The National Institute of Standards and Technology (NIST) wants input on a major rewrite of its “Guide to Industrial Control Systems (ICS) Security.” Once run on stand-alone proprietary hardware and software, industrial control systems increasingly are networked and Internet-enabled. This has led to security problems for many critical infrastructure facilities.
The draft of the new guide includes updates to its sections on ICS threats and vulnerabilities, risk management, recommended practices, security architectures and security capabilities and tools. A new appendix discusses how to incorporate recommendations from the 2013 update to NIST’s “Security and Privacy Controls for Federal Information Systems and Organizations”.
Comments are due by July 18. Comments may be submitted by mail to: National Institute of Standards and Technology; Attn: Computer Security Division, Information Technology Laboratory; 100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930; or by email to: firstname.lastname@example.org.