List of NIST Documents related to OT Security

In this article I would like to shed light on the remarkable efforts of National Institute of Standards and Technology (NIST) in supporting OT security professionals. NIST's comprehensive range of documents and case studies, freely available to the public, are a treasure trove of knowledge and guidance in our field.

NIST's OT Security Program, a collaborative initiative involving their Information Technology Laboratory and Communications Technology Laboratory, has yielded a series of documents integral to OT security. These documents are not just theoretical; they are practical tools that can significantly enhance our understanding and implementation of OT security measures.

I have compiled a list of key NIST documents that are particularly relevant to our field. This collection is meant to serve as a quick reference, bringing together valuable resources in one accessible place.

• NIST SP 800-82 Rev. 3, Guide to Operational Technology (OT) Security

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf

• The NIST Cybersecurity Framework 2.0 (CSF)

https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.ipd.pdf

• NIST Risk Management Framework (RMF)

https://csrc.nist.gov/Projects/risk-management

• NIST IR 8188, Key Performance Indicators for Process Control System Cybersecurity Performance Analysis

https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8188.pdf

• NISTIR 8089, An Industrial Control System Cybersecurity Performance Testbed

https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8089.pdf

Documents related to Manufacturing Sector:

• NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-10.pdf

https://www.nccoe.nist.gov/sites/default/files/2022-03/mf-ics-nist-sp1800-10b-final.pdf

https://www.nccoe.nist.gov/sites/default/files/2022-03/mf-ics-nist-sp1800-10c-final.pdf

• NIST IR 8183 Rev. 1, Cybersecurity Framework Version 1.1 Manufacturing Profile

https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8183r1.pdf

• NIST IR 8219, Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8219.pdf

• NIST IR 8183A Vol. 1, Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 1 – General Implementation Guidance

https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8183A-1.pdf

• NIST IR 8183A Vol. 2, Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 2 – Process-based Manufacturing System Use Case

https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8183A-2.pdf

• NIST IR 8183A Vol. 3, Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 3 – Discrete-based Manufacturing System Use Case

https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8183A-3.pdf

• NIST IR 8227, Manufacturing Profile Implementation Methodology for a Robotic Workcell

https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8227.pdf

• NIST IR 8177,Metrics and Key Performance Indicators for Robotic Cybersecurity Performance Analysis

https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8177.pdf

NCCOE: Manufacturing Sector Projects

• NIST CSWP 28, Security Segmentation in a Small Manufacturing Environment

https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.28.pdf

• NISTIR 8219, Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8219.pdf

• NISTIR 8419, Blockchain and Related Technologies to Support Manufacturing Supply Chain Traceability: Needs and Industry Perspectives

https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8419.pdf

Documents related to Energy Sector:

National Cybersecurity Center of Excellence (NCCOE): Energy Sector Projects

• NIST SP 1800-32, Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-32.pdf

• NIST SP 1800-2, Identity and Access Management for Electric Utilities

https://www.nccoe.nist.gov/sites/default/files/legacy-files/es-idam-sp1800-2.pdf

• NIST SP 1800-23, Energy Sector Asset Management For Electric Utilities, Oil & Gas Industry

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-23.pdf

• NIST SP 1800-7, Situational Awareness For Electric Utilitieshttps://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-7.pdf

• NIST IR 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8473.pdf

• NIST IR 8406-upd1, Cybersecurity Framework Profile for Liquefied Natural Gas

https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8406-upd1.pdf

Other Useful Documents - Common for both OT and IT

https://www.dhirubhai.net/posts/manjunathhiregange_nist-document-series-applicable-to-ot-security-activity-7044569308382863360-gdIr/

NIST's contributions are invaluable in helping us maintain and enhance the security of our OT systems. This article is intended as a starting point for exploring these resources, with an emphasis on continual learning.

I encourage my fellow professionals to explore these documents and share how they have applied NIST’s guidelines in their work. Let's engage in a conversation about our experiences and learn from each other’s insights.

#nist #standard #guidelines #otsecurity #icssecurity #icscybersecurity #industrialcybersecurity #criticalinfrastructureprotection