API 1164 : 2009

Table of Contents

1 Scope
  1.1 Purpose and Objectives
  1.2 Roles and Responsibilities
2 Definitions and Acronyms
  2.1 Definitions
  2.2 Acronyms
3 Management System
  3.1 Personnel
  3.2 Security Policies
  3.3 Risk and Vulnerability Assessment
  3.4 Business Continuity Plan (BCP)
  3.5 Incident Response Plan (IRP)
  3.6 Change Management
  3.7 Operating System and Application Updates
  3.8 Application and Software Restrictions
4 Physical Security
5 System Access Control
  5.1 Restricted Access
  5.2 User Accounts
  5.3 Operating System Accounts
  5.4 SCADA Accounts
  5.5 Password Controls
  5.6 Biometrics
  5.7 Disabled Non-required Services
  5.8 Operating System Tools
  5.9 Device Access
  5.10 Personnel Administration
6 Information Distribution
  6.1 Confidential
  6.2 Restricted
  6.3 Public
7 Network Design and Data Interchange
  7.1 Network Design
  7.2 Network Management
  7.3 Data Interchange
8 Field Communication
  8.1 Field Device Technology
  8.2 System Access
Annex A (informative)
Annex B (Example) - SCADA/Control System Security Plan
Additional Resources

Abstract

Gives guidance to the operators of oil and gas liquids pipeline systems for managing SCADA system integrity and security.

General Product Information

Published
Document Type	Standard
Status	Current
Publisher	American Petroleum Institute
ProductNote	Reconfirmed 2009
Pages
ISBN