Monday, April 26, 2021

NIST Requests Comments for Updated Guide to Industrial Control Systems Security


NIST Requests Comments for Updated Guide to Industrial Control Systems Security

Today NIST initiated an update for SP 800-82, Guide to Industrial Control Systems (ICS) Security, to incorporate lessons learned over the past several years, to provide alignment to relevant NIST guidance (e.g., NIST SP 800-37 Rev. 2NIST SP 800-53 Rev. 5, NIST SP 800-53B, and the Cybersecurity Framework v1.1), to provide alignment to other relevant control system cybersecurity standards and recommended practices, and to address changes in the threat landscape.

NIST seeks input from SP 800-82 stakeholders to ensure that the future update will continue to deliver the guidance necessary to help organizations manage the cybersecurity risks associated with their control systems.

Specifically, NIST requests input on the following:

  • Expansion in scope of SP 800-82 from industrial control systems to control systems in general                                                                               
  • Application of new cybersecurity capabilities in control system environments
  • Development of guidance specific to small and medium-sized control system owners and operators
  • Updates to control system threats, vulnerabilities, standards and recommended practices
  • Updates to the control system Overlay
  • Removal of material from the current document that is outdated, unneeded, or no longer applicable.

See the full call for comments for additional details.

All comments are due by May 28, 2021. Please submit your comments by email to When providing comments, please be specific and include the rationale for any proposed additions or deletions of material.

An Initial Public Draft of the update, which will be published as SP 800-82 Rev. 3, is scheduled for a late 2021/early 2022 release.

Call for Comments on SP 800-82:

Other publication details:

SP 800-37 Rev. 2:

SP 800-53 Rev. 5:

SP 800-53B:

NIST Cybersecurity Framework v1.1: