NIST has released the initial public draft of NIST Special Publication (SP) 800-82r3, Guide to Operational Technology (OT) Security, which provides guidance on how to improve the security of OT systems while addressing their unique performance, reliability, and safety requirements.
OT encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems (ICS), building automation systems, transportation systems, physical access control systems, physical environment monitoring systems, and physical environment measurement systems.
This third revision of SP 800-82 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks.
Updates in this revision also include:
The comment period on this initial public draft is open through July 1, 2022. See the publication details for a copy of the draft and instructions for submitting comments.
NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications [2].
Security and Privacy: risk assessment, security programs & operations
Applications: cyber-physical systems, industrial control systems, Internet of Things
Laws and Regulations: Homeland Security Presidential Directive 7
Sectors: manufacturing, smart grid, transportation