Industrial Internet Security Framework v 1.0

Security Framework Contents

Annexes

Annex A Industrial Security Standards ............................................................................... 125
A . 1	Role of Standards and Compliance in Security ....................................................... 125
A . 2	Common Standards and Regulation ....................................................................... 126
A . 3	Methodologies to Assess Security Programs .......................................................... 128
A . 4	Standards for Evaluating Security Products ............................................................ 128
A . 4.1		Common Criteria ............................................................................................................. 128
A . 4.2		Federal Information Processing Standard ( FIPS ) ............................................................ 129
A . 5	Safety Standards and Their Relationship with Security ........................................... 129
A . 6	Privacy Standards , Frameworks and Regulation ..................................................... 129
A . 6.1		ISO / IEC AND NIST Privacy Standards .............................................................................. 129
A . 6.2		Privacy Frameworks ........................................................................................................ 130
A . 6.3		Privacy Regulations ......................................................................................................... 130
A . 7	Protocol Resources ................................................................................................ 131
A . 8	Cloud Security Standards ....................................................................................... 132
A . 9	Standard Repositories ........................................................................................... 133
A . 10 Supply Chain Integrity Resources ........................................................................... 133

Annex B Cyber security Capability Maturity Model ( C2M2 ) ............................................... 135
B . 1	Logical Groupings .................................................................................................. 135
B . 2	Assessment Process .............................................................................................. 137
B . 2.1		Assessment Process Requirements ................................................................................ 138
B . 2.2		Assessment Artifact Requirements ................................................................................. 138

Annex C Security Capabilities and Techniques Tables ........................................................ 139 Annex D Revision History .................................................................................................. 144 Annex E Acronyms ........................................................................................................... 145 Annex F Glossary .............................................................................................................. 149 Annex G References .......................................................................................................... 150 Index .................................................................................................................................. 169 Use of Information — Terms , Conditions and Notices ........................................................... 171

IIC : PUB : G4 : V1.0 : PB : 20160926 - vi -

Industrial Internet Security Framework v 1.0 | Page 6