Oil & Natural Gas Third Party Collaboration IT Security NIST Profile - API
Oil & Natural Gas ThirdParty Collaboration ITSecurity NIST ProfileAPI ITSS Third Party Collaboration IT SecurityWorkgroupVersion 1.012/16/2016
Contents1Introduction . 32Approach . 332.1Relevant NIST Categories . 42.2Informative Reference Review. 62.3Selection of Baseline Informative Reference . 72.4Additional References for Industrial Control Systems . 72.5Profile Usage . 8Informative Reference Recommendations and Gaps . 93.1Identify . 93.1.1Identify.Asset Management (ID.AM) . 93.1.2Identify.Business Environment (ID.BE) . 143.1.3Identify. Governance (ID.GV) . 153.1.4Identify. Risk Assessment (ID.RA) . 163.1.5Risk Management Strategy (ID.RM) . 183.2Protect. 183.2.1Protect. Access Control (PR.AC) . 183.2.2Protect. Awareness and Training (PR.AT) . 223.2.3Protect. Data Security (PR.DS) . 223.2.4Protect.Information Protection Processes and Procedures (PR.IP) . 263.2.5Protect.Maintenance (PR.MA) . 313.2.6Protect.Protective Technology (PR.PT) . 353.3Detect . 373.3.1Detect. Anomalies and Events (DE.AE) . 373.3.2Detect. Security Continuous Monitoring (DE.CM) . 403.3.3Detect. Detection Processes (DE.DP). . 443.4Respond . 473.4.1Respond. Response Planning (RS.RP). 473.4.2Respond. Communications (RS.CO) . 473.4.3Respond. Analysis (RS.AN) . 503.4.4Respond. Mitigation (RS.MI) . 51Oil and Natural Gas Third Party Collaboration IT Security NIST ProfileVersion 1.01
3.4.53.54Respond. Improvements (RS.IM) . 52Recover . 523.5.1Recover. Recovery Planning (RC.RP) . 523.5.2Recover. Improvements (RC.IM) . 533.5.3Recover. Communications (RC.CO) . 53Contractual Language and Legal Review . 55Appendix A. List of NIST Framework References . 57Appendix B. NIST 800-82r2 Recommendations for NIST SP 800-53 Framework References . 80Appendix C. NIST Framework References. 88Oil and Natural Gas Third Party Collaboration IT Security NIST ProfileVersion 1.02
1 IntroductionThis document provides a profile for the use of the NIST Framework for Improving Critical Infrastructurefor Cybersecurity (v1.0) for collaboration between Oil and Natural Gas (ONG) Industry Companies andother external parties. This profile provides cybersecurity requirements that should be considered aspart of granting third parties (i.e., any non-employees) access to company assets (e.g., your company’snetwork and information).This profile has been established to assist in promoting greater efficiency in successfully establishingJoint Ventures and Major Capital Projects in the industry. However, the NIST Cybersecurity Frameworkalso provides a common foundation for working across industries. Therefore, collaboration between Oiland Natural Gas Industry Companies and external partners used for consultancy or managed serviceproviders is also within the scope of this document.Both Information Technology and Operational Technology are in the scope of this profile. For example,this profile may be used when allowing access by a Third Party to Oil and Natural Gas Company ITInfrastructure/Systems for collaborating on documents. This profile may also be used for ProcessControl Systems, when working on and sharing processes which run the business. This profile provides acommon understanding for how this may be done.Suppliers are considered third parties, and this document is intended to be used in collaborating withthe suppliers. However, it is not meant to be a specification for supplier products.Many companies in the energy sector have begun to align with the NIST Framework for ImprovingCritical Infrastructure for Cybersecurity (v1.0), heretofore referred to as the NIST Framework orFramework. This NIST Framework was created through the collaboration between industry andgovernment to provide consistent standards, guidelines and practices to promote the protection ofcritical infrastructure. In this document, the Framework has been analyzed from an Oil and Natural GasIndustry perspective. This may be considered a Framework profile with reference augmentation, but itdoes not dictate specific use cases or guidance for use. This profile is not intended to be used inimplementing the Framework internally within an Oil and Natural Gas company.While this profile has been developed to promote consistency across the industry in successfullyestablishing collaboration between ONG companies and external parties, the appropriate contractualagreements will still be required. All of the NIST functions may require information, reporting or consentfrom the Third Party, and the requirements of this information sharing and evidence collection shouldbe noted in the contracts. (The American Petroleum Institute (API) IT Security Subcommittee is unableto provide contractual language.)2 ApproachThis section documents the approach taken to develop the Third Party Collaboration IT Security NISTProfile.Oil and Natural Gas Third Party Collaboration IT Security NIST ProfileVersion 1.03
2.1 Relevant NIST CategoriesThe NIST Framework Core is shown in Table 1 providing an overview of the Functions and Categorieswithin the Framework.For this Profile, the API IT Security Subcommittee reviewed the NIST Categories and selected those thatcontained controls relevant to Third Party collaboration. These controls are highlighted in Table 2 with a“Controls” in the “Relevant to Third Party” column. The controls relevant to a company’s risk profileshould be verified before entering into an agreement with Third Parties.There are some categories with specific controls that are not relevant to Third Party collaboration, butthe category in the broader sense is relevant to this collaboration. For example, a company should besure that Third Parties have a Risk Management Strategy, but it does not need to examine the details ofthe strategy. Therefore, the Identify.Risk Management Strategy category is marked as “Checklist” inthe “Relevant to Third Party” column.Table 1. NIST Framework Function and Category Unique IdentifiersOil and Natural Gas Third Party Collaboration IT Security NIST ProfileVersion 1.04
Oil and Natural Gas Third Party Collaboration IT Security NIST ProfileVersion 1.05
Table 2. NIST Framework noting Categories Relevant to Third Party Collaboration2.2 Informative Reference ReviewIn the NIST Framework, each of the Categories has one or more Subcategories. Each Subcategory hasassociated Informative References. To illustrate this, consider the “Communications” category withinthe “Recover” function (as shown in Table 3). The Communications Category has three Subcategories,and each Subcategory has at least one informative reference. Some Subcategories have as many as sixreferences. The References were reviewed and gaps (missing elements) were identified at theSubcategory level.Oil and Natural Gas Third Party Collaboration IT Security NIST ProfileVersion 1.06
Table 3. NIST Framework Recover Function2.3 Selection of Baseline Informative ReferenceAs a result of the Informative Reference review, it was determined that the most comprehensivereference for Third Party Collaboration in a business IT environment is the NIST SP 800-53 Rev 4, whichis freely available. The other references were compared to NIST SP 800-53 Rev 4 and any relevantadditional Informative References were documented in Section 3.If the system to be protected is a process control environment rather than a business IT environment,IEC 62443-3-3 should be used in addition to NIST SP 800-53 Rev 4, but it is not a free reference.As the references were reviewed, gaps in the content were documented. Supplemental References werethen selected to bridge these gaps. These Supplemental References are also discussed in Section 3.2.4 Additional References for Industrial Control SystemsWhen Joint Ventures and Major Capital Projects are implementing Industrial Control Systems (ICS), allparties should agree that security controls must be implemented as part of the design. The followingreference discusses the importance of security on automation projects, emphasizing “’Secure by Design’rather than ‘Secure by Default.’”Cyber Security and Execution of Automation ProjectsJoel /Control/Secure IACS projects.pdfAlthough not mentioned in the NIST Cybersecurity Framework, the following standards should be usedto provide for common terminology when discussing process control network security:Oil and Natural Gas Third Party Collaboration IT Security NIST ProfileVersion 1.07
ISA 62443-1-1Security for industrial automation and control systems - Models and ConceptsOctober 29, 2007(ISA 99 is currently working on a second edition of this 43-1-1-EX.pdfISA 62443-1-2Security for industrial automation and control systems – Glossary of Terms and 62443-1-2-WD.pdf(Readers should note that this is still a draft. Until it is approved, please use the ISA99 Master Glossaryof ssary.aspx.)In addition, NIST SP 800-82 - Guide to Industrial Control System (ICS) Security contains a list of therelevant NIST SP 800-53 references for industry control In Appendix B, the NIST SP 800-53 references that are contained in the NIST Cybersecurity Frameworkfor Critical Infrastructure and, according to NIST SP 800-82, are relevant to ICS are highlighted.2.5 Profile UsageThe flowchart below provides an overview of how this profile may be used by ONG organizations whenentering into agreements or collaborative efforts with external parties.Section 3 walks through each Function and Category combination and notes whether it a Checklist orControls approach should be taken. If the Checklist approach is required, a company should determine ifthe Category is executed in the broad sense. If the Controls approach is required, the company shouldconfirm that the controls relevant to its risk profile are in place in working with third parties.Appendix A contains the list of Informative References for each Subcategory. If the collaboration is anInformation Technology Collaboration, the NIST SP 800-53 standard should be used. If the collaborationis an Operational Technology collaboration, NIST SP 800-53 and IEC 62443-3-3 should be used. AppendixB can be used to determine the specific references in NIST SP 800-53 references that are relevant toOperational Technology. For both Information Technology and Operational Technology collaborations,the Additional References for each Function and Category combination should be examined, as well asthe Supplemental References that address the NIST Framework gaps.Oil and Natural Gas Third Party Collaboration IT Security NIST ProfileVersion 1.08
Company shouldconfirm thatCategory is executedin a broad senseSTARTChecklistControlsFunction.Category(e.g., Identify.AssetManagement)Is the Category a Checklist orControls Category?Appendix A Contains the list ofInformative References for eachSubcategory(e.g., ID.AM-1 References:CCS CSC 1COBIT 5 BAI09.01, BAI09.02ISA 62443-2-1:2009 4.2.3.4ISA 62443-3-3:2013 SR 7.8 .)Company shouldconfirm that controlsrelevant to its riskprofile are in place.ITUse NIST SP 800-53Examine Gaps and includethose Supplemental References(e.g., for ID.AM-1, include theSupplemental ReferencesNIST SP 800-124NIST SP 800-167 )Examine Additional ReferencesTable and include additionalcontrols(e.g., For ID.AM-1, includeCOBIT)Is this an IT or an OTcollaboration?OTExamine Appendix B todetermine theNIST SP 800-53references listed inNIST SP 800-82 that arerelevant to OTUse NIST SP 800-53and IEC 62443-3-3Figure 1. Profile Usage Flow Chart3 Informative Reference Recommendations and Gaps3.1 Identify3.1.1 Identify.Asset Management (ID.AM)Third Party Relevance: ControlsRationale: A company's assets should be well-managed and tracked so that they can be adequatelyprotected. This would be expected of any Oil and Natural Gas company.Baseline References: NIST SP 800-53(business technologies), ISA 62443-3-3:2013 (operationaltechnologies)Oil and Natural Gas Third Party Collaboration IT Security NIST ProfileVersion 1.09
Additional Recommended Informative References and RationaleCategoryRecommendationin addition ntIdentify.AssetManagementID.AM-1: Physicaldevices andsystems withinthe organizationare inventoriedID.AM-2:Softwareplatforms andapplicationswithin theorganization areinventoriedNIST 800-53 is more specificthan ISA 62443.ID.AM-3:Organizationalcommunicationand data flowsare mappedID.AM-4:Externalinformationsystems arecataloguedNo additional referencesID.AM-5:Resources (e.g.,hardware,devices, data, andsoftware) areprioritized basedon theirclassification,criticality, andbusiness valueBoth NIST 800-53 and ISA62443 discuss prioritizingassets.NIST 800-53 is more specificthan ISA 62443.No additional referencesOil and Natural Gas Third Party Collaboration IT Security NIST Profile10Version 1.0
onaleRecommendationin addition yroles andresponsibilitiesfor the entireworkforce andthird-partystakeholders(e.g., suppliers,customers,partners) yIdentify.Asset ManagementInclude COBIT 5 BAI09.01,BAI09.02COBIT is more detailed thanNIST 800-53.GapCorporate vs. Non-corporatedevices is not addressed for assetmanagement.Recommended ReferenceNIST SP 800-124: Guidelinesfor Managing the Security ofMobile Devices in theEnterpriseWorkgroupRecommendation3.1.1.b Identify.Asset ManagementNeed clarity on whitelisting.Higher level of maturity wouldinclude whitelisting.1)NIST SP 800-167: Guide toApplication WhitelistingOctober 20152) National CybersecurityCommunications IntegrationCenterAppendix to “Seven Steps toDefend Industrial ControlSystems”3.1.1.cIdentify.Asset ManagementNo specification for how oftenasset management activities areto occur. "On a regular basis" isnot descriptive enough.WorkgrouprecommendationOil and Natural Gas Third Party Collaboration IT Security NIST Profile11Version 1.0
Gap#Function.Category3.1.1.d Identify.Asset ManagementGapNeed detailed discussion ofresponsibilities3.1.1.eAdditional information forSecurity Asset Management, bothBusiness Network and ProcessControl Network assets, would behelpful.Identify.Asset ManagementRecommended ReferenceNERC CIP-010-2 – CyberSecurity – ConfigurationChange Management andVulnerability Assessmentson page 41 underRequirement R4:1) ARC Advisory Grouphttp://www.arcweb.com/2) NIST SP 1800-5bIT Asset ManagementOctober, 2015Gap 3.1.1.a:The NIST Framework References for Asset Management do not address Bring-Your-Own-Device (BYOD).Workgroup Recommendation:A non-Company asset would not be registered in the Company Asset register. From the Company pointof view, all assets accessing Company IT infrastructure/IT systems should be registered and managed,irrespective of who owns them.Supplemental Reference 3.1.1.a:NIST SP 800-124: Guidelines for Managing the Security of Mobile Devices in the EnterpriseJune ations/NIST.SP.800-124r1.pdfHighlights: Summaryo Enforce security policieso Implement user and device authenticationo Restrict which app stores may be used and which applications may be installed Section 2.2.2 discusses the use of untrusted mobile devices. Section 3.1 discusses sandboxes/containers for BYOD. Section 4.1.1 discusses access restrictions for BYOD.Gap 3.1.1.b:Need clarity on whitelisting. The NIST Framework references provide insufficient information onapplication whitelisting.Oil and Natural Gas Third Party Collaboration IT Security NIST Profile12Version 1.0
Supplemental Reference 3.1.1.b:1) NIST SP 800-167: Guide to Application Whitelisting – October ations/NIST.SP.800-167.pdf Consider using application technologies that are already built into the Operating System.Use products that support sophisticated application attributes.Take a staged approach to application whitelisting.2) National Cybersecurity and Communications Integration Center Appendix to “Seven Steps toDefend Industrial Control Systems”The National Cybersecurity and Communications Integration Center (NCCIC) published an appendix to“Seven Steps to Defend Industrial Control Systems, “ which provides conceptual guidance on applicationwhitelisting for Industrial Control Systems. Links to both documents are listed below.Seven Steps to Defend Industrial Control Defend%20Industrial%20Control%20Systems S508C.pdfWhitelisting Whitelisting%20in%20Industrial%20Control%20Systems S508C.pdfGap 3.1.1.c:No specification is provided in the Identify Function and Access Management Category references forhow often asset management activities are to occur. References suggest, "on a regular basis," which isnot descriptive enough.Workgroup Recommendation:The frequency should be based on risk and documented.Supplemental Reference 3.1.1.c:NoneGap 3.1.1.d:Need more detailed discussion of responsibilities.Supplemental Reference 3.1.1.d:NERC CIP-010-2 – Cyber Security – Configuration Change Management and Vulnerability AssessmentsOil and Natural Gas Third Party Collaboration IT Security NIST Profile13Version 1.0
CIP-010-2 - Attachment 1 and Requirement 4 Attachment 1 Transient Cyber Asset(s) Owned orManaged by Vendors or Contractors Provides examples of roles for assets managed by vendors or contractors that are not givenin NIST lInfraPrtctnVr5Rvns/CIP-010-2 CLEAN 09032014.pdfGap 3.1.1.e:Additional information for Industrial Control System Asset Management would be helpful.Supplemental References 3.1.1.e:1) ARC Advisory Group (http://www.arcweb.com/)The ARC Advisory Group site provides market research related to asset management in ICS maintenanceand operations. Registration is required for free newsletters. It contains articles related to theIndustrial Internet of Things and Asset Management. They also have technology selection guides forAsset Lifecycle Management.2) NIST SP 1800-5bIT Asset ManagementOctober 2015NIST SP 1800-5b is specific to the approach, architecture and security characteristics of IT AssetManagement. It focuses on continuous management ofassets /sp1800/fs-itam-nist-sp1800-5b-draft.pdf. Thisis becoming a more formal process for security assets with an emphasis on a cycle of continuousmanagement.3.1.2 Identify.Business Environment (ID.BE)Third Party Relevance: ChecklistRationale: While ensuring the organization’s mission, stakeholders and activities are understood andprioritized is important, the specific controls are not required for Third Party Collaboration.However, as part of the contractual processes in engagements with Third Parties, the Third Partyorganization should confirm that these profiles, strategies and cybersecurity elements are establishedand used by the organization. This is more of a checklist item that a list of controls that need to beimplemented.Oil and Natural Gas Third Party Collaboration IT Security NIST Profile14Version 1.0
3.1.3 Identify. Governance (ID.GV)Third Party Relevance: ControlsRationale: Any company should be managing and monitoring its risk.Baseline References: NIST SP 800-53(business technologies), ISA 62443-3-3:2013 (operationaltechnologies)Additional Recommended Informative References and RationaleCategoryRecommendationin addition ormationsecurity policy isestablishedNo additional curity roles &responsibilitiesare coordinatedand aligned withinternal roles andexternal partnersISO27001 does not addressalignment of internal roleswith external entities.Recommend NIST.Identify.GovernanceID.GV-3: Legaland dingprivacy and civillibertiesobligations, areunderstood andmanagedNo additional referencesOil and Natural Gas Third Party Collaboration IT Security NIST Profile15Version 1.0
GV-4:Governance sGapsGap# Function.Category3.1.3 mmendationin addition toNISTGapRelevant external parties/thirdparties is not defined.No additional referencesRecommended ReferenceDefinition developed byworkgroupGap 3.1.3:Relevant external parties or third parties is not defined.Supplemental Reference 3.1.3: N/AWorkgroup Definition:Third Parties are external, semi-trusted organizations including vendors, contractors, cloud providersand other service providers.3.1.4 Identify. Risk Assessment (ID.RA)Third Party Relevance: ControlsRationale: Any company should be conducting risk assessments to identify risks.Baseline References: NIST SP 800-53(business technologies), ISA 62443-3-3:2013 (operationaltechnologies)Oil and Natural Gas Third Party Collaboration IT Security NIST Profile16Version 1.0
Additional Recommended Informative References and RationaleCategoryRecommendationin addition toNISTIdentify.RiskAssessmentNoneGapsGap# Function.Category3.1.4 Identify.RiskAssessmentNIST referencesare much moredetailed thanISA62443references.GapRisk Assessments for the Cloudenvironment are not discussedRecommended Reference1) Cloud Security Alliance2) API ITSS Cloud RiskAssessment Committee willbe publishing additionalguidelinesGap 3.1.4:Risk Assessments for the Cloud environment are not discussedSupplemental References 3.1.4:The NIST Framework references do not specifically discuss cloud connectivity or cloud providers.Recommended Guidelines:The Cloud Security Alliance (https://cloudsecurityalliance.org/) provides the Security Trust andAssurance Registry (STAR) (https://cloudsecurityalliance.org/star/) . STAR certification validates thesecurity posture of cloud offerings. There are three STAR assurance ratings:Level 1 - Self-AssessmentLevel 2 - Third Party Assessment-Based CertificationLevel 3 - Continuous Monitoring-Based CertificationThe Cloud providers should utilize the Cloud Security Alliance assurance ratings. The Level would bedependent on the use case and the criticality of the service provided.Oil and Natural Gas Third Party Collaboration IT Security NIST Profile17Version 1.0
3.1.5 Risk Management Strategy (ID.RM)Third Party Relevance: ChecklistRationale: The organization’s priorities, constraints, risk tolerances, and assumptions, while important,are not directly related to Third Party Collaboration IT Security. Therefore, the specific controls are notrequired for Third Party CollaborationHowever, as part of the contractual processes in engagements with Third Parties, the Third Partyorganization should confirm that these profiles/cybersecurity elements are established and used in riskmanagement. This is more of a checklist item that a list of controls that need to be implemented.3.2 Protect3.2.1 Protect. Access Control (PR.AC)Third Party Relevance: ControlsRationale: Any company should implement Access Control mechanisms to secure and limit access to itsassets to approved individuals, which include Third Parties.Baseline References: NIST SP 800-53(business technologies), ISA 62443-3-3:2013 (operationaltechnologies)Additional Recommended Informative References and RationaleCategoryRecommendationin addition toNISTProtect.AccessControlPR.AC-1:Identities andcredentials aremanaged forauthorizeddevices andusersIEC62443-3-3NIST discusses accountmanagement. IEC 62443discusses authentication (e.g.,states that two factorauthentication is needed forremote access).Protect.AccessControlPR.AC-2:Physical accessto assets ismanaged andprotectedIEC62443-3-3NIST does not call outprocedures for monitoring andalarming while IEC62443 3-3does.Oil and Natural Gas Third Party Collaboration IT Security NIST Profile18Version 1.0
onaleRecommendationin addition toNISTProtect.AccessControlPR.AC-3:Remote accessis managedIEC62443-3-3Protect.AccessControlPR.AC-4: Accesspermissions aremanaged,incorporatingthe principles ofleast privilegeand separationof workintegrity oryProtect.AccessControlGapNo discussion of Federationor Federation architecture.NIST states that ability todisable a connection is needed.IEC62443 states that somecontrol systems or componentsmay not allow sessions to beterminated.IEC 62443 discusses supervisoroverride and emergencymechanisms for manualoverride, which are not in NIST.IEC 62443 discusses sessionintegrity and session ID. It alsodiscusses cable exposure toelements (liquids, etc.)Meanwhile, NIST discussesVPNs and how to handleunsuccessful loginsRecommended ReferenceAPI ITSS Trust FrameworkOil and Natural Gas Third Party Collaboration IT Security NIST Profile19Version 1.0
Gap#Function.Category3.1.4.b Protect.AccessControlGapA Network Protection/VPNFirewall ReferenceArchitecture is needed.Recommended Reference1) Trusted Internet ConnectionsReference Architecture Document v2.0October 1, 20132) NIST SP 800-47: Security Guide forInterconnecting Information TechnologySystemsAugust, 20023) NIST SP 800-82: Guide to IndustrialControl Systems SecurityJune, 20113.1.4.cProtect.AccessControlNo discussion ofattestation of externalidentities requiring accessto company infrastructureand systems.NISTSP800-34A SA12(14) – Supply ChainProtection – Identity and TraceabilityWorkgroup RecommendationGap 3.1.4.a:Throughout the references, no information was provided regarding Federated Identity Management.The Federation Gap was documented in the Protect Function and Access C
Appendix A contains the list of Informative References for each Subcategory. If the collaboration is an Information Technology Collaboration, the NIST SP 800-53 standard should be used. . NIST SP 800-53 and IEC 62443-3-3 should be used. Appendix B can be used to determine the specific references in NIST SP 800-53 references that are relevant .
PSI AP Physics 1 Name_ Multiple Choice 1. Two&sound&sources&S 1∧&S p;Hz&and250&Hz.&Whenwe& esult&is:& (A) great&&&&&(C)&The&same&&&&&
Argilla Almond&David Arrivederci&ragazzi Malle&L. Artemis&Fowl ColferD. Ascoltail&mio&cuore Pitzorno&B. ASSASSINATION Sgardoli&G. Auschwitzero&il&numero&220545 AveyD. di&mare Salgari&E. Avventurain&Egitto Pederiali&G. Avventure&di&storie AA.&VV. Baby&sitter&blues Murail&Marie]Aude Bambini&di&farina FineAnna
The program, which was designed to push sales of Goodyear Aquatred tires, was targeted at sales associates and managers at 900 company-owned stores and service centers, which were divided into two equal groups of nearly identical performance. For every 12 tires they sold, one group received cash rewards and the other received
1.Engine Oil SABA 13 1.Engine Oil 8000 14 1.Engine Oil 6000 15 1.Engine Oil 3000 16 1.Engine Oil Alvand 17 1.Engine Oil Motor Cycle Engine Oil M-150 18 1.Engine Oil M-100 19 1.Engine Oil Gas Engine Oil CNG-BUS 20 1.Engine Oil G.I.C.X.LA 21 1.Engine Oil G.I.C.X. 22 1.Engine Oil Diesel Engine Oil Power 23 1.Engine Oil Top Engine 24
STATE OIL AND GAS BOARD OF ALABAMA Berry H. (Nick) Tew, Jr. State Geologist and Oil and Gas Supervisor S. Marvin Rogers General Counsel STATE OIL AND GAS BOARD OF ALABAMA ADMINISTRATIVE CODE OIL AND GAS REPORT 1 RULES AND REGULATIONS GOVERNING THE CONSERVATION OF OIL AND GAS IN ALABAMA and OIL AND GAS LAWS OF ALABAMA with OIL AND GAS BOARD FORMS
College"Physics" Student"Solutions"Manual" Chapter"6" " 50" " 728 rev s 728 rpm 1 min 60 s 2 rad 1 rev 76.2 rad s 1 rev 2 rad , π ω π " 6.2 CENTRIPETAL ACCELERATION 18." Verify&that ntrifuge&is&about 0.50&km/s,∧&Earth&in&its& orbit is&about p;linear&speed&of&a .
crude oil price projections 3 natural gas price projections 5 oil and gas production 7 oil production forecast 7 gas production forecast 10 mineral royalty 13 crude oil royalty 14 natural gas royalty 15 non-hydrocarbon royalty 16 plant products royalty 16 severance tax 18 crude oil severance tax 19 natural gas severance tax 20 plant products .
where R s solution gas oil ratio, scf/stb V gas gas volume in standard condition, scf V st oil volume in stock tank condition, stb oil gas s V V R Solution Gas Oil Ratio - GOR The solution gas-oil ratio (GOR) is a general term for the amount of gas dissolved in the oil.Solution GOR in black oil systems typically range from 0 to approximately 2000 scf / bbl. 2022-2023 Nabaz Ali Reservoir .
