ISA TR99.00.01 : 2007

Foreword
Introduction
1 Scope
2 Purpose
3 General Terms and Definitions
   3.1 Definitions
   3.2 Acronyms
   3.3 Sources for Definitions and Abbreviations
4 Overview
5 Authentication and Authorization Technologies
   5.1 Role-Based Authorization Tools
   5.2 Password Authentication
   5.3 Challenge/Response Authentication
   5.4 Physical/Token Authentication
   5.5 Smart Card Authentication
   5.6 Biometric Authentication
   5.7 Location-Based Authentication
   5.8 Password Distribution and Management Technologies
   5.9 Device-to-Device Authentication
6 Filtering/Blocking/Access Control Technologies
   6.1 Network Firewalls
   6.2 Host-based Firewalls
   6.3 Virtual Networks
7 Encryption Technologies and Data Validation
   7.1 Symmetric (Secret) Key Encryption
   7.2 Public Key Encryption and Key Distribution
   7.3 Virtual Private Networks (VPNs)
8 Management, Audit, Measurement, Monitoring, and Detection
   Tools
   8.1 Log Auditing Utilities
   8.2 Virus and Malicious Code Detection Systems
   8.3 Intrusion Detection Systems
   8.4 Vulnerability Scanners
   8.5 Forensics and Analysis Tools (FAT)
   8.6 Host Configuration Management Tools
   8.7 Automated Software Management Tools
9 Industrial Automation and Control Systems Computer Software
   9.1 Server and Workstation Operating Systems
   9.2 Real-time and Embedded Operating Systems
   9.3 Web Technologies
10 Physical Security Controls
   10.1 Physical Protection
   10.2 Personnel Security

ISA-TR99.00.01-2007, Security Technologies for Industrial Automation and Control Systems, provides a comprehensive review of cybersecurity technologies and countermeasures relevant to industrial automation and control systems (IACS), covering areas such as role-based access control, password and token authentication, biometric and location-based methods and the use of smart cards. This technical report details network and host-based firewalls, virtual LANs and encryption techniques, including symmetric and public key cryptography, along with VPN implementations. It also examines management tools like log auditing, virus detection, intrusion detection systems, vulnerability scanners, forensic analysis, host configuration management and automated software deployment. Additionally, ISA-TR99.00.01 emphasizes the importance of physical security measures and personnel security practices to defend against both technical and human vulnerabilities. Throughout this document, deployment considerations, known limitations and future directions are discussed, especially in relation to the constraints and needs of industrial control environments