White Paper: NIST 800-82 Revision 2: Guide to Industrial Control Systems (ICS) Security

NIST800-82Rev2-iconIn 2006 the National Institute of Standards and Technology (NIST) published Special Publication (SP) 800-82, Guide to
Industrial Control Systems (ICS) Security. This standard provides an overview of ICS typical system topologies, identifies common threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks. In June 2015, NIST published the second revision to SP 800-82. This revision includes new guidelines on how to adapt traditional Information Technology (IT) security controls to accommodate unique ICS performance, reliability and safety requirements.

As modern IT integrates with industrial control systems that were never built for external connectivity, the threat landscape continues to expand. This IT and Operational Technology (OT) convergence has been driven, in part, by the need for comprehensive operational data at the corporate level and the procurement of Commercial-Off-The-Shelf (COTS) technology for the operational environment. This IT and OT convergence has been deemed a significant risk by security experts and in this revision, NIST makes several recommendations to protect this connection from outside attackers and malicious insiders.

CyberArk can help critical infrastructure sectors to implement the necessary controls for managing the risks of privileged and administrative identities and access to critical assets in the IT and OT environments and through the IT-OT connection.