NRC & NIST 800.53

NRC RG 5.71, currently in its Draft Final Rule, spells out the requirements for a cyber security plan to be submitted by the licensees for the NRC’s review and approval.  The licensee is required to “provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat as described in Title 10 of the Code of Federal regulations (10CFR) Part73, Section 73.1.”

 The provisions in RG 5.71 require protection of all critical systems and networks and require of the licensee to implement controls that will defend these systems against any cyber attack that would adversely affect the availability, integrity and confidentiality of the critical system’s assets and data. The protection of critical assets and data is to be achieved through the, “implementation of state-of-the-art defense-in–depth protective strategies” RG 5.71 c (2), whose aim “to ensure   that the functions or tasks required to be performed by the critical assets … are maintained and carried out” RG 5.71 c (4) and “to prevent adverse effects from cyber attacks” (RG5.71 c (3)).

 The controls referred to in NIST 800.53 and the recommendations relevant to those controls found in NIST 800.82, are defined in terms of three distinct classes; management, operational and technical. Each class is further divided into families of controls as per the table below.

 The Waterfall One-Way™ Unidirectional Security Gateway provides specific responses to the control families mentioned in the following sections: Access Control, Audit and Accountability, Configuration Management, Media Protection, System and Information Integrity, System and Services Acquisition, Security Assessment and Authorization, Contingency Planning, Physical and Environmental Protection, System and Communications Protection. (AC, AU, CA, CM, CP, MP, PE, SA, SI and SC). Each of the relevant specific controls within these families as well as relevant recommendations made in NIST 800.82 will be discussed herein together with its corollary Waterfall One-Way™ response.

 Please note that the controls, can be either directly relevant to Waterfall One Way™ technology, or supported by the technology but not directly linked to it or totally irrelevant and relate to other aspects of security. The following will discuss only the directly relevant controls which Waterfall One Way™ technology directly provides an answer to.

For detailed information, including white papers, regarding archiving NRC compliance using Waterfall’s gateways – please contact us at info@waterfall-security.com.