HWY SAI 13 Cybersecurity New Question Set 5_11_2021.xlsx

Highway Baseline Assessment for Security Enhancement (BASE) Program

HWY SAI 13 Cybersecurity New Question Set 5_11_2021.xlsx

OMB: 1652-0062

Document [xlsx]
Download: xlsx | pdf

Overview

SAI 13 Cybersecurity
PRA Burden Statement


Sheet 1: SAI 13 Cybersecurity

Proposed Cybersecurity SAI Questions - HWY BASE
NIST Category
Section Description
13.000 Enhance Internal and External Cybersecurity
13.000 IDENTIFY
13.101 Does your organization have a cybersecurity program? Asset Management
13.102 Does your organization have written and approved cybersecurity policy, plan, process, and supporting procedures? Asset Management
13.103 Do your cybersecurity plans incorporate any of the following approaches/guidance? Asset Management

*National Institute of Standards and Technology (NIST), Framework for Improving Critical Infrastructure Cybersecurity Asset Management

*NIST 800-171 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations Asset Management

*NIST Special Publication 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations Asset Management

*ISO/IEC 27001 - Information Security Management Asset Management

*U.S. Department of Homeland Security, Transportation Systems Sector Cybersecurity Framework Implementation Guidance Asset Management

*Industry-specific methodologies (See TRB, APTA, and ATA Fleet CyWatch, etc.) Asset Management

*Other (if checked, elaborate) Asset Management
13.104 Does your organization review, assess, and update as necessary all cybersecurity policies, plans, processes, and supporting procedures at least every 12 months, or when there is a significant organizational or technological change? Governance
13.105 Does your organization conduct cyber vulnerability assessments as described in your risk assessment process in the following environments? Risk Assessment

*OT environment? Risk Assessment

* IT environment? Risk Assessment
13.106 Has a written cybersecurity incident response strategy been developed and integrated into the overall cybersecurity program? Risk Management Strategy
13.107 Has your organization taken actions to ensure their supply chain policies, procedures, and processes—include acquisition, receipt, warehouse, inventory control, and distribution—when acquiring vehicles, equipment, goods and services to ensure that cybersecurity risks are addressed? Supply Chain Management
13.200 PROTECT
13.201 Does your organization have a designated and alternate cybersecurity representative and/or team responsible for the following? Identity Management & Access Control

*OT? Identity Management & Access Control

*IT? Identity Management & Access Control
13.202 Does the organization ensure that recurring cybersecurity training reinforces security roles, responsibilities, and duties of employees at all levels to protect against and recognize cyber threats for the following? Awareness and Training

*OT? Awareness and Training

*IT? Awareness and Training
13.203 Has your organization established and documented policies and procedures for the following?
Data Security

*Access Control Data Security

*Awareness and Training Data Security

*Audit and Accountability Data Security

*Configuration Management/Baseline security controls Data Security

*Cyber Asset Management and Maintenance/Change Management Data Security

*Cybersecurity Incident Response Data Security

*Identification and Authentication Data Security

*Information Protection Data Security

*Insider Threat Data Security

*Media Protection Data Security

*Patch Management Data Security

*Personnel Security Data Security

*Physical Protection (related to cyber systems, cyber assets, communications) Data Security

*Recovery (disaster, business continuity) plan(s) Data Security

*Risk Assessment Data Security

*Security Assessment Data Security
13.204 Does the organization prioritize protection for accounts with elevated privileges, remote access, and/or used on high value assets by using a multi-factor authentication approach for the identified high-value assets? Information Protection Processes & Procedures
13.300 DETECT
13.301 Has your organization implemented processes to respond to anomalous activity through the following?
Anomalies and Events

*Generating alerts and responding to them in a timely manner? Anomalies and Events

*Logging cybersecurity events and reviewing these logs? Anomalies and Events

*Are logs regularly analyzed and maintained for a minimum of 12 months? Anomalies and Events
13.302 Does your organization monitor for unauthorized access or the introduction of malicious code or communications? Security Continuous Monitoring
13.303 Has your organization established technical or procedural controls for cyber intrusion monitoring and detection? Security Continuous Monitoring
13.400 RESPOND
13.401 Has your organization established policies and procedures for cybersecurity incident handling, analysis, and notifications (reporting/alerting), including assignments of specific roles/tasks to individuals and teams? Response Planning
13.402 Does the organization have procedures in place for reporting incidents through the appropriate channels (i.e. local FBI and CISA cyber incident response office(s)) and also contacting TSA's Transportation Security Operations Center (TSOC) for actual or suspected cyber-attacks that could impact transportation operations? Communications
13.500 RECOVER
13.501 Has your organization established a plan for the recovery and reconstitution of cyber assets within a time frame to align with the organization's safety and business continuity objectives? Recovery Planning
13.502 Has the organization developed, separately or as part of another document, recovery plans in the event of a cybersecurity incident for the following? Recovery Planning

*IT(devices that support communication, business enterprise)? Recovery Planning

*IT/OT (devices that support the organization's operations)? Recovery Planning

*ICS (cyber systems for operations and management)? Recovery Planning
13.503 Does your organization review its cyber recovery plan annually and update it as necessary? Recovery Planning
13.504 Does the organization document lessons learned and incorporate them into cybersecurity planning and training? Improvements
13.505 Does the organization have documented procedures in place to coordinate restoration efforts with internal and external stakeholders (coordination centers, Internet Service Providers, victims, vendors, etc.)? Communications

Sheet 2: PRA Burden Statement

Paperwork Reduction Act Burden Statement:  This is a voluntary collection of information.  TSA estimates that the total average burden per response associated with this collection is approximately 6 hours.  An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a valid OMB control number.  The control number assigned to this collection is OMB 1652-0062, which expires on 05/31/2024. Send comments regarding this burden estimate or collection to TSA-11, Attention: PRA 1652-0062 BASE, 6595 Springfield Center Drive, Springfield, VA 20598-6011.
File Typeapplication/vnd.openxmlformats-officedocument.spreadsheetml.sheet
File Modified0000-00-00
File Created0000-00-00

© 2024 OMB.report | Privacy Policy