Cloud-IACS Gap Assessments

IACS High-Level Risk Assessment for Cloud Products and Services

The introduction of a cloud service into an industrial / automation control environment requires a Cyber Security Management System (CSMS) to manage risk by creating policies and procedures, assignment of organization responsibilities, planning and implementation of awareness training, and selection of countermeasures to be implemented by the owner / operator. The CSMS initial high-level risk assessment requires gathering information about the cloud service, some of which must be provided by the product / service provider. This information will allow the owner / operator to confirm the Capability Security Level (SL-C) components that are implemented and maintained by the product / service provider. This information will initiate the CSMS process and provide the starting point for a detailed risk assessment using the Cloud Security Maturity Model.