Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide to Industrial Control Systems (ICS) Security (final draft)



Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone


[Superseded by NIST SP 800-82 (June 2011): pub_id=907249] The purpose of this document is to provide guidance for securing industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other systems performing control functions. The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks. Because there are many different types of ICS with varying levels of potential risk and impact, the document provides a list of many different methods and techniques for securing ICS. The document should not be used purely as a checklist to secure a specific system. Readers are encouraged to perform a risk-based assessment on their systems and to tailor the recommended guidelines and solutions to meet their specific security, business and operational requirements. The scope of this document includes ICS that are typically used in the electric, water and waste water, oil and natural gas, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (automotive, aerospace, and durable goods) industries.
Special Publication (NIST SP) - 800-82
Report Number


computer security, distributed control systems (DCS), industrial control systems (ICS), information security, network security, programmable logic controllers (PLC), risk management, security controls, supervisory control and data acquisition (SCADA) systems


Stouffer, K. , Falco, J. and Scarfone, K. (2008), Guide to Industrial Control Systems (ICS) Security (final draft), Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed July 24, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created September 2, 2008, Updated July 26, 2017