The National Institute for Standards and Technology (NIST) is in the process of doing research and working on an update to its special publication (SP) 800-82, a guide to Industrial Control Systems (ICS), by early 2022, NIST officials said today.
Following a July executive order (EO) on improving the cybersecurity of critical infrastructure, NIST and the Department of Homeland Security (DHS) released a preliminary set of ICS performance goals Sept. 23. Those goals are going to be part of the coming revision.
NIST released a revision to SP 800-82 in 2015, but Biden’s EO, a changing cyber landscape, and recent high-profile ICS intrusions have the agency looking to improve upon its posture, officials noted at the September meeting of the NIST Computer Security Resource Center Information Security and Privacy Advisory Board.
“One thing that we’re doing as we’re updating 800-82 to revision three is making sure that we include implementation guidance for all of the performance goals and objectives that are within this particular document,” Keith Stouffer, a NIST supervisory mechanical engineer and a lead author of SP 800-82, said at the meeting.
Stouffer, along with and the other authors and the development team of the special publication, are working through the research necessary for a new revision and are optimistic about getting a revision out early next year.
“Right now, we are going through our literature review and identifying areas that we need further collaboration both across NIST and with our external partners, and really look forward to hopefully having something out early in 2022,” Vicky Pillitteri, another of the authors for SP 800-82, said at the meeting.