NIST has started revising NIST SP 800-82 (the “Guide to Operational Technology (OT) Security”) and released an initial preliminary draft (Rev. 4) with a public call for comments. The update is meant to incorporate lessons learned and better align OT guidance with newer NIST materials such as the Cybersecurity Framework (CSF) 2.0, NIST IR 8286 Rev. 1 (risk management), and NIST SP 800-53 Rev. 5.2.0, while also reflecting how the OT threat landscape has evolved. NIST is explicitly asking practitioners what would make the guide more effective and usable for managing OT cyber risk, with comments due February 23, 2026.

The draft direction includes expanding coverage beyond “classic ICS” to more OT domains (e.g., building automation, transit, and maritime), and adding clearer guidance on newer technologies and defensive capabilities that OT teams are increasingly evaluating—such as behavioral anomaly detection, digital twins, IoT, AI/ML, zero trust, cloud, 5G/advanced wireless, and edge computing. NIST also proposes refreshing sections on OT threats, vulnerabilities, incidents, tools, and mitigations, and restructuring the document to improve readability—moving the OT Overlay into a standalone document and shifting several appendices (threats/incidents, orgs/research, capabilities/tools) into dynamic web resources that can be updated more frequently.

Source: https://industrialcyber.co/nist/nist-begins-overhaul-of-sp-800-82-to-strengthen-ot-cybersecurity-guidance-align-with-updated-nist-frameworks/