Page 31 - Cyber Defense eMagazine July 2024
P. 31
o RMF Steps: The RMF process includes continuous monitoring and assessment of security
controls. Regular vulnerability assessments are part of the “Assess” step, ensuring that
vulnerabilities are identified and addressed promptly. [12][14].
2. Robust Authentication Methods:
o NIST SP 800-53 Controls: Utilize controls like IA-2 (Identification and Authentication) to enforce
strong authentication mechanisms, including multi-factor authentication (MFA) for accessing OT
systems.
o RMF Steps: During the “Implement” step, ensure that robust authentication methods are deployed
and documented. Continuous monitoring of these controls is essential to maintain their
effectiveness. [12][14].
3. Effective Monitoring:
o NIST SP 800-53 Controls: Implement controls such as SI-4 (System Monitoring) and CA-7
(Continuous Monitoring) to establish effective monitoring mechanisms. These controls help in
detecting and responding to security incidents in real-time.
o RMF Steps: The “Monitor” step in RMF involves continuous monitoring of security controls to
ensure they are functioning as intended and to detect any anomalies or breaches. [12][14].
Reducing the Attack Surface
1. Network Segmentation:
o NIST SP 800-53 Controls: Apply controls like SC-7 (Boundary Protection) to segment networks
and restrict access to critical OT systems. This reduces the attack surface by limiting the pathways
an attacker can use to reach sensitive systems.
o RMF Steps: During the “Select” and “Implement” steps, ensure that network segmentation
strategies are chosen and deployed effectively. Continuous monitoring helps in maintaining the
integrity of these segments. [12][14].
2. Minimizing Internet Exposure:
o NIST SP 800-53 Controls: Use controls such as AC-3 (Access Enforcement) and SC-5 (Denial of
Service Protection) to minimize the exposure of OT devices to the internet. This includes disabling
unnecessary services and ports.
o RMF Steps: The “Categorize” and “Select” steps involve identifying critical assets and selecting
appropriate controls to protect them. Minimizing internet exposure is a key strategy in reducing
vulnerabilities. [12][14].
Cyber Defense eMagazine – July 2024 Edition 31
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.