Cloud security documents and tools to assist with conducting risk assessments that conform to the ICS62443 guidelines.
Current Version: CutSec_IACS_Cloud_Assessments_v1.0.pdf
The introduction of a cloud service into an industrial / automation control environment requires a Cyber Security Management System (CSMS) to manage risk by creating policies and procedures, assignment of organization responsibilities, planning and implementation of awareness training, and selection of countermeasures to be implemented by the owner / operator. The CSMS initial high-level risk assessment requires gathering information about the cloud service, some of which must be provided by the product / service provider. This information will allow the owner / operator to confirm the Capability Security Level (SL-C) components that are implemented and maintained by the product / service provider. This information will initiate the CSMS process and provide the starting point for a detailed risk assessment using the Cloud Security Maturity Model.
These documents are licensed under the Creative Commons Attribution-NoDerivs (CC BY-ND). This license lets others reuse the work for any purpose, including commercially; however, it cannot be shared with others in adapted form, and credit must be provided to you. Please read the LICENSE file prior to use, updates, and distribution.