NIST Requests Comments for Updated Guide to Industrial Control Systems Security

 

NIST Requests Comments for Updated Guide to
Industrial Control Systems Security

Today
NIST initiated an update for SP
800-82, Guide to
Industrial Control Systems (ICS) Security
, to
incorporate lessons learned over the past several years, to provide
alignment to relevant NIST guidance (e.g., NIST SP
800-37 Rev. 2
NIST SP
800-53 Rev. 5
, NIST SP
800-53B
, and the Cybersecurity
Framework v1.1
), to provide alignment to other relevant control
system cybersecurity standards and recommended practices, and to address
changes in the threat landscape.

NIST
seeks input from SP 800-82 stakeholders to ensure that the future update
will continue to deliver the guidance necessary to help organizations
manage the cybersecurity risks associated with their control systems.

Specifically,
NIST requests input on the following:

  • Expansion in scope of SP
    800-82 from industrial control systems to control systems in general                                                                               
  • Application of new
    cybersecurity capabilities in control system environments
  • Development of guidance
    specific to small and medium-sized control system owners and operators
  • Updates to control system
    threats, vulnerabilities, standards and recommended practices
  • Updates to the control
    system Overlay
  • Removal of material from
    the current document that is outdated, unneeded, or no longer
    applicable.

See
the full call for
comments for additional details
.

All comments are due by May 28, 2021. Please
submit your comments by email to [email protected].
When providing comments, please be specific and include the rationale for
any proposed additions or deletions of material.

An
Initial Public Draft of the update, which will be published as SP 800-82
Rev. 3, is scheduled for a late 2021/early 2022 release.

Call
for Comments on SP 800-82:

https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft

Other
publication details:

SP
800-37 Rev. 2: https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final

SP
800-53 Rev. 5: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

SP
800-53B: https://csrc.nist.gov/publications/detail/sp/800-53b/final

NIST
Cybersecurity Framework v1.1: https://csrc.nist.gov/publications/detail/white-paper/2018/04/16/cybersecurity-framework-v11/final