SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

NIST Publishes Final Version of 800-82r3 OT Security Guide

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.
NIST Cybersecurity Framework 2.0

NIST announced on Thursday that it has published the final version of its latest guide to operational technology (OT) security. 

NIST published the first draft of Special Publication (SP) 800-82r3 (Revision 3) in April 2021, with a second draft being released one year later. Now, Revision 3 of the OT security guide has been finalized.

The 316-page document provides guidance on improving the security of OT systems while addressing their unique safety, reliability and performance requirements. 

“SP 800-82r3 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks,” NIST explained.

The guidance focuses on OT cybersecurity program development, risk management, cybersecurity architecture, and applying the NIST Cybersecurity Framework (CSF) to OT. 

The latest revision’s updates include expansion in scope from industrial control systems (ICS) to OT in general, as well as updates to OT threats, vulnerabilities, risk management, recommended practices, current security activities, and tools and capabilities. 

The document also aligns with other OT security guides and standards, and provides tailored security control baselines for low-, moderate- and high-impact OT systems.

SP 800-82 Revision 3 is available for download in PDF format for free from NIST’s website. 

Advertisement. Scroll to continue reading.
Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com

Related: NIST Releases ICS Cybersecurity Guidance for Manufacturers

Related: DHS Develops Baseline Cybersecurity Goals for Critical Infrastructure

Related: US Agencies Told to Assess IoT/OT Security Risks to Boost Critical Infrastructure Protection

Related: Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Mike Dube has joined cloud security company Aqua Security as CRO.

Cody Barrow has been appointed as CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

More People On The Move

Expert Insights

Related Content

OT Cybersecurity Webinar OT Cybersecurity Webinar

ICS/OT

Cyber Insights 2023 | ICS and Operational Technology

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

February 1, 2023
Cyberattack Causes Trains to Stop in Denmark

Cybercrime

Cyberattack Causes Trains to Stop in Denmark

November 4, 2022
CISOs in the Boardroom CISOs in the Boardroom

CISO Strategy

Why CISOs Make Great Board Members

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

January 24, 2023
Water utility cybersecurity Water utility cybersecurity

ICS/OT

Hackers Hijack Industrial Control System at US Water Utility 

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

November 27, 2023
ICS Cybersecurity Conference ICS Cybersecurity Conference

ICS/OT

Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

October 25, 2023
MOVEit hack impact MOVEit hack impact

Cybercrime

Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

June 28, 2023
Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs

ICS/OT

Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

March 6, 2023
Smart City Cybersecurity Smart City Cybersecurity

ICS/OT

Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick?

As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically.

August 23, 2023