1、 AWWA Management Standard SM Security Practices for Operation and Management Effective date: Nov. 1, 2014. First edition approved by AWWA Board of Directors Jan. 25, 2009. This edition approved June 8, 2014. Approved by American National Standards Institute July 8, 2014. Designation by the Departmen
2、t of Homeland SAFETY Act on Feb. 14, 2012. ANSI/AWWA G430-14 (Revision of ANSI/AWWA G430-09) Copyright 2014 American Water Works Association. All Rights Reserved. ii AWWA Management Standard This document is an American Water Works Association (AWWA) standard. It is not a specification. AWWA standar
3、ds describe minimum requirements and do not contain all of the engineering and administrative information normally contained in specifications. The AWWA standards usually contain options that must be evaluated by the user of the standard. Until each optional feature is specified by the user, the pro
4、duct or service is not fully defined. AWWA pub- lication of a standard does not constitute endorsement of any product or product type, nor does AWWA test, certify, or approve any product. The use of AWWA standards is entirely voluntary. This standard does not supersede or take precedence over or dis
5、place any applicable law, regulation, or codes of any governmental authority. AWWA standards are intended to represent a consensus of the water supply industry that the product described will provide satisfactory service. When AWWA revises or withdraws this standard, an official notice of action wil
6、l be placed in the Official Notice section of Journal - American Water Works Association. The action becomes effective on the first day of the month fol- lowing the month of Journal - American Water Works Association publication of the official notice. American National Standard An American National
7、 Standard implies a consensus of those substantially concerned with its scope and provisions. An American National Standard is intended as a guide to aid the manufacturer, the consumer, and the general public. The existence of an American National Standard does not in any respect preclude anyone, wh
8、ether that person has ap - proved the standard or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standard. American National Standards are subject to periodic review, and users are cautioned to obtain the latest editions. Producers o
9、f goods made in conformity with an American National Standard are encour - aged to state on their own responsibility in advertising and promotional materials or on tags or labels that the goods are produced in conformity with particular American National Standards. Caution n oti Ce : The American Na
10、tional Standards Institute (ANSI) approval date on the front cover of this standard indicates completion of the ANSI approval process. This American National Standard may be revised or withdrawn at any time. ANSI procedures require that action be taken to reaffirm, revise, or withdraw this standard
11、no later than five years from the date of ANSI approval. Purchasers of American National Standards may receive current information on all standards by calling or writing the American National Standards Institute, 25 West 43rd Street, Fourth Floor, New York, NY 10036; 212.642.4900, or emailing infoan
12、si.org. ISBN-13, print: 978-1-62576-043-2 eISBN-13, electronic: 978-1-61300-307-7http:/dx.doi.org/10.12999/AWWA.G430.14 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any info
13、rmation or retrieval system, except in the form of brief excerpts or quotations for review purposes, without the written permission of the publisher. Copyright 2014 by American Water Works Association Printed in USA hours of work by your fellow water professionals. Revenue from the sales of this AWW
14、A material supports ongoing product development. Unauthorized distribution, either electronic or photocopied, is illegal and hinders AWWAs mission to support the water community. This AWWA content is the product of thousands of Copyright 2014 American Water Works Association. All Rights Reserved. ii
15、i Committee Personnel The AWWA Standards Committee on Security Practices for Operation and Management, which reviewed and approved this standard, had the following personnel at the time of approval: Clyde R. Dugan, Chair General Interest Members T. Allmann, US Air Force, Misawa Air Base, Japan (AWWA
16、) C.L. Bowen, Pleasant Hill, Calif. (AWWA) R. Ford,* Standards Council Liaison, CH2M HILL, Parsippany, N.J. (AWWA) D.M. Flancher,* Standards Engineer Liaison, AWWA, Denver, Colo. (AWWA) J. Laws, Department of Homeland Security, Washington, D.C. (AWWA) J.W. McLaughlin, GHD Consulting Services Inc., C
17、harlotte, N.C. (AWWA) K. Morley, AWWA, Washington D.C. (AWWA) M.C. Shadden, Crossville, Tenn. (AWWA) S.D. Spence, ARCADIS, White Plains, N.Y. (AWWA) L.P. Warren, Launch! Consulting LLC, Charlottesville, Va. (AWWA) Producer Members B. Jakubovic, VIZBEE, West Orange, N.J. (AWWA) M. Martinez, Schneider
18、 Electric, Cedar Park, Texas (AWWA) User Members M.P. Lamb, CharlotteMecklenburg Utilities, Charlotte, N.C. (AWWA) J.E. Tallent Jr., LittletonEnglewood WWTP, Englewood, Colo. (AWWA) C.R. Dugan, East LansingMeridian Water and Sewer Authority, East Lansing, Mich. (AWWA) * Liaison Copyright 2014 Americ
19、an Water Works Association. All Rights Reserved. This page intentionally blank. Copyright 2014 American Water Works Association. All Rights Reserved. v Contents All AWWA standards follow the general format indicated subsequently. Some variations from this format may be found in a particular standard
20、. SEC. PAGE SEC. PAGE Foreword I Introduction vii I.A Background .vii I.B History vii I.C Acceptance vii II Special Issues. vii II.A Advisory Information on Application of Standards vii II.B Origination of Standard .viii II.C SAFETY Act Designation viii III Use of This Standard viii III.A Options an
21、d Alternatives viii III.B Modification to Standard .viii IV Major Revisions. .ix V Comments .ix Standard 1 General 1.1 Scope 1 1.2 Purpose .1 1.3 Application 1 2 References 1 3 Definitions .2 4 Requirements 4.1 Explicit Commitment to Security 6 4.2 Security Culture 6 4.3 Defined Security Roles and E
22、mployee Expectations 7 4.4 Up-to-Date Assessment of Risk .8 4.5 Resources Dedicated to Security and Security Implementation Priorities 8 4.6 Access Control and Intrusion Detection 9 4.7 Contamination Detection, Monitoring, and Surveillance 11 4.8 Information Protection and Continuity 14 4.9 Design a
23、nd Construction 16 4.10 Threat-LevelBased Protocols 16 4.11 Emergency Response and Recovery Plans and Business Continuity Plan .17 4.12 Internal and External Communications .18 4.13 Partnerships 19 5 Verification 5.1 Documentation Required 19 5.2 Human Resources .20 5.3 Equipment 23 6 Delivery .23 A
24、ppendix A Resources 25 Table 1 Supporting Documentation Required by This Standard by Section 21 Copyright 2014 American Water Works Association. All Rights Reserved. This page intentionally blank. Copyright 2014 American Water Works Association. All Rights Reserved. vii Foreword This foreword is for
25、 information only and is not a part of ANSI*/AWWA G430. I. Introduction I.A. Background. The AWWA Management Standards Program is designed to serve water, wastewater, and reuse utilities and their customers, owners, service providers, and government regulators. The standards developed under the prog
26、ram are intended to improve a utilitys overall operation and service. Among these standards is this effort to establish formal management and operational guidelines. These guidelines identify appropriate practices, procedures, and behaviors, the implementation of which will provide effective and eff
27、icient utility operations and contribute to the protection of public health, public safety, and the environment. AWWAs standards process has been used for more than 90 years to produce Amer- ican National Standards Institute (ANSI)recognized standards for materials and pro- cesses that are used by t
28、he Water Sector. These standards are recognized worldwide and have been adopted by many utilities and organizations. Likewise, this management standard is developed using the same ANSI-recognized formal process. Volunteer stan- dards committees establish standard practices in a uniform and appropria
29、te format. Formal standards committees have been and continue to be formed to address the individual standard practices for the diverse areas of the Water Sector. A formal standards committee was created in 2007 to develop a standard for security. This standard is the outcome from the Security Pract
30、ices for Operation and Management Committee. I.B. History. The first edition of this standard was approved by the AWWA Board of Directors on Jan. 25, 2009. This edition was approved on June 8, 2014. I.C. Acceptance. No applicable information for this standard. II. Special Issues. II.A. Advisory Info
31、rmation on Application of Standards. This standard includes only those requirements that are limited exclusively to security practices for operation and management of a drinking water, wastewater, or reuse system. Separate standards will cover utility programs such as distribution system operation a
32、nd management, emergency preparedness, financial management, water treatment, source water protection, communications and customer relations, and business systems. At the time * American National Standards Institute, 25 West 43rd Street, Fourth Floor, New York, NY 10036. Copyright 2014 American Wate
33、r Works Association. All Rights Reserved. viii of issuance of this standard, neither the Department of Homeland Security* (DHS) nor the US Environmental Protection Agency (USEPA) has developed regulatory standards for the Water Sector. II.B. Origination of Standard. This s tandard originates from re
34、commendations prepared by USEPAs National Drinking Water Advisory Council (NDWAC) on water security practices, incentives, and measures, dated June 2005. A subsequent workgroup was convened in February 2007 by the Critical Infrastructure Partnership Advisory Council (CIPAC) to develop a national per
35、formance measurement system and revise the NDWAC recommendations to track with the Water Sector-Specific Plan (Water SSP), which is also described in appendix A. Both sets of recommendations have informed the development of this standard. II.C. SAFETY Act Designation. The American Water Works Associ
36、ation Standards G430 and J100 have been awarded SAFETY Act designation by the US Department of Homeland Security. The designation carries important liability protection for the association and for utilities that properly implement these standards. The Support Anti-terrorism by Fostering Effective T
37、echnologies Act (SAFETY Act) of 2002 was enacted by Congress in the wake of the terrorist attacks on Sept. 11, 2001. The SAFETY Act was created in part because of the extraordinarily large liability enti- ties might face if a terrorist attack occurs despite deployment of anti-terrorism security meas
38、ures already in place. Congress designed the SAFETY Act as an incentive for the creation and deployment of technologies and services with anti-terrorism capabilities. Under the SAFETY Act designation, both the entity that creates the anti-terrorism security measure and the entity that deploys the an
39、ti-terrorism measure are eligible for certain liability protections. III. Use of This Standard. It is the responsibility of the user of an AWWA standard to determine that the products described in that standard are suitable for use in the particular application being considered. III.A. Options and A
40、lternatives. There is no applicable information in this section. III.B. Modification to Standard. No applicable information for this section. * US Department of Homeland Security, Washington, DC 20528. US Environmental Protection Agency, Ariel Rios Building, 1200 Pennsylvania Avenue, N.W., Washingto
41、n, DC 20460. National Drinking Water Advisory Council, Office of Ground Water and Drinking Water (4601), Ariel Rios Building, 1200 Pennsylvania Avenue, N.W., Washington, DC 20460. Critical Infrastructure Partnership Advisory Council, US Department of Homeland Security, Washington, DC 20528. Copyrigh
42、t 2014 American Water Works Association. All Rights Reserved. ix I V. Major Revisions. The ma jor changes made to the standard in this revision include the following: 1. Realignment of vulnerability assessment to risk assessment in accordance with ANSI/AWWA J100, Risk and Resilience Management of Wa
43、ter and Wastewater Systems 2. Integration of new AWWA cybersecurity guidance and use-case tool 3. Integration of ANSI/AWWA G440, Emergency Preparedness Practices 4. Revision/update of federal directives 5. Adjustment of reference to the ASCE materials formerly known as WISE V. Comments. If you have
44、any comments or questions about this standard, please contact AWWA Engineering and Technical Services at 303.794.7711, FAX at 303.795.7603, write to the department at 6666 West Quincy Avenue, Denver, CO 80235-3098, or email at standardsawwa.org. Copyright 2014 American Water Works Association. All R
45、ights Reserved. This page intentionally blank. Copyright 2014 American Water Works Association. All Rights Reserved. 1 AWWA Management Standard Security Practices for Operation and Management SECTION 1: GENERAL Sec. 1.1 Scope This standard covers the minimum requirements for a protective security pr
46、o- gram for a water, wastewater, or reuse utility. Sec. 1.2 Purpose The purpose of this standard is to define the minimum requirements for a pro- tective security program for a water, wastewater, or reuse utility that will promote the protection of employee safety, public health, public safety, and
47、public confidence. Sec. 1.3 Application This standard can be referenced in the evaluation of security practices. The stipulations of this standard apply when this document has been referenced and then only to the security practices of the utility. SECTION 2: REFERENCES This standard references the f
48、ollowing documents. In their latest editions, or as specified, they form a part of this standard to the extent specified within ANSI/AWWA G430-14 (Revision of ANSI/AWWA G430-09) Copyright 2014 American Water Works Association. All Rights Reserved. 2 AWWA G430-14 the standard, whether mentioned speci
49、fically or not. In any case of conflict, the requirements of this standard shall prevail. ANSI/AWWA G440, Emergency Preparedness Practices ANSI/AWWA J100, Risk and Resilience Management of Water and Waste- water Systems AW WA, Process Control System Security Guidance for the Water Sector (2013) National Electric Code Article 708. Water Research Foundation (WRF),* Business Continuity Planning for Water Utilities (2008) SECTION 3: DEFINITIONS The following definitions shall apply in this standard. 1. All Hazards: An approach for preventi
