Webinar - CIP-015 Is Here: Paths to Compliance for Every Organization  Register Today
Support

SOLUTIONS

OT Asset Management
Configuration & Change Management
Policy Compliance
Vulnerability Management

PLATFORM

Industrial Defender Platform
Phoenix for SMBs
Services
Partners

INDUSTRIES

Power
Oil & Gas
Water
Manufacturing
US Government
See all

RESOURCES

Blog
Podcast
Resource Library
OT Cybersecurity Risk Assessment Calculator
Innovations by Industrial Defender
FAQ

COMPANY

About Us
How We Compare
Team
Events
Press
Careers
Contact Us

SUPPORT

REQUEST DEMO

No items found.

NIST Releases Pre-Draft Call for Updates to SP 800-82

Industrial Defender Staff
January 28, 2026

The National Institute of Standards and Technology (NIST) has initiated the process of revising SP 800-82, Guide to Operational Technology (OT) Security, and is inviting public input as part of that effort. For organizations responsible for industrial control systems and other OT environments, this is an important opportunity to help shape future guidance that is widely referenced across critical infrastructure sectors.

NIST has indicated that the revision will incorporate lessons learned, align more closely with updated NIST guidance including Cybersecurity Framework (CSF) 2.0, NIST IR 8286 Rev. 1, and NIST SP 800-53 Rev. 5.2.0, and reflect changes in the OT threat landscape as well as current OT cybersecurity standards and practices. The agency is asking the public to provide feedback on the guide’s effectiveness, relevance, and overall usefulness in helping organizations understand and manage OT cybersecurity risk.

The public comment period is open through February 23, 2026. Comments should be submitted to sp800-82rev4@nist.gov with the subject line “Comments on SP 800-82.”

SP 800-82's Role in Securing OT and Critical Infrastructure

NIST SP 800-82 is one of the most widely referenced cybersecurity guides for operational technology. It is designed to help organizations enhance the security of OT systems while accounting for performance, reliability, and safety requirements that are fundamental to industrial operations.

The guide provides:

  • An overview of OT environments and typical system architectures
  • Common threats to organizational missions and business functions supported by OT
  • Typical vulnerabilities found in industrial systems
  • Recommended safeguards and countermeasures to manage OT cybersecurity risk

SP 800-82 is part of the NIST Special Publication 800-series, which covers research, guidelines, and outreach related to computer security, as well as collaborative work with industry, government, and academia. While SP 800-82 itself is not regulatory, it is frequently referenced in sector guidance, audits, and internal security programs across energy, water, manufacturing, transportation, and other critical infrastructure industries.

The current version of the guide is SP 800-82 Revision 3, published in September 2023. Rather than releasing a draft Revision 4 immediately, NIST is starting with this pre-draft request for input to help determine what changes and additions would be most valuable to the OT community.

What Types of Changes Is NIST Considering for SP 800-82 R4?

In its call for public input, NIST outlined several areas where it is seeking feedback. These are not finalized changes, but they indicate the direction of travel for the next revision of the guide.

  1. Expanded guidance for different types of OT systems

    The proposed revision would expand guidance for different types of OT systems (e.g., building automation systems, transit systems, maritime systems). What types of OT systems should be highlighted in this expanded guidance?

  2. Expanded guidance for the application of technologies and capabilities in OT environments

    The proposed revision would provide new or expanded guidance on the use of various technologies and capabilities (e.g., behavioral anomaly detection, digital twins, Internet of Things, artificial intelligence, machine learning, zero trust, cloud, 5G and advanced wireless, edge computing) in OT environments. What technologies and capabilities should be highlighted in the revised guidance?

  3. Updates to OT threats, vulnerabilities, standards, and recommended practices

    The proposed revision would update guidance throughout the document to align with current OT cybersecurity standards and recommended practices. Updates would also be made to the OT threat landscape, vulnerabilities, incidents that have occurred, current activities in OT cybersecurity, and the cybersecurity capabilities, tools, and mitigations sections. How can NIST best both capture theses updates and provide an ongoing reference to other resources?

  4. Move various appendices to separate documents or web resources

    The proposed revision would move Appendix F (OT Overlay), to its own separate document. The proposed revision would also move Appendix C (Threat Sources, Vulnerabilities, and Incidents), Appendix D (OT Security Organizations, Research, and Activities), and Appendix E (OT Security Capabilities and Tools) to dynamic web resources. Would moving these Appendices improve the readability of the document?

  5. Removal of material from the current document

    The proposed revision would consider removing material that is outdated, unneeded, or no longer applicable. What material is seen as no longer needed or applicable in the document? When providing comments, please be specific and include the rationale for any proposed additions or deletions of material.

Foundational OT Security Practices Are Not Expected to Change

While NIST is exploring how SP 800-82 should evolve, we do not expect the core focus of OT cybersecurity guidance to fundamentally change. Based on how cybersecurity frameworks and regulatory expectations continue to develop, we expect foundational, cyber hygiene oriented controls to remain central to how organizations are expected to manage OT risk.

Asset management, for example is a core fundamental. Across frameworks and standards, organizations are consistently expected to maintain accurate and current inventories of OT devices, systems, software, and firmware, and to understand how those assets support operational processes. Keeping inventories updated as components are added, replaced, patched, or reconfigured remains essential to understanding risk and supporting nearly every other security function.

This extends beyond simply knowing that a device exists. In practice, effective OT asset management typically includes:

  • Unique identifiers to track assets over time
  • Hardware details such as vendor, model, and location
  • Software and firmware versions, including software bills of materials where available
  • Vendor and support information
  • Clear ownership and responsibility assignments across engineering, operations, and security teams

We also expect configuration management to remain a foundational expectation. Secure configuration baselines, access control settings, service hardening, and network restrictions continue to play an important role in reducing exposure in OT environments. These controls are also closely tied to formal change management processes, which are critical in environments where availability and safety requirements limit how quickly systems can be modified.

Logging and monitoring are similarly unlikely to diminish in importance. Network and computing devices such as routers, switches, firewalls, servers, and workstations are expected to generate logs that support monitoring, alerting, and incident response. Centralized log management and analysis helps organizations detect abnormal behavior and investigate incidents without relying solely on ad hoc troubleshooting.

We also expect updated guidance to continue recognizing practical OT constraints, such as latency sensitivity and device limitations that affect the use of encryption or certain endpoint protections. In OT environments, security decisions require informed tradeoffs rather than direct transplantation of IT security controls.

Taken together, while guidance may expand to address new technologies and system types, we expect foundational cyber hygiene practices to remain central to effective OT cybersecurity programs.

Public comments on the SP 800-82 revision process are open through February 23, 2026, and NIST encourages organizations across the OT community to share input on how the guide can better reflect today’s operational and security realities. In the meantime, as organizations continue to focus on foundational practices like asset management, configuration management, and security monitoring, Industrial Defender is ready to partner with customers looking to strengthen these core capabilities in real world industrial environments.

Solution Brief: OT Asset Management

View Resource

Stay up to date.

Sign up for our newsletter to receive the latest
Industrial Defender news, updates and content.

PRODUCTS
Industrial Defender Platform
SERVICES
Cyber Diligence ServiceCopilOT ServiceTMCommissioningSupportTrainingSustain
SOLUTION BY TYPE
OT Asset ManagementVulnerability ManagementSecurity Event MonitoringCompliance Reporting
SOLUTION BY FUNCTION
SecurityComplianceOperationsExecutive
SOLUTION BY INDUSTRY
Building AutomationChemicalElectricFederal GovernmentFood & AgricultureMaritimeMetals & MiningOil & GasPharmaceuticalsRailWater
RESOURCES
Resource CollectionGlossaryDefenderSphereIT-OT Integration LabOT Cybersecurity Risk CalculatorInnovations by IDGlossary
COMPANY
About UsHow We CompareTeamEventsPressCareersContact Us