National Institute of Standards
and Technology (NIST) released the final version of guidance for Industrial
Control System (ICS) Security. This is the Revision 2 of the document
that was preceded by a release of two drafts for public comment. NIST
Special Publication (SP) 800-82 is an almost 250-page document that provides a
thorough overview of ICSs and how ICSs are different for IT systems, as well as
a variety of considerations for ICS security. The document defines ICS as
including Supervisory Control and Data Acquisition (SCADA) systems, Distributed
Control Systems (DCS), and other control system configurations such as
Programmable Logic Controllers (PLC). The document addresses typical
system topologies, identifies typical threats and vulnerabilities to these
systems, and provides recommended security countermeasures to mitigate the associated
risks. Appendix G provides an ICS overlay of NIST SP 800-53 controls,
which, in laymen’s terms, includes which of NIST SP 800-53 controls apply,
which do not apply, and which are augmented for use with ICSs.
The document is available for
downloading at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf.