Hello all. NIST has released revision 3 of the 800-82, Guide to Industrial Control Systems (ICS) Security. Revision 2 has been a staple for many in the OT/ICS world in evaluating the security of control systems. This third revision of SP 800-82 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks.
Updates in this revision also include:
- Expansion in scope from ICS to OT
- Updates to OT threats and vulnerabilities
- Updates to OT risk management, recommended practices, and architectures
- Updates to current activities in OT security
- Updates to security capabilities and tools for OT
- Additional alignment with other OT security standards and guidelines, including the Cybersecurity Framework (CSF)
- New tailoring guidance for NIST SP 800-53, Rev. 5 security controls
- An OT overlay for NIST SP 800-53, Rev. 5 security controls that provides tailored security control baselines for low-impact, moderate-impact, and high-impact OT systems.
Final comments due on July 1, 2022, so expect revision 3 to be final soon. The revision 3 draft can be downloaded at: https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft