NIST has released its public draft of NIST Special Publication (SP) 800-82r3, Guide to Operational Technology (OT) Security. This is the third revision of NIST SP 800-82, with a new title reflecting an expanded scope, and it was produced through collaboration of the NIST Smart Connected Systems Division’s Networked Control Systems Group and the NIST Computer Security Division. It seeks to improve operational technologies security while addressing their unique performance, reliability, and safety requirements.
OT are programmable systems or devices that interact with the physical environment, or manage devices interacting with this environment. These systems/devices detect or cause change by monitoring and/or controlling devices, processes, and events. Examples include industrial control systems (ICS), building automation systems, transportation systems, physical access control systems, physical environment monitoring systems, and physical environment measurement systems.
This revision provides an overview of OT and typical system topologies; identifies typical threats to OT-supported organizational mission and business functions; describes typical vulnerabilities in OT; and recommends security safeguards and countermeasures for managing risks. The revision also includes:
The period for commenting on this revision runs through July 1, 2022. The revision and instructions for submitting comments are online, and a direct link to the comment template and the comments email address sp800-82rev3 [at] nist.gov (sp800-82rev3[at]nist[dot]gov) are also provided.