ICS/OT

NIST Publishes Final Version of 800-82r3 OT Security Guide

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.

Eduard Kovacs

Published

September 29, 2023

NIST

NIST announced on Thursday that it has published the final version of its latest guide to operational technology (OT) security.

NIST published the first draft of Special Publication (SP) 800-82r3 (Revision 3) in April 2021, with a second draft being released one year later. Now, Revision 3 of the OT security guide has been finalized.

The 316-page document provides guidance on improving the security of OT systems while addressing their unique safety, reliability and performance requirements.

“SP 800-82r3 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks,” NIST explained.

The guidance focuses on OT cybersecurity program development, risk management, cybersecurity architecture, and applying the NIST Cybersecurity Framework (CSF) to OT.

The latest revision’s updates include expansion in scope from industrial control systems (ICS) to OT in general, as well as updates to OT threats, vulnerabilities, risk management, recommended practices, current security activities, and tools and capabilities.

Advertisement. Scroll to continue reading.

The document also aligns with other OT security guides and standards, and provides tailored security control baselines for low-, moderate- and high-impact OT systems.

SP 800-82 Revision 3 is available for download in PDF format for free from NIST’s website.

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.