Brief History of SP800-82
A few months ago I wrote an article for SearchSecurity on the Evolution of SP 800-82. As part of this article I researched the history of this document and its development and ultimately prepared the Visio timeline shown below. One thing I was sure to do was to obtain Keith Stouffer's (principal author of SP800-82 series) approval on the timeline accuracy.
(Apologies for the overlay with the right margin; however, if the chart goes too small then it is hard to read. Thanks for understanding.)
What are the Revisions?
The new document out for comment is the second revision to NIST SP800-82. From the NIST Website, updates in this new revision include:
- Updates to ICS threats and vulnerabilities
- Updates to ICS risk management recommended practices and architectures
- Updates to current activities in ICS security
- Updates to security capabilities and tools for ICS
- Additional alignment with other ICS security standards and guidelines
- New tailoring guidance for NIST SP800-53, Revision 4 security controls including the introduction of overlays, and
- An ICS overlay for NIST SP800-53, Revision 4 security controls that provides tailored security control baselines for Low, Moderate, and High Impact ICS.