NIST SP 800-82 Guide to Industrial Control System (ICS) Security
NIST SP 800-82, as one of the most common Industrial security standards, is being used in various critical infrastructure industries, as the guidelines to help the organization to ensure the cybersecurity assurance within their ICS environment,
NIST SP 800-82 has several layers of depth of requirement compliance, determined by the SAL, low SAL will give the most essentials checklist maturity compliance, while extra high SAL will provide the most complete checklist to be complied with,
The development of NIST SP 800-82 has been evolving since the first version was issued back in June 2011, with the latest revision, revision 2, being published back in May 2015. In April 2022, NIST SP 800-82 Revision 3 is being drafted and issued to the public for comment and feedback.
In this latest drafted revision, the term Industrial Control System (ICS) has been changed into Operational Technology (OT), in order to cover a broad range of systems coverage that is considered part of cyber-physical systems (programmable systems and devices that interact with the physical environment or manage devices that interact with the physical environment). Examples include Industrial Control Systems, Building Automation systems, transportation systems, physical access control systems, physical monitoring systems, and physical measurement systems. NIST SP 800-82 has become the baseline standard for OT/ICS cybersecurity professionals to be adhered to, along with ISA/IEC 62443, and other well-known standards in this area of coverage.
CISA (Cybersecurity & Infrastructure Security Agency) as part of the Department of Homeland Security (DHS) has developed a tool to be used as the maturity assessment platform using several auditing standards, one of the standards that can be used on this platform is the NIST SP 800-82. On the CSET Tools, the user can easily deploy the checklist of NIST SP 800-82 by selecting this standard on the standard selection menu. It helps the user to properly use NIST SP 800-82 standard for maturity assessment by a more integrated platform, to provide a better result that reflects the OT/ICS cybersecurity posture of the audited organization. CSET Tools is preferable to be used as the tools to help the user to manage the assessment properly rather than using a spreadsheet as the development media.
For those who have an interest in exploring the latest revision 3 draft of NIST SP 800-82, the following is the link for the draft of revision 3, https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft
For those who have an interest in exploring CSET Tools, the following is the link for the download under the DHS website, https://www.cisa.gov/uscert/ics/Downloading-and-Installing-CSET