NIST Requests Comments for Updated Guide to
Industrial Control Systems Security
Today
NIST initiated an update for SP
800-82, Guide to
Industrial Control Systems (ICS) Security, to
incorporate lessons learned over the past several years, to provide
alignment to relevant NIST guidance (e.g., NIST SP
800-37 Rev. 2, NIST SP
800-53 Rev. 5, NIST SP
800-53B, and the Cybersecurity
Framework v1.1), to provide alignment to other relevant control
system cybersecurity standards and recommended practices, and to address
changes in the threat landscape.
NIST
seeks input from SP 800-82 stakeholders to ensure that the future update
will continue to deliver the guidance necessary to help organizations
manage the cybersecurity risks associated with their control systems.
Specifically,
NIST requests input on the following:
- Expansion in scope of SP
800-82 from industrial control systems to control systems in general
- Application of new
cybersecurity capabilities in control system environments
- Development of guidance
specific to small and medium-sized control system owners and operators
- Updates to control system
threats, vulnerabilities, standards and recommended practices
- Updates to the control
system Overlay
- Removal of material from
the current document that is outdated, unneeded, or no longer
applicable.
See
the full call for
comments for additional details.
All comments are due by May 28, 2021. Please
submit your comments by email to [email protected].
When providing comments, please be specific and include the rationale for
any proposed additions or deletions of material.
An
Initial Public Draft of the update, which will be published as SP 800-82
Rev. 3, is scheduled for a late 2021/early 2022 release.
Call
for Comments on SP 800-82:
https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft
Other
publication details:
SP
800-37 Rev. 2: https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final
SP
800-53 Rev. 5: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
SP
800-53B: https://csrc.nist.gov/publications/detail/sp/800-53b/final
NIST
Cybersecurity Framework v1.1: https://csrc.nist.gov/publications/detail/white-paper/2018/04/16/cybersecurity-framework-v11/final
|