Friday, 6 September 2019

NIST 800-82 Industrial Control Systems


NIST 800-82:


NIST Cyber Security Framework

Good 2019 paper on the NIST CSF:

https://www.oas.org/en/sms/cicte/docs/OAS-AWS-NIST-Cybersecurity-Framework(CSF)-ENG.pdf

The US identified 16 critical infrastructure sectors: Chemical; Commercial Facilities; Communications; Critical Manufacturing; Dams; Defense Industrial Base; Emergency Services; Energy; Financial Services; Food and Agriculture; Government Facilities; Healthcare and Public Health; Information Technology; Nuclear Reactors, Materials, and Waste; Transportation Systems; and Water and Wastewater Systems.

Sunday, 9 June 2019

SSL Inspection

The following gives a very good overview of the pros and cons of SSL inspection. Some I hadn't thought about.

https://www.helpnetsecurity.com/2017/03/08/https-interception-dilemma/


Good document from Symantec describing certificate pinning:

https://www.symantec.com/content/dam/symantec/docs/white-papers/certificate-pinning-en.pdf