• Cyber Topics (Ars Technica)
• Security Threats
• Identity Management
• Krebs on Security
• Cyber Crime News
• Cyber War News
• Manufacturer Guides
• Standards & Guidelines
• Specification Language

Changes to CSI MasterFormat 2016 included, for the first time, provisions for Cyber Security. Section 28 05 11 is entitled
Cyber Security Requirements for Electronic Safety and Security
In response to request from many consultants and manufacturers, SecuritySpecifiers is taking the lead on creating draft language for consideration by specification writers to include in project specification documents. This language is intended to be used primarily as a guideline. Consultants should coordinate with their clients' IT departments to make sure it is consistent with their own organizations cyber security practices and procedures.
This language will be further discussed in a dedicated session at CONSULT 2018.
Reader comments are welcomed.

This document is to provide suggested language to address cyber security elements as they may apply to physical and electronic security projects. Security consultants and specifiers should consider this language in light of the planned project and clients’ specific security postures. As this is designed to be a guideline, consultants and specifiers should modify, add, or delete language to fit the specific circumstances which may exist within the client’s organization and project. It is strongly recommended that final language be developed in cooperation with the client’s Information Technology Department.



This work is licensed under a Creative Commons Attribution 4.0 International License.

Email Comments


Cyber Spec Language v1.1

Asset Management is a key consideration in the NIST Cyber Security Framework and CIS Controls and should be included in security project specifications where cyber security is a consideration. An asset management worksheet is available for free download from SecuritySpecifiers.


Download Asset Management Worksheet

MasterFormat 2016 included a cyber security requirement for the first time, and it appeared in Division 28 (see 28 05 11). The intention of this session was to obtain commentary and establish initial sample specification language for consultants to reference when incorporating cyber language into a project specification.


View the YouTube Video