Besides the CMMC and CRA, there are many other security standards that your test team may be required to comply with. This page describes just a few of these standards. Ultimately, it is up to your team to understand the exact requirements in the standards that apply to your industry. Unless otherwise indicated, NI products do not meet these requirements, and your development teams needs to meet these requirements at the system level.
ISA/IEC 62443 is a series of standards that define requirements and processes for secure industrial automation and control systems. The standard is managed by ISA and certifications are issued by independently accredited ISO/IEC 17011 Accreditation Bodies.
For more information, refer to https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards.
NIAP is a program to evaluate COTS products for conformance to the international Common Criteria. NIAP certification is obtained through NIST-accredited and NIAP-approved testing labs.
For more information, refer to https://www.niap-ccevs.org/niap-ccevs.
The HECVAT has become the standard used by universities to evaluate potential suppliers for cybersecurity readiness. The HECVAT is a spreadsheet that covers many security aspects of a product. These aspects are closely aligned with NIST 800-171.
If you need NI to complete an HECVAT for your university purchase, send a request to security@ni.com.
For more information, refer to https://library.educause.edu/resources/2020/4/higher-education-community-vendor-assessment-toolkit.