The Process Control Security Requirements Forum (PCSRF) was to develop and complete a SCADA Field Device Protection Profile. The protection profile will list the security requirements for field devices such as PLC’s, PAC’s, RTU’s and IED’s.
The protection profile is an opportunity for the asset owners, vendors, industry organizations, government organizations and other interested parties to provide a clear and comprehensive set of security requirements for the next generation of field devices. Vendors will then be able to develop field devices that meet the protection profile requirements and have those devices independently tested and certified by an internationally recognized third party.
PCSRF has chosen to use the common criteria methodology to specify functional and assurance requirements. The common criteria have a precise language and methodology that enables for clear specification and objective testing. To achieve this, the common criteria sacrifices readability and are not appropriate document for general reader to learn guidelines or best practices. It may not be easy for even a subject matter expert in SCADA Field Devices to understand some of the later sections of the protection profile text.
To encourage participation each milestone deliverable in this project will have a section with the draft protection profile text and a section explaining the protection profile text.