Critical Digital Asset

From kanterella
Jump to navigation Jump to search

Critical Digital Asset (CDA)

NEI 13-10

Direct

In general, Direct CDAs are those CDAs that have not been determined to be Indirect, BOP or EP CDAs. Since the required security controls in NEI 08-09 are addressed for Direct CDAs, it is not necessary to show that a CDA is a Direct CDA. Licensees may use streamlining techniques, when applicable, for addressing the applicability of security controls to Direct CDAs. These include the use of common controls, inherited controls, and type assessments when such measures adequately address attack pathways and vectors associated with the Direct CDAs. These techniques can reduce the effort required for addressing protections for Direct CDAs.


Indirect

Indirect CDAs are those CDAs that do not perform a Safety-Related function or are not exclusively relied on to perform a Security function; and which cannot have an adverse impact on or degrade Safety-Related or Security functions prior to their compromise or failure being detected and compensatory measures being implemented by a licensee.