SECTION: 25 05 11 CYBERSECURITY FOR FACILITY-RELATED CONTROL SYSTEMS (EEDRS)
System Owner Requirements:
- System wide, Fox and/or HTTP port 80 must be disabled.
- System wide, Foxs and/or HTTPS port 443 only with Minimum Protocol using TLSv1.2+ or greater if supported must be utilized.
- System wide, only Tridium and DoD certificates are authorized.
- Extended Master Secret must be used.
- Tridium Recommended TLS Cipher Suite Group must be utilized.
- JACE maintenance port I.P. Address must not be within scope of Army EEDRS regional VLANs.
- Cybersecurity Submittals must be approved by JBLM EEDRS/Electrical Inspector or hand carried to JBLM DPW Information Systems Security Office in BLDG 2012 Room 009.
- Conduct all implementation, configuration, and security testing in a separate, non-production environment that simulates the operational system. This includes the testing of Java Application Control Engine (JACE)s.
Documentation and reports must be included in Cybersecurity documentation packet.
|
UFGS 25 05 11 CYBERSECURITY FOR FACILITY RELATED CONTROL SYSTEMS (FRCS) - JBLM Design Standards - Criteria for: EEDRS-TRIDIUM eID 1383
|
|
|
|
System Name:
|
EEDRS-TRIDIUM eID 1383
|
|
System Description:
|
The Enterprise Energy Data Reporting System implements an enterprise reporting system for Army Installation meter data (gas, electric, water, steam). This is an end-to-end solution encompassing sensors (meter devices); local Installation data collection, analysis and reporting; and reporting aggregators to the Army enterprise reporting system. The EEDRS Type Authorizations represent the major configurations found on Army installations comprised of systems from various vendors that will be at all Army installation Department of Public Works (DPWs) and energy manager locations. This record covers the configuration for EEDRS-Tridium. This type accreditation only applies to sites using EEDRS-Tridium.
|
|
System Owner Point of Contact (POC):
|
JBLM EEDRS/Electrical Inspector
|
|
System Owner Email:
|
See https://www.jblmdesignstandards.army.mil/26-27-1310-30-ELECTRIC-METERS/
|
|
Authorizing Official (AO):
|
Army Material Command (AMC) DCS CIO/G6 - SES (AMC-AO)
|
|
System C-I-A Rating:
|
Moderate - Moderate - Low
|
|
System Owner Remarks:
|
For RFIs, contact System Owner Email, with the Contracting Officer CC'd who can verify the requestor's need. System Specs are "Need-to-Know" and are controlled as such.
|
|
|
|
|
Tailoring Options:
|
ARMY
DEFAULT REQUIREMENTS
DESIGNER SPECIFIED REQUIREMENTS
MODERATE IMPACT
USACE CW
|
|
|
|
|
Changes or Criteria Notes to Unified Facilities Guide Specifications (UFGS)
|
|
Paragraph # and Title (if any)
|
Note to Designer
|
Change Text
|
|
1.1 CONTROL SYSTEM APPLICABILITY
|
Add text - Registered System Name: EEDRS-TRIDIUM eID 1383
|
There are multiple versions of this Section associated with this project.
Different versions have requirements applicable to different control
systems. This specific Section applies only to the following control
systems: EEDRS-TRIDIUM eID 1383.
|
|
1.2 RELATED REQUIREMENTS
|
Add Text
|
This section does not contain sufficient requirements to procure a control system and must be used in conjunction with other Sections which specify other HVAC/DDC requirements. This Section adds cybersecurity requirements to the EEDRS-TRIDIUM eID 1383 control system specified in other Sections, and as these requirements are conditioned on the control system being provided, there may be requirements in this Section that will not apply to this project. All Sections containing facility-related control systems or control system components are related to the requirements of this Section. Review all specification sections to determine related requirements.
In cases where a requirement is specified in both this Section and in another Section, the more stringent requirement must be met. In cases where a requirement in this Section conflicts with the requirements of another Section such that both requirements cannot be met at the same time, request direction from the JBLM EEDRS/Electrical Inspector to determine which requirement applies to the project.
|
|
1.5.1 Points of Contact
|
Add Text
|
...Contracting Officer (KO) and the JBLM EEDRS/Electrical Inspector.
...
g. JBLM DPW EEDRS/Electrical Inspector: Dan Frey - daniel.j.frey2.civ@army.mil
h. JBLM DPW EEDRS/Mechanical Engineer: Kapil Amin - kapil.k.amin.civ@army.mil
|
|
1.5.2 Coordination
|
Add Text
|
...
k. Cybersecurity Request for Information (RFI) and submittal review/approval requests must be sent to the JBLM EEDRS/Electrical Inspector of EEDRS-TRIDIUM eID 1383 in coordination with the Contracting Officer (KO).
|
|
1.6 SUBMITTALS
|
Add Text - Info for designer consideration
|
In addition to the Contracting Officer (KO), Submittals must also be reviewed by the JBLM EEDRS/Electrical Inspector the local representation of the System Owner. The System Owner of the system is required to update system records as required by ARCYBER, NETCOM, and AMC for processes related to achieving a system Authorization To Operate (ATO) or Information Technology Approval System (ITAS) funding approvals.
|
|
1.7 CYBERSECURITY DOCUMENTATION
|
Information Only
|
See section 3.2 "Construction Deliverable Requirement" of the JBLM Design Standards < https://www.jblmdesignstandards.army.mil/25-05-11-Cybersecurity-For-Facility-Related-Control-Systems/ >. EEDRS-TRIDIUM eID 1383 will use the "Existing" criteria.
|
|
1.7.5 Software and Configuration Backups
|
Add Text
|
...Software includes firmware for all IP-Addressable devices.
|
|
1.8 QUALITY CONTROL
|
Add Text
|
Within 60 calendar days after contract award, the Cybersecurity Subject
Matter Expert must schedule a Cybersecurity Kickoff Meeting with the
Contracting Officer, System Owner, System Program Manager, and Information
Security Manager (ISSM/ISO/ISSO).
|