NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Guide to Operational Technology (OT) Security

Published

Author(s)

Keith A. Stouffer, Michael Pease, CheeYee Tang, Timothy Zimmerman, Victoria Yan Pillitteri, Suzanne Lightman, Adam Hahn, Stephanie Saravia, Aslam Sherule, Michael Thompson

Abstract

This document provides guidance on how to secure operational technology (OT) while addressing their unique performance, reliability, and safety requirements. OT encompasses a broad range of programmable systems and devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems and devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building automation systems, transportation systems, physical access control systems, physical environment monitoring systems, and physical environment measurement systems. The document provides an overview of OT and typical system topologies, identifies common threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks.
Citation
Special Publication (NIST SP) - 800-82r3
Report Number
800-82r3
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-82r3
Local Download

Keywords

computer security, distributed control systems (DCS), industrial control systems (ICS), information security, network security, operational technology (OT), programmable logic controllers (PLC), risk management, security controls, supervisory control and data acquisition (SCADA) systems.
Standards and Information technology

Citation

Stouffer, K. , Pease, M. , Tang, C. , Zimmerman, T. , Pillitteri, V. , Lightman, S. , Hahn, A. , Saravia, S. , Sherule, A. and Thompson, M. (2023), Guide to Operational Technology (OT) Security, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-82r3, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=956505 (Accessed October 6, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created September 28, 2023
Was this page helpful?