NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Guide to Industrial Control Systems (ICS) Security (final draft)

Published

Author(s)

Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone

Abstract

[Superseded by NIST SP 800-82 (June 2011): http://www.nist.gov/manuscript-publication-search.cfm? pub_id=907249] The purpose of this document is to provide guidance for securing industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other systems performing control functions. The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks. Because there are many different types of ICS with varying levels of potential risk and impact, the document provides a list of many different methods and techniques for securing ICS. The document should not be used purely as a checklist to secure a specific system. Readers are encouraged to perform a risk-based assessment on their systems and to tailor the recommended guidelines and solutions to meet their specific security, business and operational requirements. The scope of this document includes ICS that are typically used in the electric, water and waste water, oil and natural gas, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (automotive, aerospace, and durable goods) industries.
Citation
Special Publication (NIST SP) - 800-82
Report Number
800-82
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Keywords

computer security, distributed control systems (DCS), industrial control systems (ICS), information security, network security, programmable logic controllers (PLC), risk management, security controls, supervisory control and data acquisition (SCADA) systems
Information technology, Cybersecurity and privacy and Internet of Things (IoT)

Citation

Stouffer, K. , Falco, J. and Scarfone, K. (2008), Guide to Industrial Control Systems (ICS) Security (final draft), Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed October 10, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created September 2, 2008, Updated July 26, 2017
Was this page helpful?