The Challenge of Automating Security Configuration Checklists in Manufacturing Environments

Published: November 21, 2017


Joshua Lubell, Timothy A. Zimmerman


Information technology is essential for today's manufacturing systems, making them more vulnerable to cybersecurity threats than ever before. This paper discusses the challenge of developing automatable configuration checklists for the manufacturing environment using the Security Content Automation Protocol (SCAP) family of standards. More use of SCAP in manufacturing environments would reduce security vulnerabilities and reduce the likelihood of damaging cyberattacks to manufacturing systems. However, complex relationships and dependencies between and among checklist rules, checking instructions, and software platforms make it difficult to reuse or repurpose existing SCAP-expressed checklist content. A review of recent and current research and technology development yields some potentially promising approaches to improving reuse.
Citation: Critical Infrastructure Protection XI. ICCIP 2017. IFIP Advances in Information and Communication Technology
Publisher Info: Springer, Cham, -1
Pub Type: Book Chapters


SCAP, cybersecurity, checklist, manufacturing, Industrial Control System, XCCDF, platform fragmentation
Created November 21, 2017, Updated November 10, 2018