SP 800-82’s purpose is to provide guidance for establishing secure SCADA and industrial control systems, including the security of legacy systems. NIST says the guide will provide an industrial control system overview and typical system topologies to facilitate understanding of the unique requirements of industrial control systems. It also will identify typical vulnerabilities and threats to these systems, and provide recommended security countermeasures to mitigate associated risks.
To help with this effort, NIST is seeking subject matter experts (SMEs) to actively review and provide feedback on the content and organization of the document, as well as provide additional material where requested. These SME reviewers, says NIST, will be expected to actively provide comments, material, and feedback on the document. The document is at the rough draft stage and isn’t ready for public release yet. The purpose of the SME review is to get the document into a condition that is ready for public review and comment.
SP 800-82 also will go through the formal SP 800 series review process. After revisions, based on the SME review, the document will be released as a first public draft for a 90-day review and comment period. After revisions, based on the first public review, the document will again be released as a second public draft for a 60-day review and comment period. After revisions, based on the second public review, the document will have a third/final release with 30 days for review and comment.
The SME Draft of SP 800-82 was scheduled to be distributed on March 6, 2006. NIST says all feedback on comments must be received by April 28, 2006. It hopes to have a first public draft by June 1, 2006.