Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Challenges to Automating Security Configuration Checklists in Manufacturing Environments

Published

Author(s)

Joshua Lubell, Timothy A. Zimmerman

Abstract

Information technology is essential for today's manufacturing systems, making them more vulnerable to cybersecurity threats than ever before. This paper discusses the challenge of developing automatable configuration checklists for the manufacturing environment using the Security Content Automation Protocol (SCAP) family of standards. More use of SCAP in manufacturing environments would reduce security vulnerabilities and reduce the likelihood of damaging cyberattacks to manufacturing systems. However, complex relationships and dependencies between and among checklist rules, checking instructions, and software platforms make it difficult to reuse or repurpose existing SCAP-expressed checklist content. A review of recent and current research and technology development yields some potentially promising approaches to improving reuse.
Citation
Critical Infrastructure Protection XI. ICCIP 2017. IFIP Advances in Information and Communication Technology
Publisher Info
Springer, Cham, -1

Keywords

SCAP, cybersecurity, checklist, manufacturing, Industrial Control System, XCCDF, platform fragmentation

Citation

Lubell, J. and Zimmerman, T. (2017), Challenges to Automating Security Configuration Checklists in Manufacturing Environments, Critical Infrastructure Protection XI. ICCIP 2017. IFIP Advances in Information and Communication Technology, Springer, Cham, -1, [online], https://doi.org/10.1007/978-3-319-70395-4_12 (Accessed June 22, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created November 21, 2017, Updated May 4, 2021