NIST puts new cyber security standard up for comment

Since I just got this, I'm cross-posting it from my blog to Joe's... From Keith Stouffer at NIST: NIST is pleased to announce that the second public draft of Special Publication 800-82, Guideline to Industrial Control Systems (ICS) Security, is available for public comment. NIST SP 800-82 provides guidance on how to secure ICS, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability and safety requirements.  The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks.  This publication is the update to the first public draft, which was released in 2006. NIST SP 800-82 is available at There are 2 versions of the document available: A clean version at A markup version at         that tracks the changes that were made to the initial public draft. NIST requests comments on NIST SP 800-82 by November 30, 2007. Please submit comments to with "Comments SP 800-82" as the subject line. --Walt