U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Special Publication 800-82, Revision 2 Final Public Draft Guide to Industrial Control Systems (ICS) Security
February 09, 2015

NIST announces the final public draft release of Special Publication 800-82, Revision 2Guide to Industrial Control System (ICS) Security. (Note: As of May 2015, this draft has been approved as final) Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing unique performance, reliability, and safety requirements. Special Publication 800-82: (i) provides an overview of ICS and typical system topologies; (ii) identifies typical threats to organizational missions and business functions supported by ICS; (iii) describes typical vulnerabilities in ICS; and (iv) provides recommended security controls (i.e., safeguards and countermeasures) to respond to the associated risks. 
This document is the second revision to NIST SP 800-82, Guide to Industrial Control Systems (ICS) Security. Updates in this revision include:

  • Updates to ICS threats and vulnerabilities,
  • Updates to ICS risk management, recommended practices and architectures,
  • Updates to current activities in ICS security,
  • Updates to security capabilities and tools for ICS,
  • Additional alignment with other ICS security standards and guidelines,
  • New tailoring guidance for NIST SP 800-53, Revision 4 security controls including the introduction of overlays,
  • An ICS overlay for NIST SP 800-53, Revision 4 security controls that provides tailored security control baselines for Low, Moderate, and High impact ICS,

Public comment period CLOSED onMarch 9, 2015.
Email questions tonist800-82rev2comments@nist.gov

Created December 21, 2016, Updated June 22, 2020