API規格 STD 1164, 3rd Edition, 2021: Pipeline Control Systems Cybersecurity (Includes all amendments and changes through Errata , August 2021)

API規格 STD 1164, 3rd Edition, 2021

産業規格・仕様書  >  API  > 




API規格 STD 1164, 3rd Edition, 2021

48,180(税込)

数量

書名

API STD 1164, 3rd Edition, 2021: Pipeline Control Systems Cybersecurity
(Includes all amendments and changes through Errata , August 2021)

API規格 STD 1164, 第3版, 2021: パイプライン制御システムへのサイバーセキュリティ
発行元 API
発行年/月 2021年8月
装丁 ペーパー
ページ数 142 ページ
発送予定 海外倉庫よりお取り寄せ 1-2週間以内に発送します
※セキュアPDF版(シングルユーザー), セキュアPDF版 + 冊子版をご希望のお客様は別途お問合せ下さいませ。
※当ウェブ・ショップに掲載のない規格につきましては、別途お問合せ下さいませ。
※掲載の規格は、当ウェブ・ショップに掲載時点で確認できた最新版でございます。 最新の発行状況につきましては受注時に改めて確認をさせて頂きますので予めご了承下さい。


 

Description

Purpose
This standard provides requirements and guidance for managing cyber risk associated with industrial automation and control (IAC) environments to achieve security, integrity, and resiliency objectives. Within this standard, this is accomplished through proper isolation of IAC environments from non-IAC environments to help IAC operational continuity.

Even with proper isolation of IAC environments from IT environments, both play a part in overall business continuity. IAC operational continuity and IT system continuity are often developed and implemented jointly as part of the overall business continuity plan.

The scope of this standard is limited to only the IAC cybersecurity aspects that can influence overall business continuity.

This standard is tailored for the oil and natural gas (ONG) pipeline industry, which includes, but is not limited to, natural gas and hazardous liquid transmission pipeline systems, natural gas distribution pipeline systems, liquefied natural gas (LNG) facilities, propane air facilities, and others involved in these industries.

This standard was developed to provide an actionable approach to protect IAC essential functions by managing cybersecurity risk to IAC environments. IAC environments can include, but are not limited to, supervisory control and data acquisition (SCADA), local control, and industrial internet of things (IIoT) solutions. This standard should be used in the context of developing, implementing, maintaining, and improving an IAC cybersecurity program, which includes the policies, processes, and procedural and technical controls for IAC cyber environments.

This standard is a set of requirements that should be customized prior to implementation using the company’s risk management processes. The outcome is a customized, company-specific set of requirements for an IAC cybersecurity program to help manage the cybersecurity posture and any resulting residual risk to its IAC environments in alignment with the company’s mission, objectives, and risk strategy, and in accordance with its policies and procedures.

While identification of threats and impacts is critical to the development of the IAC cybersecurity program, a riskbased evaluation of each will ensure the program is appropriately implemented, executed, and sustained consistent with an organization’s desired risk posture. This standard focuses on desired cybersecurity outcomes by defining requirements for specific business objective impact protection levels.

Although the principles defined in this standard could be applied to safety instrumented systems (SIS), they are out of scope of this document. The security requirements specified within this standard do not attempt to address potential impacts to SIS safety integrity level (SIL) selection or determination. Any use of this standard in SIS environments is at the implementer’s discretion and risk.

For companies that already have an IAC cybersecurity program, including one or more approved program policies and a documented IAC cybersecurity plan or plans implemented or being implemented, this standard should be considered an augmentation to their existing cybersecurity program elements. In these situations, a process of mapping this standard to current IAC cybersecurity program elements will determine any API 1164 requirements not currently in the existing program. The implementation of any missing elements should be tailored and prioritized using the company’s risk management processes. The tailoring process for API 1164 cybersecurity requirements is described in 5.5.

This standard is not intended to preclude the implementation or use of any current or emerging technologies as long as applicable requirements specified herein are properly implemented, risk appropriate, and consistent with the company’s risk management strategy.