NIST announces the final public draft release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. (Note: As of May 2015, this draft has been approved as final) Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing unique performance, reliability, and safety requirements. Special Publication 800-82: (i) provides an overview of ICS and typical system topologies; (ii) identifies typical threats to organizational missions and business functions supported by ICS; (iii) describes typical vulnerabilities in ICS; and (iv) provides recommended security controls (i.e., safeguards and countermeasures) to respond to the associated risks.
This document is the second revision to NIST SP 800-82, Guide to Industrial Control Systems (ICS) Security. Updates in this revision include:
- Updates to ICS threats and vulnerabilities,
- Updates to ICS risk management, recommended practices and architectures,
- Updates to current activities in ICS security,
- Updates to security capabilities and tools for ICS,
- Additional alignment with other ICS security standards and guidelines,
- New tailoring guidance for NIST SP 800-53, Revision 4 security controls including the introduction of overlays,
- An ICS overlay for NIST SP 800-53, Revision 4 security controls that provides tailored security control baselines for Low, Moderate, and High impact ICS,
Public comment period CLOSED on: March 9, 2015.
Email questions to: nist800-82rev2comments@nist.gov
