May 14, 2014
SP 800-82 Rev.2
DRAFT Guide to Industrial Control Systems (ICS) Security
NIST announces the release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing unique performance, reliability, and safety requirements. Special Publication 800-82: (i) provides an overview of ICS and typical system topologies; (ii) identifies typical threats to organizational missions and business functions supported by ICS; (iii) describes typical vulnerabilities in ICS; and (iv) provides recommended security controls (i.e., safeguards and countermeasures) to respond to the associated risks.
Draft SP 800-82 Revision 2
This document is the second revision to NIST SP 800-82, Guide to Industrial Control Systems (ICS) Security. Updates in this revision include:
• Updates to ICS threats and vulnerabilities.
• Updates to ICS risk management, recommended practices and architectures,
• Updates to current activities in ICS security,
• Updates to security capabilities and tools for ICS,
• Additional alignment with other ICS security standards and guidelines,
• New tailoring guidance for NIST SP 800-53, Revision 4 security controls including the introduction of overlays,
• An ICS overlay for NIST SP 800-53, Revision 4 security controls that provides tailored security control baselines for Low, Moderate, and High impact ICS.
The public comment period closed on July 18, 2014.