SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

NIST Publishes Final Version of 800-82r3 OT Security Guide

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.
NIST

NIST announced on Thursday that it has published the final version of its latest guide to operational technology (OT) security. 

NIST published the first draft of Special Publication (SP) 800-82r3 (Revision 3) in April 2021, with a second draft being released one year later. Now, Revision 3 of the OT security guide has been finalized.

The 316-page document provides guidance on improving the security of OT systems while addressing their unique safety, reliability and performance requirements. 

“SP 800-82r3 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks,” NIST explained.

The guidance focuses on OT cybersecurity program development, risk management, cybersecurity architecture, and applying the NIST Cybersecurity Framework (CSF) to OT. 

The latest revision’s updates include expansion in scope from industrial control systems (ICS) to OT in general, as well as updates to OT threats, vulnerabilities, risk management, recommended practices, current security activities, and tools and capabilities. 

Advertisement. Scroll to continue reading.

The document also aligns with other OT security guides and standards, and provides tailored security control baselines for low-, moderate- and high-impact OT systems.

SP 800-82 Revision 3 is available for download in PDF format for free from NIST’s website. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com

Related: NIST Releases ICS Cybersecurity Guidance for Manufacturers

Related: DHS Develops Baseline Cybersecurity Goals for Critical Infrastructure

Related: US Agencies Told to Assess IoT/OT Security Risks to Boost Critical Infrastructure Protection

Related: Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Why Email Security Keeps Failing (And What Has to Change)
July 8, 2026

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

Virtual Event: 2026 Cloud Security Summit
July 16, 2026

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

Philip Martin has joined Uber as Chief Information Security Officer.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.