The IT Law Wiki

Project[]

The Cyber Security Procurement Language for Control Systems project was established in 2006. It was an initiative that DHS sponsored together with Idaho National Laboratory, the Multi-State Information Sharing and Analysis Center, and private industry. The purpose of the project was to summarize security principles that should be considered when designing and procuring control systems products and provide examples of language to incorporate into procurement specifications.

The results of this endeavor represent the joint effort of the public and private sectors focused on the development of common procurement language for use by all control systems stakeholders. The goal is for federal, state, and local asset owners and regulators to obtain a common control systems security understanding; using these procurement guidelines will help foster this understanding and lead to integration of security into control systems.

In January 2007 the National Infrastructure Advisory Council issued a report recommending that the Office of Management and Budget mandate that federal agencies apply the procurement language when procuring control systems and services.

Publication[]

The Department of Homeland Security, Cyber Security Procurement Language for Control Systems (Aug. 2008) provides information and specific examples of procurement language text to assist the control systems community, both owners and integrators, in establishing sufficient control systems security controls within contract relationships to ensure an acceptable level of risk.