NIST / PCSRF is developing Common Criteria Protection Profiles to specify the functional and assurance security requirements for the next generation SCADA systems. Digital Bond was hired to write the draft Protection Profile for Field Devices (PLC’s, RTU’s, PAC’s). The first complete draft is out now at the PCSRF site.

Protection Profiles are not easy documents to read. They are written in a very precise language that supports evaluation. Think of Protection Profiles as highly regimented engineering functional specifications. The decision to make the Protection Profile compliant with the NIAP CCEVS for possible inclusion in this program only added additional rigor in format.

That said, the Common Criteria is actually a very useful process. Right now I’m putting together a shorter, plain english version of the requirements in the Protection Profile and a related presentation for the PCSRF meeting in San Diego. This may have many uses for the community.