Facility Related Control Systems (FRCS) Cybersecurity
DoD recognizes the risk posed by emerging threats to our mission critical cyber-dependent FRCS and capabilities that require constant, unwavering vigilance to ensure availability to perform under all conditions. Consequently, DoD pursues relevant protection approaches that enable a unity of security efforts to secure our networks, facilities, personnel, and operations while minimizing insider threats. FRCS Cybersecurity enables resiliency of essential utilities, environmental temperature and humidity control, fire protection, physical access control, and other key services that almost all other Department of Defense (DoD) Information Technology (IT) rely upon for mission assurance. The EI&E community is responsible for ensuring that FRCS and networks are both physically and logically cyber secure throughout their lifecycle, to include design, construction, operation, maintenance, and decommissioning. The EI&E community must also ensure an adequately trained and cyber-aware workforce is established and maintained, and leadership is informed and engaged on CS Cybersecurity status. DoD Components must plan, program, budget, and report on FRCS Cybersecurity IAW EI&E policy and guidance.
EI&E Policy Memos
- Advanced Cyber Industrial Control System Tactics, Techniques, and Procedures (ACI TTP) for DoD Industrial Control Systems (ICS), Revision 2, March 2018 (PDF, 4.46MB)
TTPs to help DoD ICS practitioner effectively operate their systems to thwart compromise and attacks by providing ICS managers with procedures to detect, mitigate and recover.
- DoD Instruction 8500.01, Cybersecurity (PDF, 350KB)
Guidance, responsibilities, and procedures for DoD cybersecurity.
- DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT) (PDF, 898KB)
Guidance, responsibilities, and procedures for DoD life cycle cybersecurity.
- DoD Instruction 8530.01, Cybersecurity Activities Support to DoD Information Network (DODIN) Operations (PDF, 624KB)
Guidance, responsibilities, and procedures for cybersecurity of the DODIN.
- Unified Facilities Criteria (UFC): Cybersecurity of Facility-Related Control Systems (PDF, 2.37MB)
Requirements for incorporating Cybersecurity in the design of all FRCS.
- DoD Advanced Control System Tactics, Techniques, and Procedures (TTPs), Revision 1, February 2017 (PDF, 1.51MB)
Procedures for detection, mitigation of and recovery from nation-state-level cyber-attacks.
- NIST Special Publication 800-82, Revision 2, Guide to Industrial Control Systems (ICS) Security
Guidance and procedures for securing ICS, including FRCS.
- DoD Manual 3020.45, Vol. 2, Defense Critical Infrastructure Program (DCIP): DCIP Remediation Planning (PDF, 147KB)
Process for remediation actions to reduce risk to defense critical infrastructure (DCI).
- NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (PDF, 880KB)
Provides requirements for protecting confidentiality of CUI in nonfederal organizations, such as Privatized Utilities on military installations.
- DoD Instruction 5205.13, Defense Industrial Base (DIB) Cybersecurity (CS) Activities (PDF, 107KB)
Directs the conduct of DIB CS/IA activities to protect unclassified DoD information.
Special Budgetary Guidance