UFC 4-010-06 Cybersecurity of Facility-Related Control Systems

Home/Cybersecurity Compliance Resources/UFC 4-010-06 Cybersecurity of Facility-Related Control Systems
0

375 million new unique malware variants

0

98 million known bots globally

0

1.1 billion identities compromised through breaches

01: Just the Facts

This UFC 4-010-06 Cybersecurity of Facility-Related Control Systems describes requirements for incorporating cybersecurity in the design of all facility-related control systems. It defines a process based on the Risk Management Framework suitable for control systems of any impact rating, and provides specific guidance suitable for control systems assigned LOW or MODERATE impact level.

The Risk Management Framework (RMF) is the DoD process for applying cybersecurity to information technology (IT), including control systems. The RMF categorizes systems by the impact the system can have on organizational mission using HIGH, MODERATE, and LOW impact levels.

More About Control Systems

Typically, a control system (CS) consists of networked digital controllers and a user interface. These are used to monitor, and also, generally to control equipment. Control systems range from building control systems to manufacturing control systems to weapon control systems — all with different names and terminology.

Facility-related control systems are a subset of systems used to monitor, and control equipment and systems related to DoD real property facilities (e.g., building control systems, utility control systems, electronic security systems, and fire and life safety systems).

02: The Challenge:

Typically, control systems have not included cybersecurity as part of the architecture and design engineering requirements for Facility-Related Control System (FRCS), which increases both the complexity and cost of these platforms.

UFC 4-010-06 provides requirements for incorporating cybersecurity into the design of FRCS.  The use the DoD Risk Management Framework (DoDI 8500.01 and DoDI 8510.01) as the vehicle to reduce and mitigate vulnerabilities to these platforms. UFC 4-010-06 defines FRCS as “a subset of control systems that are used to monitor and control equipment and systems related to DoD real property facilities (e.g., building control systems, utility control systems, electronic security systems, and fire and life safety systems.”

03: The Cybernet Solution:

Cybernet security engineers are well-versed on how to incorporate the best cybersecurity engineering principles into the Systems Engineering Life Cycle (SELC). They achieve this through a variety of design programs. Cybernet uses NIST SP 800-160 Volumes I and II in conjunction with NIST SP 800-82 as engineering guidelines for developing cyber-defendable systems. In addition, Cybernet is able to provide outstanding insight into ensuring that your FRCS maintains mission readiness, even in the midst of contentious or compromised operating conditions.

04: Services We Offer

  • Cybersecurity engineering expertise from conceptual design through retirement of systems

  • Assessment of cybersecurity effectiveness of both current and future systems staff training in cybersecurity engineering and resiliency.

The Next Step

Connect

Get connected with a Cybernet team member.

Download

Download our most recent Capability Statement.

More About UFC 4-010-06

Learn more about UFC 4-010-06 Cybersecurity of Facility-Related Controls Systems.