ICS/OT

NIST Publishes Final Version of 800-82r3 OT Security Guide

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.

Published

NIST Cybersecurity Framework 2.0

NIST announced on Thursday that it has published the final version of its latest guide to operational technology (OT) security. 

NIST published the first draft of Special Publication (SP) 800-82r3 (Revision 3) in April 2021, with a second draft being released one year later. Now, Revision 3 of the OT security guide has been finalized.

The 316-page document provides guidance on improving the security of OT systems while addressing their unique safety, reliability and performance requirements. 

“SP 800-82r3 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks,” NIST explained.

The guidance focuses on OT cybersecurity program development, risk management, cybersecurity architecture, and applying the NIST Cybersecurity Framework (CSF) to OT. 

The latest revision’s updates include expansion in scope from industrial control systems (ICS) to OT in general, as well as updates to OT threats, vulnerabilities, risk management, recommended practices, current security activities, and tools and capabilities. 

The document also aligns with other OT security guides and standards, and provides tailored security control baselines for low-, moderate- and high-impact OT systems.

SP 800-82 Revision 3 is available for download in PDF format for free from NIST’s website. 

Advertisement. Scroll to continue reading.
Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com

Related: NIST Releases ICS Cybersecurity Guidance for Manufacturers

Related: DHS Develops Baseline Cybersecurity Goals for Critical Infrastructure

Related: US Agencies Told to Assess IoT/OT Security Risks to Boost Critical Infrastructure Protection

Related: Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win

In this article:, , ,

Related Content

IT/OT Podcast

ICS/OT

ICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi Electric

Several ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in their products. 

1 day ago

Vulnerabilities

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities

CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure.

May 3, 2024

ICS/OT

Russian Hackers Target Industrial Systems in North America, Europe

Government agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems.

May 2, 2024

ICS/OT

Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated

An analysis conducted by Honeywell shows that much of the USB-borne malware targeting industrial organizations can still cause OT disruption.

April 29, 2024

ICS/OT

Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability

Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product.

April 23, 2024

Government

US Government Releases Guidance on Securing Election Infrastructure

New US guidance details foreign malign influence operations to help election infrastructure stakeholders increase resilience.

April 19, 2024

Artificial Intelligence

Five Eyes Agencies Release New AI Security Guidance

Five Eyes cybersecurity agencies have released joint guidance on securely deploying and operating AI systems. 

April 18, 2024

Nation-State

Recent OT and Espionage Attacks Linked to Russia’s Sandworm, Now Named APT44

Mandiant summarizes some of the latest operations of Russia’s notorious Sandworm group, which it now tracks as APT44.

April 17, 2024

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version