Hi All,
Nist just published NIST SP 800-82, Revision 3 Guide to Operational Technology (OT) Security
NIST has published Special Publication (SP) 800-82r3 (Revision 3), Guide to Operational Technology (OT) Security, which provides guidance on how to improve the security of OT systems while addressing their unique performance, reliability, and safety requirements.
OT encompasses a broad range of programmable systems and devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems and devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems (ICS), building automation systems, transportation systems, physical access control systems, physical environment monitoring systems, and physical environment measurement systems.
SP 800-82r3 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks.
Updates in this revision also include:
Expansion in scope from ICS to OT
Updates to OT threats and vulnerabilities
Updates to OT risk management, recommended practices, and architectures
Updates to current activities in OT security
Updates to security capabilities and tools for OT
Additional alignment with other OT security standards and guidelines, including the Cybersecurity Framework (CSF)
New tailoring guidance for SP 800-53r5 security controls, including an OT overlay that provides tailored security control baselines for low-impact, moderate-impact, and high-impact OT systems
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------