NIST Requests Comments for Updated Guide to
Industrial Control Systems Security
NIST initiated an update for SP
800-82, Guide to
Industrial Control Systems (ICS) Security, to
incorporate lessons learned over the past several years, to provide
alignment to relevant NIST guidance (e.g., NIST SP
800-37 Rev. 2, NIST SP
800-53 Rev. 5, NIST SP
800-53B, and the Cybersecurity
Framework v1.1), to provide alignment to other relevant control
system cybersecurity standards and recommended practices, and to address
changes in the threat landscape.
seeks input from SP 800-82 stakeholders to ensure that the future update
will continue to deliver the guidance necessary to help organizations
manage the cybersecurity risks associated with their control systems.
NIST requests input on the following:
- Expansion in scope of SP
800-82 from industrial control systems to control systems in general
- Application of new
cybersecurity capabilities in control system environments
- Development of guidance
specific to small and medium-sized control system owners and operators
- Updates to control system
threats, vulnerabilities, standards and recommended practices
- Updates to the control
- Removal of material from
the current document that is outdated, unneeded, or no longer
the full call for
comments for additional details.
All comments are due by May 28, 2021. Please
submit your comments by email to firstname.lastname@example.org.
When providing comments, please be specific and include the rationale for
any proposed additions or deletions of material.
Initial Public Draft of the update, which will be published as SP 800-82
Rev. 3, is scheduled for a late 2021/early 2022 release.
for Comments on SP 800-82:
800-37 Rev. 2: https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final
800-53 Rev. 5: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Cybersecurity Framework v1.1: https://csrc.nist.gov/publications/detail/white-paper/2018/04/16/cybersecurity-framework-v11/final