NIST announced on Thursday that it has published the final version of its latest guide to operational technology (OT) security.
NIST published the first draft of Special Publication (SP) 800-82r3 (Revision 3) in April 2021, with a second draft being released one year later. Now, Revision 3 of the OT security guide has been finalized.
The 316-page document provides guidance on improving the security of OT systems while addressing their unique safety, reliability and performance requirements.
“SP 800-82r3 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks,” NIST explained.
The guidance focuses on OT cybersecurity program development, risk management, cybersecurity architecture, and applying the NIST Cybersecurity Framework (CSF) to OT.
The latest revision’s updates include expansion in scope from industrial control systems (ICS) to OT in general, as well as updates to OT threats, vulnerabilities, risk management, recommended practices, current security activities, and tools and capabilities.
The document also aligns with other OT security guides and standards, and provides tailored security control baselines for low-, moderate- and high-impact OT systems.
SP 800-82 Revision 3 is available for download in PDF format for free from NIST’s website.
| Learn More at SecurityWeek’s ICS Cyber Security Conference The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.  October 23-26, 2023 | Atlanta www.icscybersecurityconference.com |
Related: NIST Releases ICS Cybersecurity Guidance for Manufacturers
Related: DHS Develops Baseline Cybersecurity Goals for Critical Infrastructure
Related: US Agencies Told to Assess IoT/OT Security Risks to Boost Critical Infrastructure Protection
Related: Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win
