NIST SP 800-82
The NIST Special Publication 800-82 serves as a comprehensive guidance on how to secure Industrial Control Systems (ICS). It identifies typical threats and vulnerabilities to these systems and provides recommended security countermeasures to mitigate the associated risks.
NIST SP 800-82 includes ICS that are typically used in the electric, water, wastewater, oil, natural gas, chemical, pharmaceutical, pulp, paper, food, beverage and discrete manufacturing (automotive, aerospace, and durable goods) industries.
The major security objectives of NIST SP 800-82 are:
Restrict logical access to the ICS network and network activity
Restrict physical access to the ICS network and devices
Protect individual ICS components from exploitation
Maintain functionality during adverse conditions
Deploy security solution based on potential impact
NIST SP 800-82 is intended to be applicable to all ICS systems in all industrial sectors, focusing on network security architecture. Further tailoring can be performed to add specificity to a particular sector (e.g. manufacturing).
The security controls are organized into three classes - Management, operational, and technical controls. Each class is broken into families of controls; each control contains a definition, supplemental guidance, and possible enhancements that will increase the strength of a basic control.
NIST SP 800-82 encourages integrating security into an ICS. This requires defining and executing a comprehensive program that addresses all aspects of security, ranging from identifying objectives to day-to-day operation and ongoing auditing for compliance and improvement.
By providing guidance on how to tailor traditional IT security controls to accommodate unique ICS performance, reliability and safety requirements, NIST SP 800-82 helps industry reduce the vulnerability of computer-controlled systems to malicious attacks, equipment failures and other threats.
CyGov delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the NIST 800-82 framework for companies protecting their ICS. CyGov has mapped NIST 800-82 back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the CyGov platform organizations can gain full visibility to their cyber risk levels and compliance.