Special Publication 800-82, Revision 1, Guide to Industrial Control Systems (ICS) Security
May 15, 2013

NIST announces the release of Special Publication 800-82, Revision 1Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing unique performance, reliability, and safety requirements. Special Publication 800-82: (i) provides an overview of ICS and typical system topologies; (ii) identifies typical threats to organizational missions and business functions supported by ICS; (iii) describes typical vulnerabilities in ICS; and (iv) provides recommended security controls (i.e., safeguards and countermeasures) to respond to the associated risks. 
 
Special Publication 800-82, Revision 1 includes the ICS material transferred from Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems and Organizations, Appendix I. Special Publication 800-82, Revision 1 is being released concurrent with Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, to preserve the continuity of that ICS material. The ICS material is now located in Appendix G of Special Publication 800-82, Revision 1. 
 
Additionally, NIST is planning a major update to Special Publication 800-82 (Special Publication 800-82, Revision 2) that will include:

  • Updates to ICS threats and vulnerabilities;
  • Updates to ICS risk management, recommended practices and architectures;
  • Updates to current activities in ICS security;
  • Updates to security capabilities and technologies for ICS;
  • Additional alignment with other ICS security standards and guidelines;
  • New tailoring guidance for Special Publication 800-53, Revision 4 security controls including the introduction of overlays; and
  • An ICS overlay for Special Publication 800-53, Revision 4 security controls that will provide tailored security control baselines for Low, Moderate, and High impact ICS.

NIST will collaborate with the public and private sectors over the next year to produce Special Publication 800-82, Revision 2. Two drafts for public comment are expected with the first draft planned for late summer 2013 and a final draft planned for winter 2013. Special Publication 800-82, Revision 2 is targeted for final publication in spring 2014.

Created December 22, 2016, Updated June 22, 2020