a Profile ................................................................................................................... 12 3.4. Advantages of Developing a Profile ........................................................................................... 13 4. The MBLT CFP for Industry .................................................................................................................... 14 4.1. Overall Process to Create this Profile ........................................................................................ 14 4.2. Activities to Date ........................................................................................................................ 15 4.3. Profile Foundations .................................................................................................................... 16 4.4. Governance ................................................................................................................................. 17 5. Roadmap for Organizations Using the MBLT CFP ................................................................................ 18 5.1. Cybersecurity Profile Development and Use for MBLT Organizations ..................................... 18 5.2. Process to Incorporate the MBLT Profile in Organizations ....................................................... 18 6. Mission Mapping, Cybersecurity Framework Functions, Categories, and Subcategories .................. 20 6.1. MBLT CFP Structure .................................................................................................................... 20 6.2. Summary of Priority Subcategories Identified .......................................................................... 23 Appendix A – Detailed Subcategory Specifications .................................................................................. 35 A‐1 Mission Objective 1: Maintain Personnel Safety ...................................................................... 38 A‐2 Mission Objective 2: Maintain Environmental Safety .............................................................. 49 A‐3 Mission Objective 3: Maintain Operational Security ................................................................ 57 A‐4 Mission Objective 4: Maintain Preparedness ............................................................................ 76 A‐5 Mission Objective 5: Maintain Quality of Product .................................................................... 91 A‐6 Mission Objective 6: Meet HR Requirements ......................................................................... 100 A‐7 Mission Objective 7: Pass Required Audits/Inspections ......................................................... 111 A‐8 Mission Objective 8: Obtain Timely Vessel Clearance ............................................................ 120 Appendix B – Section by Section Review of 33 CFR 154‐156 .................................................................. 129 B‐1 Bulk Liquid Transfer Facilities, 33 CFR 154 .............................................................................. 129 B‐2 Oil and Hazardous Materials for Vessels, 33 CFR 155 ............................................................. 132 B‐3 Oil and Hazardous Material Transfer Operations, 33 CFR 156 ............................................... 132 Appendix C – Industry Cybersecurity Processes & Profile Mappings ..................................................... 134 C‐1 Energy Sector Cybersecurity Efforts and the DOE C2M2 Program ......................................... 134 Energy Sector Cybersecurity ............................................................................................... 134 DOE Cybersecurity ............................................................................................................... 134 C‐2 Cybersecurity Framework Informative References ................................................................ 136 C‐3 Mapping of Optional Resources .............................................................................................. 136
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum
Maritime Bulk Liquids Transfer Cybersecurity Framework Prof
Year: 2018
Language: english
Author: U.S. Coast Guard, the National Institute of Standards and Technology (NIST)
Genre: Guide
Format: PDF
Quality: eBook
Number of pages: 154
Description: This MBLT CFP serves to assist in cybersecurity risk assessments for those entities involved in MBLT
operations as overseen by the USCG. It is intended to act as non‐mandatory guidance to organizations
conducting MBLT operations within facilities and vessels under the regulatory control of the USCG under
the Code of Federal Regulations (CFR) 33 CFR 154‐156. This MBLT CFP serves to collect recommended
cybersecurity safeguards and describes the desired minimum state of cybersecurity for those
organizations in the MBLT context.
Contents
Executive Summary ..................................................................................................................................... ivBackground .............................................................................................................................................. iv
The Profile................................................................................................................................................ iv
Benefits ..................................................................................................................................................... v
1. Introduction ............................................................................................................................................. 1
1.1. Purpose ......................................................................................................................................... 1
1.2. Audience and How to Use this Document ................................................................................... 1
1.3. Document Structure ..................................................................................................................... 2
1.4. Overview of the MBLT CFP ........................................................................................................... 2
2. Background .............................................................................................................................................. 5
2.1. Cybersecurity and the Critical Infrastructure .............................................................................. 5
2.2. Cybersecurity Risk in the MBLT Enterprise .................................................................................. 5
2.2.1. Information Technology (IT) and Operational Technology (OT) ................................................. 6
2.2.2. IT Cybersecurity Risk .................................................................................................................... 6
2.2.3. OT Cybersecurity Risk ................................................................................................................... 6
2.3. Regulatory Context ....................................................................................................................... 7
3. Using the Cybersecurity Framework ....................................................................................................... 9
3.1. Cybersecurity Framework Basic Elements ................................................................................... 9
3.2. Cybersecurity Framework Profiles ............................................................................................. 10
3.3. Developing a Profile ................................................................................................................... 12
3.4. Advantages of Developing a Profile ........................................................................................... 13
4. The MBLT CFP for Industry .................................................................................................................... 14
4.1. Overall Process to Create this Profile ........................................................................................ 14
4.2. Activities to Date ........................................................................................................................ 15
4.3. Profile Foundations .................................................................................................................... 16
4.4. Governance ................................................................................................................................. 17
5. Roadmap for Organizations Using the MBLT CFP ................................................................................ 18
5.1. Cybersecurity Profile Development and Use for MBLT Organizations ..................................... 18
5.2. Process to Incorporate the MBLT Profile in Organizations ....................................................... 18
6. Mission Mapping, Cybersecurity Framework Functions, Categories, and Subcategories .................. 20
6.1. MBLT CFP Structure .................................................................................................................... 20
6.2. Summary of Priority Subcategories Identified .......................................................................... 23
Appendix A – Detailed Subcategory Specifications .................................................................................. 35
A‐1 Mission Objective 1: Maintain Personnel Safety ...................................................................... 38
A‐2 Mission Objective 2: Maintain Environmental Safety .............................................................. 49
A‐3 Mission Objective 3: Maintain Operational Security ................................................................ 57
A‐4 Mission Objective 4: Maintain Preparedness ............................................................................ 76
A‐5 Mission Objective 5: Maintain Quality of Product .................................................................... 91
A‐6 Mission Objective 6: Meet HR Requirements ......................................................................... 100
A‐7 Mission Objective 7: Pass Required Audits/Inspections ......................................................... 111
A‐8 Mission Objective 8: Obtain Timely Vessel Clearance ............................................................ 120
Appendix B – Section by Section Review of 33 CFR 154‐156 .................................................................. 129
B‐1 Bulk Liquid Transfer Facilities, 33 CFR 154 .............................................................................. 129
B‐2 Oil and Hazardous Materials for Vessels, 33 CFR 155 ............................................................. 132
B‐3 Oil and Hazardous Material Transfer Operations, 33 CFR 156 ............................................... 132
Appendix C – Industry Cybersecurity Processes & Profile Mappings ..................................................... 134
C‐1 Energy Sector Cybersecurity Efforts and the DOE C2M2 Program ......................................... 134
Energy Sector Cybersecurity ............................................................................................... 134
DOE Cybersecurity ............................................................................................................... 134
C‐2 Cybersecurity Framework Informative References ................................................................ 136
C‐3 Mapping of Optional Resources .............................................................................................. 136
Screenshots