Describe the importance of cybersecurity standards applicable to manufacturing systems.

Description should include

• U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework (https://www.nist.gov/cyberframework Links to an external site.) 
• Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST Special Publication [SP] 800-37) (https://csrc.nist.gov/publications/detail/sp/800-37/rev-1/final Links to an external site.) 
• Security and Privacy Controls for Federal Information Systems and Organizations (NIST SP 800-53) (https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final Links to an external site.) 
• Guide to Industrial Control Systems (ICS) Security (NIST SP 800-82) (https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final Links to an external site.) 
• Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST 800-171) (https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final Links to an external site.) 
• International Society of Automation (ISA)/IEC 62443 Cybersecurity Certificate Programs (https://www.isa.org/training-and-certifications/isa-certification/isa99iec-62443/isa99iec-62443-cybersecurity-certificate-programs/ Links to an external site.) 
• Enterprise-control System Integration, International Standards Organization (ISO)/IEC 62264 (Purdue Enterprise Reference Architecture) (https://www.iso.org/standard/57308.html Links to an external site.).

Teacher Resource: Building Security to Achieve Engineering and Business Requirements, General Electric and Dragos (https://dragos.com/wp-content/uploads/SecIndSys_Purdue_GEDragos.pdf Links to an external site.) 

Process/Skill Questions:

• What is the significance of the Purdue model?
• Why did NIST have to publish rules specific to control systems (e.g., SP 800-82)?
• Why are standards important?
• What is the difference between a standard and a law?