Date Published: January 22, 2026
Comments Due:
Email Comments to:
Author(s)
National Institute of Standards and Technology
Announcement
NIST has initiated the process of revising SP 800-82, Guide to Operational Technology (OT) Security, to incorporate lessons learned, align with relevant NIST guidance (e.g., Cybersecurity Framework (CSF) 2.0, NIST IR 8286 Rev. 1, NIST SP 800-53 Rev. 5.2.0) and OT cybersecurity standards and practices, and address changes in the OT threat landscape.
NIST invites the public to suggest improvements on the document’s effectiveness, relevance, and general use to better help the OT community understand and manage their cybersecurity risk.
The public comment period is open through February 23, 2026. Submit comments to [email protected] with the subject “Comments on SP 800-82.”
Specifically, NIST requests input on the following proposed changes:
- Expanded guidance for different types of OT systems
The proposed revision would expand guidance for different types of OT systems (e.g., building automation systems, transit systems, maritime systems). What types of OT systems should be highlighted in this expanded guidance?
- Expanded guidance for the application of technologies and capabilities in OT environments
The proposed revision would provide new or expanded guidance on the use of various technologies and capabilities (e.g., behavioral anomaly detection, digital twins, Internet of Things, artificial intelligence, machine learning, zero trust, cloud, 5G and advanced wireless, edge computing) in OT environments. What technologies and capabilities should be highlighted in the revised guidance?
- Updates to OT threats, vulnerabilities, standards, and recommended practices
The proposed revision would update guidance throughout the document to align with current OT cybersecurity standards and recommended practices. Updates would also be made to the OT threat landscape, vulnerabilities, incidents that have occurred, current activities in OT cybersecurity, and the cybersecurity capabilities, tools, and mitigations sections. How can NIST best both capture theses updates and provide an ongoing reference to other resources?
- Move various appendices to separate documents or web resources
The proposed revision would move Appendix F (OT Overlay), to its own separate document. The proposed revision would also move Appendix C (Threat Sources, Vulnerabilities, and Incidents), Appendix D (OT Security Organizations, Research, and Activities), and Appendix E (OT Security Capabilities and Tools) to dynamic web resources. Would moving these Appendices improve the readability of the document?
- Removal of material from the current document
The proposed revision would consider removing material that is outdated, unneeded, or no longer applicable. What material is seen as no longer needed or applicable in the document? When providing comments, please be specific and include the rationale for any proposed additions or deletions of material.
Submitted comments, including attachments and other supporting materials, will become part of the public record and are subject to public disclosure. Personally identifiable information and confidential business information should not be included (e.g., account numbers, Social Security numbers, names of other individuals). Comments that contain profanity, vulgarity, threats, or other inappropriate language will not be posted or considered.
Control Families
None selected
