MTPR SAI 11 Cybersecurity New Question Set 5_11_2021.xlsx

Highway Baseline Assessment for Security Enhancement (BASE) Program

MTPR SAI 11 Cybersecurity New Question Set 5_11_2021.xlsx

OMB: 1652-0062

Document [xlsx]
Download: xlsx | pdf
Proposed Cybersecurity SAI Questions - MT BASE
NIST Category
Section Description
11.000 Developing a Comprehensive Cybersecurity Strategy (In accordance with NIST Framework)
11.100 IDENTIFY
11.101 Does your agency have a cybersecurity program? Asset Management
11.102 Does your agency have written and approved cybersecurity policy, plan, process, and supporting procedures? Asset Management
11.103 Do your cybersecurity plans incorporate any of the following approaches/guidance? Asset Management

*National Institute of Standards and Technology (NIST), Framework for Improving Critical Infrastructure Cybersecurity Asset Management

*NIST 800-171 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations Asset Management

*NIST 800-82 - Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection Asset Management

*NIST Special Publication 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations Asset Management

*ISO/IEC 27001 - Information Security Management Asset Management

*U.S. Department of Homeland Security, Transportation Systems Sector Cybersecurity Framework Implementation Guidance Asset Management

*Industry-specific methodologies (See APTA categories) Asset Management

*Other (if checked, elaborate) Asset Management
11.104 Does your agency review, assess, and update as necessary all cybersecurity policies, plans, processes, and supporting procedures at least every 12 months, or when there is a significant organizational or technological change? Governance
11.105 Does your organization conduct cyber vulnerability assessments as described in your risk assessment process in the following environments? Business Environment

*OT environment? Business Environment

* IT environment? Business Environment
11.106 Has a written cybersecurity incident response strategy been developed and integrated into the overall cybersecurity program? Risk Management Strategy
11.107 Has your agency taken actions to ensure their supply chain policies, procedures, and processes—include acquisition, receipt, warehouse, inventory control, and distribution—when acquiring vehicles, equipment, goods and services to ensure that cybersecurity risks are addressed? Supply Chain Management
11.200 PROTECT
11.201 Does your agency have a designated and alternate cybersecurity representative and/or team responsible for the following? Identity Management & Access Control

*OT? Identity Management & Access Control

*IT? Identity Management & Access Control
11.202 Does the agency ensure that recurring cybersecurity training reinforces security roles, responsibilities, and duties of employees at all levels to protect against and recognize cyber threats for the following? Awareness and Training

*OT? Awareness and Training

*IT? Awareness and Training
11.203 Has your agency established and documented policies and procedures for the following?
Data Security

*Access Control Data Security

*Awareness and Training Data Security

*Audit and Accountability Data Security

*Configuration Management/Baseline security controls Data Security

*Cyber Asset Management and Maintenance/Change Management Data Security

*Cybersecurity Incident Response Data Security

*Identification and Authentication Data Security

*Information Protection Data Security

*Insider Threat Data Security

*Media Protection Data Security

*Patch Management Data Security

*Personnel Security Data Security

*Physical Protection (related to cyber systems, cyber assets, communications) Data Security

*Recovery (disaster, business continuity) plan(s) Data Security

*Risk Assessment Data Security

*Security Assessment Data Security
11.204 Does the agency prioritize protection for accounts with elevated privileges, remote access, and/or used on high value assets by using a multi-factor authentication approach for the identified high-value assets? Information Protection Processes & Procedures
11.300 DETECT
11.301 Has your agency implemented processes to respond to anomalous activity through the following?
Anomalies and Events

*Generating alerts and responding to them in a timely manner? Anomalies and Events

*Logging cybersecurity events and reviewing these logs? Anomalies and Events

*Are logs regularly analyzed and maintained for a minimum of 12 months? Anomalies and Events
11.302 Does your agency monitor for unauthorized access or the introduction of malicious code or communications? Security Continuous Monitoring
11.303 Has your agency established technical or procedural controls for cyber intrusion monitoring and detection? Security Continuous Monitoring
11.400 RESPOND
11.401 Has your agency established policies and procedures for cybersecurity incident handling, analysis, and notifications (reporting/alerting), including assignments of specific roles/tasks to individuals and teams? Response Planning
11.402 Does the organization have procedures in place for reporting incidents through the appropriate channels (i.e. local FBI and CISA cyber incident response office(s)) and also contacting TSA's Transportation Security Operations Center (TSOC) for actual or suspected cyber-attacks that could impact transportation operations? Communications
11.500 RECOVER
11.501 Has your agency established a plan for the recovery and reconstitution of cyber assets within a time frame to align with the organization's safety and business continuity objectives? Recovery Planning
11.502 Has the agency developed, separately or as part of another document, recovery plans in the event of a cybersecurity incident for the following? Recovery Planning

*IT(devices that support communication, business enterprise)? Recovery Planning

*IT/OT (devices that support the operations and ICS/SCADA environment)? Recovery Planning

*ICS/SCADA (cyber systems that are used to perform transit operations and management)? Recovery Planning
11.503 Does your agency review its cyber recovery plan annually and update it as necessary? Recovery Planning
11.504 Does the agency document lessons learned and incorporate them into cybersecurity planning and training? Improvements
11.505 Does the agency have documented procedures in place to coordinate restoration efforts with internal and external stakeholders (coordination centers, Internet Service Providers, victims, vendors, etc.)? Communications







Paperwork Reduction Act Burden Statement:  This is a voluntary collection of information.  TSA estimates that the total average burden per response associated with this collection is approximately 6 hours.  An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a valid OMB control number.  The control number assigned to this collection is OMB 1652-0062, which expires on 05/31/2024. Send comments regarding this burden estimate or collection to TSA-11, Attention: PRA 1652-0062 BASE, 6595 Springfield Center Drive, Springfield, VA 20598-6011.

File Typeapplication/vnd.openxmlformats-officedocument.spreadsheetml.sheet
File Modified0000-00-00
File Created0000-00-00

© 2024 OMB.report | Privacy Policy