In a June 2024 presentation, NIST Networked Control Systems Group Leader, Keith Stouffer, presented at the Control System Cyber Security Association International Symposium on Navigating the Labyrinth: Your Guide to ICS/OT Cybersecurity Standards and Regulations. Over 400 attendees participated in the Symposium. Control System Cyber Security Association International, with over 35,000 members worldwide, is a not-for-profit workforce development organization supporting professionals of all levels charged with securing control systems.
Mr. Stouffer summarized key NIST Industrial Control Systems (ICS)/Operational Technology (OT) cybersecurity publications, as described below.
NIST SP 800-82 Guide to Operational Technology (OT) Security Revision 3: This NIST Special Publication provides guidance on how to improve the security of OT systems while addressing their unique performance, reliability, and safety requirements. Its previous version has had over three million downloads and 2,200 citations. NIST’s new version includes updates on:
Cybersecurity Framework Version 1.1 Manufacturing Profile: NISTIR 8183 Revision 1: This profile adapts the NIST Cybersecurity Framework to manufacturing. It offers cybersecurity practices which best fit manufacturers’ needs, while minimizing negative impacts to system performance. NIST’s cybersecurity for OT testbed evaluated the profile, measuring the impacts of cybersecurity practices, including those for 42 technical capabilities. The profile can be implemented using the following guides:
Mr. Stouffer also discussed future updates including revising both NIST SP 800-82 and the Cybersecurity Framework Manufacturing Profile to align with the recently released NIST Cybersecurity Framework 2.0 published in February 2024.