Which framework is commonly used to establish security controls in IACS?

The National Institute of Standards and Technology Special Publication 800-53 is a widely recognized framework specifically designed for establishing security and privacy controls across various information systems, including Industrial Automation and Control Systems (IACS). This framework provides a comprehensive catalog of security and privacy controls that can be tailored to the specific risks associated with IACS, making it highly applicable in environments where cybersecurity is a critical concern.

The controls outlined in NIST SP 800-53 help organizations effectively identify and manage risks, ensuring that IACS can operate securely and continue to meet operational objectives. This is particularly important given the unique cybersecurity challenges that IACS faces, such as the integration of legacy systems, the need for real-time operation, and potential vulnerabilities in interconnected devices.

Other frameworks, while valuable in their respective domains, do not focus as specifically on security controls for systems like IACS. For example, ISO 9001 is primarily concerned with quality management systems, COBIT 5 focuses on IT governance and management, and ITIL is related to IT service management. None of these frameworks provide the targeted guidance for security controls within the specialized context of Industrial Automation and Control Systems that NIST SP 800-53 offers.