SAEP-99

7/13/2019 SAEP-99

1/18

Engineering ProcedureSAEP-99 20 April 2008

Process Automation Networks & Systems Security

Communications Standards Committee MembersGhamdi, Khalid Sulaiman, Chairman

Muammar, Rushdi Husain, Vice Chairman

Shammary, Diab Methqal

Mushcab, Rami Talib

Walaie, Soliman Abdullah

Bamardouf, Lutfi Hussain

Mutairi, Salman Ayedh

Rajeh, Majed Fahad

Abu Alsaud, Zakarya Abdulelah

Daraiseh, Abdelghani A.

Kille, Bradley ClydeTamimi, Mohammed Abdulaziz

Qanber, Yousuf Abdul Aziz

Musabeh, Ali Hamza

Harbi, Saad Abdullah

Elwi, Salem Saud

Almadi, Soloman Musa

Gotsis, Stavros D

Kahtani, Waheed Hazza

Saudi Aramco DeskTop Standards

Table of Contents

1 Scope............................................................ 22 Conflicts and Deviations............................... 23 Referenced Documents................................. 34 Instructions.................................................... 35 Responsibilities............................................ 146 Definitions.................................................... 157 Abbreviations............................................... 17

Previous Issue: 28 October 2007 Next Planned Update: 27 October 2012

Revised paragraphs are indicated in the right margin Page 1 of 18Primary contact: Abu Alsaud, Zakarya Abdulelah on 966-3-8737316

CopyrightSaudi Aramco 2008. All rights reserved.

7/13/2019 SAEP-99

2/18

Document Responsibility: Communications SAEP-99

Issue Date: 20 April 2008

Next Planned Update: 27 October 2012 Process Automation Networks & Systems Security

Page 2 of 18

1 Scope

This procedure provides minimum mandatory security requirements for Industrial

Automation & Control Systems (IA&CS) including the networks and plant facilities.This procedure is retroactive to all Saudi Aramco Plants. The scope of this procedureincludes but is not limited to:

Networks and Systems hardware and software such as Process Automation Network(PAN), Distributed Control Systems (DCSs), Emergency Shutdown Systems (ESD),

Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition

(SCADA) systems, Terminal Management Systems (TMS), networked electronicsensing systems, Power Monitoring System (PMS), Vibration Monitoring (VMS)

and other monitoring, diagnostic and related industrial automation and control

systems.

Associated internal, human, network, or machine interfaces used to provide control,safety, maintenance, quality assurance, and other process operations functionalitiesto continuous, batch, discrete, and combined processes.

The security requirements address the following eight security domains:

1) Access Control Systems & Methodology2) Communications & Networks Security

3) Security Management Practices

4) Applications & Systems Development Security5) Security Architecture & Models

6) Operations Security & Management7) Disaster Recovery Planning (DRP)8) Physical Security.

2 Conflicts and Deviations

2.1 Any conflicts between this Procedure and other applicable Saudi AramcoEngineering Standards (SAES's), Materials System Specifications (SAMSS's)

Standard Drawings (SASDs), or industry standards, codes, and forms shall be

resolved in writing to the Manager, Process & Control Systems Department ofSaudi Aramco, Dhahran.

2.2 Direct all requests to deviate any mandatory security requirement from thisprocedure in writing to the Manager, Process & Control Systems Department

of Saudi Aramco, Dhahran who shall follow internal company procedureSAEP-302.
http://standards/docs/SAEP/PDF/SAEP-302.pdfhttp://standards/docs/SAEP/PDF/SAEP-302.pdf

7/13/2019 SAEP-99

3/18




Page 3 of 18

3 Referenced Documents

The requirements contained in the following documents apply to the extent specified in

this procedure.

3.1 Saudi Aramco References

Saudi Aramco Engineering Standards

SAES-Z-010 Process Automation Networks Connectivity

Saudi Aramco Engineering Procedure

SAEP-302 Instructions for Obtaining a Waiver of a

Mandatory Saudi Aramco Engineering

Requirement

SAEP-1050 Guideline for Disaster Recovery Plan

Development for Decision Support System

Saudi Aramco Engineering Reports

SAER-6123 Process Automation Networks Firewall

Evaluation Criteria

Saudi Aramco General Instructions

GI-0710.002 Classification of Sensitive Information

GI-0299.120 Sanitization and Disposal of Saudi Aramco

Electronic Storage Devices and

Obsolete/Unneeded Software

Company Policy

INT-7 Data Protection and Retention

3.2 Industry Codes and Standards

The Instrumentation, Systems, and Automation Society

ISA-TR99.00.01-2004 ISA Technical Report: "Security Technologies for

Manufacturing and Control Systems", March11, 2004

ISA-TR99.00.02-2004 ISA Technical Report: "Integrating Electronic

Security into the Manufacturing and Control

Systems Environment", April 12, 2004

ISA-d99.00.01 ISA Security Standard: "Security for Industrial

Automation and Control Systems Part 1:
http://standards/docs/SAES/PDF/SAES-Z-010.pdfhttp://standards/docs/SAEP/PDF/SAEP-99.pdfhttp://saep-1050.pdf/http://standards/docs/Engineering_Reports/PDF/SAER-6123.pdfhttp://standards/docs/Engineering_Reports/PDF/SAER-6123.pdfhttp://saep-1050.pdf/http://standards/docs/SAEP/PDF/SAEP-99.pdfhttp://standards/docs/SAES/PDF/SAES-Z-010.pdf

7/13/2019 SAEP-99

4/18




Page 4 of 18

Terminology, Concepts and Models", February

2007

4 Instructions

In this procedure, the terms "must", "shall", "should" and "can" are used. When must orshall is used, the item is a mandatory requirement. When should is used, the item is

strongly recommended but not mandatory. When can is used, compliance may further

enhance the system security but compliance is optional.

This procedure shall be applied to all systems and networks as appropriate byknowledgeable Process Control Systems personnel. It helps to identify and address a

wide spectrum of vulnerabilities, and to mitigate the risk of undesired intrusions thatcould compromise confidential information or cause disruption or failure in the IA&CS.

The following are requirements for plants networks and systems security:

a) Follow and apply "IA&CS vendor" recommendations and requirements for

systems and networks security including Antivirus software and upgrades andsecurity patches with a prior economic analysis of risk versus cost. "IA&CS

vendor" refers to the vendor or manufacturer of the IA&CS.

b) The user of this procedure must exercise sound professional judgment concerningits use and applicability under user's particular circumstances. The user must also

consider the applicability of any government regulatory, Saudi Aramco standards,

and safety practices before implementing this procedure.

c) The delegation of any PAN management or operational function to another entityshall be executed through a Service Level Agreement (SLA).

4.1 Access Control Systems & Methodology

The IA&CS access shall be restricted to plant authorized personnel such asOperators, Engineers and Maintenance personnel that are authorized to operate

or administer the network and perform system configuration, diagnostics, and

system monitoring.

4.1.1 Authentication and Authorization

Authorization can be as granular as determining access to specific filesin an application or as encompassing an access to a network.

Authentication describes the process of positively identifying potential

network users, hosts, applications, services, and resources using acombination of identification factors or credentials.

7/13/2019 SAEP-99

5/18




Page 5 of 18

Passwords, if supported by the system or application, shall be theminimum authentication requirement. The logon/logoff process shall

neither cause system interruptions nor momentarily loss of view. For

systems with hardware key authentication, the key must be securelyguarded and logged.

The following are the requirements for the passwords:

a) Passwords shall have appropriate length and entropy

characterization for the security required. In particular, they shouldnot be found in a dictionary or contain predictable sequences of

numbers or letters.

b) Passwords shall be used with care on operator interface devices

such as control consoles on critical processes. Passwords shall beguarded to prevent unauthorized access.

c) User Account password shall not be stored electronically inunprotected files.

d) All vendor-supplied default passwords for predefined accounts

shall be changed immediately after installation or upgrade.

e) In order to change user account passwords, users should always berequired to provide both their old and new passwords, if supported

by the system.

f) The keeper of master passwords or his backup(s) shall always beavailable to ensure continuous operations. A password log,

especially for master passwords, shall be maintained separately

from the IA&CS, possibly in a notebook locked in a vault or safe.

g) For user authentication purposes, password use is common andgenerally acceptable for users logging directly into a local device

or a computer. Passwords shall always be encrypted when sent

between networks.

h) An automatic message, if supported by the systems, should be sent

to users notifying them about the remaining days for their expiredpasswords.

Individual accounts are mandatory for Supervisors, Engineers andAdministrators, if supported by the system.

7/13/2019 SAEP-99

6/18




Page 6 of 18

4.1.2 User Account Types

a) An application accounts are those associated with applications.

The password for such accounts should always be used inencrypted/protected and encapsulated form and shall not be codedinto the application in plain text.

b) Operator Accounts are those used by Operators to access the

system and operate the plant. Such Accounts shall have a restricted

user profile so that the operator will not be able to install programs,change software configuration, or access floppy disk, CD drives, or

any removable media.

Shared operator accounts shall be restricted to those authorized and

documented/tracked regularly.

Individual Operator Accounts are mandatory, if supported by the

system, for un-attended areas such as Process Interface Buildings(PIBs).

c) GUEST accounts shall be disabled on all systems.

d) Super/Privileged Accounts are those used by System

Administrators and Engineers. The use of Super/PrivilegedAccounts shall be limited for system support purposes and system

diagnostics and configuration and only when necessary. These

accounts shall be reviewed every 12 months. Super/PrivilegedUser Accounts shall be locked when not needed.

e) Operator and Application Accounts shall be excluded fromautomatic password change policy; however, the PANadministrator shall make sure that Application Accounts passwords

are changed manually every 12 months.

4.1.3 User Account Format

The structure of the user account should be [xxxxxxfm] where [xxxxxx]

is the first six characters of the last name and [f] is the first initial of the

first name and [m] is the first initial of the middle name. Numeric andspecial characters should be extracted from the user account. Arabic

prefixes Al, Al-, El and El- should be removed from last name and "x"should be used when there is no Middle initial. In case of that more than

one employee has the same last name, first and middle initials; thenfollowing steps should be followed:

7/13/2019 SAEP-99

7/18




Page 7 of 18

a) Up to 4 characters of last name, first initial and middle initial areused with an assigned suffix as the last 2 characters.

b) The first suffix will always start with a numeric in the range 0-9,and the second character of the suffix will be in the ranges A-Z,0-9.

4.1.4 System Access

a) System Login scripts, if any, shall be configured to prevent a user

bypassing them.

b) Warnings banner on all systems, if supported, shall be enabled.Every computer will require changes to its system files to ensure

that banner is displayed whenever the system is turned on or a userlogs on.

c) Repeated login failures shall be logged, if supported by the system,

with the location, date, time and user account used without

indicating whether the failure is caused by the wrong user name orpassword. An alert message should be sent to the PAN

administrator in the event of repeated login failures.

d) At login time, every user should be given information reflecting thelast login time and date, if supported by the system.

e) No dial in is allowed for control purposes. A vendor remotetroubleshooting and testing is the only exception provided that suchactivity shall be strictly monitored, documented, and on

temporarily basis with authorization of plant operations/

management.

f) Remote access to plant applications from the corporate network orInternet, for control purposes, is not permitted.

g) PAN Administrator shall assume the responsibility of

adding/removing user's access from the proxy applications servers

for his designated plant applications.

h) Auto-logoff feature, if supported, shall be configured for allunattended systems excluding operators' consoles.

7/13/2019 SAEP-99

8/18




Page 8 of 18

4.2 Security Management Practices

4.2.1 Security Policies

In addition to this procedure, the following are applicable Saudi Aramco

documents for plants information security policies:

a) Management Statement of Policy "INT-7"(URL: http://corpplan/LRPD1/corporat.htm)

b) Classification of Sensitive Information "GI-0710.002",dated 15 January 2002 (URL: http://gi/html/data/0710_002.pdf).

c) Sanitization and Disposal of Saudi Aramco Electronic StorageDevices and Obsolete/Unneeded Software "GI-0299.120", dated

December 2005 (URL: http://gi/html/data/0299_120.pdf).

4.2.2 Classification of Information

The plant operations/management is responsible for classifying,controlling access to, and safeguarding such information as per

GI-0710.002. The classification of information ensures that informationlabeled as sensitive is protected according to its classification.

4.2.3 Security Awareness

Security awareness refers to the general, collective awareness of an

organization's personnel of the importance of security and securitycontrols. Plant management shall ensure that their personnel have an

adequate understanding and awareness of security. This can be done

through:

a) Live/Interactive Presentations: Security awareness presentations inan annually basis or as needed.

b) UUUPublishing/Distribution: UUU Posters, company newsletter,email, updates, alerts, etc.

Saudi Aramco departments, such IPD/Awareness Group, IndustrialSecurity, P&CSD, etc., can be contacted for assistance.

4.3 Applications & Systems Development Security

a) The applications vendor default password shall be changed if supportedand it does not affect the operations.

7/13/2019 SAEP-99

9/18




Page 9 of 18

b) If available, applications must log all successful and unsuccessful logonattempts and time of logons. It must also log sensitive transactions and

sensitive changes as defined by the application owner. The log shall

identify what, when and who made the change.

c) All special access paths, doors and short-cuts used for developing theapplication shall be removed prior to moving the application to production.

d) IA&CS shall have all unnecessary services disabled.

4.4 Security Architecture & Models

4.4.1 Communication and Network Security Control

a) Ensure physical and logical separation between Plant Automation

Networks and Corporate Network inside plant fence.

Commentary Note:

The table below provides further details on the minimumrequirements:

Physical Space Network

Locked Cabinet In-Plant Connectivi ty Remote Site Connectivi ty

Dedicated cables forboth primary andbackup

Fiber optic strands forprimary and dedicatedtransmission circuit (i.e.,

SDH) for backup

b) Monitoring plants applications from the corporate network shall beallowed via only proxy servers.

c) PAN shall not interface as gateways to non-Saudi Aramco

networks such as Internet.

d) PAN clients shall not be configured to access IT services such ase-mail, Internet/Intranet, and File and Print Sharing.

e) All nodes on the PAN shall be assigned static IP addresses.

Dynamic Host Configuration Protocol (DHCP) shall not be usedany where on the PAN.

7/13/2019 SAEP-99

10/18




Page 10 of 18

4.4.2 Firewalls Filtering, Blocking, and Access Control:

Firewalls shall:

a) Control access and prevent undesirable packets into/out off a

protected network.

b) Enable information logging for traffic monitoring and intrusiondetection.

c) Dedicated firewall hardware shall be used to interface a PAN to theCorporate Network.

d) The fundamental policy for configuring firewalls in plantsautomation networks shall be "DENY UNLESS SPECIFICALLY

PERMITTED".

e) Antivirus and Intrusion Prevention functionalities should beinstalled on the PAN interface to the Corporate Network.

f) Patch management policy should be developed and maintained in

order to help identifying the latest signatures files and upgrades.

g) A procedure should be developed in order to help properly changethe firewall Access Control List (ACL) based on information

collected from the Intrusion Prevention System (IPS).

h) The Firewall is an integral part of the PAN and shall be placedwithin the Plants fence.

i) Network traffic through the firewall shall be limited to server-to-

server connections and through selected IP ports. Any CorporateNetwork's user requiring access to Plant's Systems shall use Proxy

Servers (See figure 1).

j) A PAN comprising of multiple scattered (PANs), should interfacewith the Corporate Network via a centralized firewall. Hence, such

PANs shall be connected together in order to establish one PAN

utilizing the corporate transmission infrastructure (i.e., SDHdedicated bandwidth/Dark Fiber).

k) Additional detailed network configurations can be found in

SAES-Z-010"Process Automation Networks Connectivity".

l) Blocking shall be based on allowing specifically enabledcommunications between devices (Server-to-Server) on the
http://standards/docs/SAES/PDF/SAES-Z-010.pdfhttp://standards/docs/SAES/PDF/SAES-Z-010.pdf

7/13/2019 SAEP-99

11/18




Corporate Network and the PAN. The enabled communicationsshall be based on source and destination pairs, services, and ports.

Blocking shall be enabled for both inbound and outbound

communications.

SAER-6123, "Process Automation Networks Firewall EvaluationCriteria" provides additional guidelines for firewall configuration

and hardware selection.

DCS SCADA CCTV VMS

Process Automation

Network

Aramco IT

Network

Backbone Switch

( Active)

Firewall

( Active)

Firewall

( Hot Standby)

Scan Node

Backbone Switch

(Hot Standby)

Splitter

PlantHistorian

Server to Server

Connection

through Firewall

SplitterSplitterSplitterSplitter

...

Proxy

Server

Under Plant Control(or IT Control with

SLA)

MIS

1

MIS

n

Figure 1

Page 11 of 18
http://standards/docs/Engineering_Reports/PDF/SAER-6123.pdfhttp://standards/docs/Engineering_Reports/PDF/SAER-6123.pdf

7/13/2019 SAEP-99

12/18




Page 12 of 18

4.5 Operations Security & Management

4.5.1 Monitoring

All available network and system logs shall be examined and monitored

on both a periodic basis and when abnormal activities may indicate

problems. PAN Administrator shall control and validate the access tothese log files.

Commentary Note:

Recommended monitoring tools:

a) Account logging events to monitor logon attempts (successful andunsuccessful).

b) Events viewer logs.

c) System events such as system and service startup and shutdown.

d) Firewall logs, configurations and policies.

The PAN Administrators shall perform and maintain regular reviews forthe following:

i) Regular review of all accounts shall be performed to ensure

continues legitimacy for business needs.

ii) Inactive users shall be revoked.

iii) List of users accessing internal devices such as firewalls and

switches.

iv) Firewall penetration test of the plants networks is recommended tohighlight any weaknesses and vulnerabilities.

v) All unused ports in any network devices such as routers and

switches shall be disabled.

vi) IA&CS are synchronized with an accurate time and date stamps.

4.5.2 Reporting of Computer Security Incidents

The reporting of a computing incident must be done promptly. It is the

responsibility of the proponent plant management, their designated staff,or the PAN Administrator, to write a memorandum, detailing any

computer irregularity incident to Corporate Security Services/Computer

Security Administration (CSA). In the case of hardware theft, the

7/13/2019 SAEP-99

13/18




Page 13 of 18

incident must be reported to plant management who will report it toIndustrial Security.

If any user or organization suspects a computer security incidentimplicating an individual, and where a formal investigation might berequired they must contact their PAN Administrator. The PAN

Administrator will evaluate the incident and, if warranted, report it to

CSA via "Incident Reporting" on "http://csa.aramco.com.sa"

In urgent situations, PAN Administrator should report these computersecurity incidents to CSA by phone via the numbers for "CSA Head" or

"Computer Security Investigation" listed in the "Contacts" section of the

CSA website. The "Incident Reporting" facility on CSA's websiteshould be used to document and confirm the PAN Administrator's report

by phone."

4.6 Disaster Recovery Planning (DRP)

The following are the requirements for Disaster Recovery Planning (DRP) forSaudi Aramco IA&CS excluding Decision Support Systems (DSS). For further

information of DSS Disaster Recovery Plan, refer to SAEP-1050.

a) The mission and the objective of the DRP document is to provideinstructions on restoring the plant operation and resume production in a

fast speed response time without impacting safety and the impededinvestment of plants assets and personnel.

b) A team, in within each plant or in a centralized location, shall be

established and well trained to develop, implement, test, use and maintain

the DRP.

c) Key personnel list shall be clearly identified including plant personnel,support organizations and vendors.

d) The Plant is responsible for developing a DRP that covers all critical

IA&CS installed in the plant which by losing plant production will beimpacted.

e) The DRP shall define the data backup strategy including the systems tobackup, files to backup, the storage media, the locations of the storage and

the storage rotation.

f) The DRP shall be included as part of the overall plant process disaster

response plan.

7/13/2019 SAEP-99

14/18




Page 14 of 18

g) It is highly recommended to fully automate the Data backup operation toavoid human errors and ensures integrity.

h) A minimum of one copy set of the data backup and recovery shall bestored and maintained at a secure, off-site location.

i) Critical IA&CS databases shall be backed up to hard drives on daily basis.The data required for complete backup and restore shall be archived to

removable media at least once every six months.

j) Networks and systems configuration files shall be backed up (and can berecovered) as part of the DRP.

k) Backup and recovery data on removable media shall be stored in locked,

fire-safe cabinets.

l) Access to data backup and recovery shall be restricted to persons withlegitimate company business needs.

m) Testing of the recovery procedure shall be recorded to document the

results and resolve any new issues in the procedure.

n) The testing of the DRP plan should be done off line in a testingenvironment and not on the actual system if the off line systems are

available. Testing the recovery procedure should be documented.

o) A logbook shall be maintained at each storage location for purposes ofmonitoring access to the data. Entries shall be recorded in the logbook

whenever a person removes any media from the designated location. Thelogbook shall contain the following:

i) Date & Time of removal;

ii) Name and Badge number of employee responsible for removing the

data;

iii) Purpose of removal;

iv) Specific data which was removed such as number of CD's andDVD's;

v) Estimated time the data will be removed from the location;

vi) The employee's signature at check-out of data if using hard copy logbook;

vii) Date & Time when data is returned to the location;

7/13/2019 SAEP-99

15/18




Page 15 of 18

viii) The employee's signature when the data is returned to the safelocation if using hard copy log book.

4.7 Physical Security

a) Security perimeters around informational assets should be clearly defined

and carefully monitored on a daily basis for evidence of penetration,penetration attempt or tampering or for particular patterns of tampering

that could indicate imminent physical attack.

b) Ensure that sensitive documents and other media material that are nolonger needed are destroyed completely.

c) Access to a facility or internal locations such as Control Room (CR) and

Process Interface Building (PIB) by employees, contractors, or any othervisitors shall be authorized by Operations and documented with date and

time of entry and exit. Authorization shall be documented.

d) Isolate delivery and loading areas from any critical systems. These areas

are often likely sources of attack or damage from potentially hazardousmaterials.

e) Tag all physical inventories with tamper-resistant labels to prevent

removal of property.

f) Servers and network equipment shall be located in plant controlled

facilities or data center/server/rack room.

g) Unused network ports shall be disabled in equipment located in shareddata closets or equipment racks.

h) Data on servers and workstations sent for disposal should be deleted in

accordance with GI-0299.120 "Sanitization and Disposal of Saudi Aramco

Electronic Storage Devices and Obsolete/Unneeded Software".

5 Responsibilities

5.1 Plants Operations/Management

Plants operations/management and their designated operating staff areresponsible for the implementation of this procedure. We refer to the

Management's designated operating staff as the Process Automation Networks

(PAN) Administrator. Plants operations/management has the responsibility for

monitoring the implementation of this procedure within their plants.

7/13/2019 SAEP-99

16/18




Page 16 of 18

5.2 PAN Administrator

Each plant organization shall have a qualified PAN Administrator to administer

and perform system configuration and monitoring and coordinating with ProcessControl System Administrator, if different, as designated by the plantmanagement. The PAN Administrator shall assume the ownership of the

IA&CS including the PAN Firewall. The PAN Administrator shall have the

function of granting, revoking, and tracking access privileges andcommunications of users on IA&CS including the Firewall. It is essential that

the PAN Administrator has:

a) Knowledge or experience in plant's operations, and

b) Networks security certification (or equivalent knowledge and experience).

5.3 Process & Control Systems Department (P&CSD)/Communication & ComputerNetworks Unit (CCNU)

P&CSD/CCNU is responsible for maintaining and updating SAEP-99 "Process

Automation Networks & Systems Security" Procedure.

6 Definitions

Access Control: Control access to selected devices, information or both to protectagainst unauthorized interrogation of the device or information.

Authentication: A security measure designed to establish the validity of atransmission, message, or originator, or a means of verifying an individual's

authorization to receive specific categories of information.

Authorization: A right or a permission that is granted to a system entity to access asystem resource.

Backup: A reserve copy of data that is stored separately from the original, for use ifthe original becomes lost or damaged.

Confidentiality: Assurance that information is not disclosed to unauthorized

individuals, processes, or devices.

Encryption: Cryptographic transformation of data (called "plaintext") into a form(called "ciphertext") that conceals the data's original meaning to prevent it from being

known or used.

Firewall: An inter-network connection device that restricts data communication trafficbetween two connected networks.

7/13/2019 SAEP-99

17/18




Page 17 of 18

Industrial Automation & Control Systems (IA&CS): IA&CS include the following:

Networks and Systems hardware and software such as Process Automation Network

(PAN), Distributed Control Systems (DCSs), Emergency Shutdown Systems (ESD),Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition

(SCADA) systems, Terminal Management Systems (TMS), networked electronic

sensing systems, and monitoring (such as VMS AND PMS), diagnostic, and relatedindustrial automation and control systems.

Associated internal, human, network, or machine interfaces used to provide control,safety, maintenance, quality assurance, and other process operations functionalitiesto continuous, batch, discrete, and combined processes.

Integrity: The quality of a system reflecting the logical correctness and reliability of

the operating system, the logical completeness of the hardware and softwareimplementing the protection mechanisms, and the consistency of the data structures and

occurrence of the stored data.

ISA: Stands for "The Instrumentation, Systems, and Automation Society". ISA is aleading, global, nonprofit organization that sets standards for automation.

Logs: Files or prints of information in chronological order.

PAN Administrator: Process Automation Networks (PAN) Administrator administersand performs system configuration and monitoring and coordinating with ProcessControl System Administrator, if different, as designated by the plant management.

The PAN Administrator assumes the ownership of the IA&CS including the PANFirewall and has the function of granting, revoking, and tracking access privileges and

communications of users on IA&CS including the Firewall.

Password: A form of secret authentication data that is used to control access to aresource.

Server: A dedicated un-manned data provider.

Service Level of Agreement (SLA): SLA is a contract between the service provider(e.g., Information Technology) and the proponent (the plant) to document and specify

the service level expected such as response time for problem resolution and technical

staff qualifications requirements.

Security Domain: is a domain that establishes the scope of threat analysis forcontrollable assets in pre-defined physical or logical perimeter boundaries.

Vulnerability: A flaw or weakness in a system's design, implementation, or operation

and management that could be exploited to violate the system's integrity or securitypolicy.

7/13/2019 SAEP-99

18/18




Page 18 of 18

For a comprehensive list of security related terms and definitions, please refer to theISA Security Standard: "Security for Industrial Automation and Control Systems Part 1:

Terminology, Concepts and Models" ISA-d99.00.01, February 2007.

7 Abbreviations

CCNU - Communication & Computer Networks Unit

DRP - Disaster Recovery Planning

DCS - Distributed Control System

DSS - Decision Support System

ESD - Emergency Shutdown Systems

IP - Internet Protocol

IPS - Intrusion Prevention System

ISA - The Instrumentation, Systems, and Automation Society

IA&CS - Industrial Automation & Control Systems

PAN - Process Automation Network

PLC - Programmable Logic Controller

PMS - Power Monitoring System

P&CSD - Process & Control Systems Department

SAES - Saudi Aramco Engineering Standard

SCADA - Supervisory Control and Data Acquisition

SLA - Service Level of Agreement

TCP/IP - Transmission Control Protocol / Internet Protocol

TMS - Terminal Management System

VMS - Vibration Monitoring System

Revision Summary28 October 2007 New Saudi Aramco Engineering Procedure.20 April 2008 Minor revision to clarify the use of individual user accounts and physical and logical network

separation.

SAEP-99

Documents

Transcript of SAEP-99