Nuclear Cyber Security Frameworks and Controls

Vocabulary terms covering regulatory standards and specific cyber security control categories for nuclear power reactors.

NEI 08-09

Cyber Security Plan for Nuclear Power Reactors

10 CFR 73.54

Protection of Digitial Computer and Communication Systems and Networks

10 CFR 73.55

Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage

NEI 10-04

Identifying Systems and Assets Subject to the Cyber Security Rule

NEI 13-10

Cyber Security Control Assessments Controls

Evaluate and Manage Cyber Risk

Ensures risks to computer control systems are properly calculated and handled

Audit and Accountability

Establishes the events that are necessary to record, audit, and defines storage and retention requirements

System and Services Acquisition

Focuses on maintaining the integrity of a CDA during the procurement and manufacturing processes

System and Communication Protection

Manages the communications between CDAs.

Physical and Operational Environment Protection

Is related to physical security and access to CDAs and their communication pathways

Cyber Security Contingency Plan

Control describes activities such as data backups, storage, and recovery actions

Configuration Management

Ensures that hardware and software changes are documented and assessed to confirm that CDAs remain secure from cyber threats

Media Protection

Provides details for protecting security information stored on CDA media or Digital Test Equipment

Attack Mitigation and Response

Deals with the actions required to identify and respond to a cyber-attack or threat

Identification and Authentication

Used to positively identify users, hosts, and Applications

Personnel Security

Provides requirements for granting access to the individuals who require access to CDAs.