Many small and medium-sized manufacturers struggle to implement an effective standards-based cybersecurity program. To assist in this effort, the National Institute of Standards and Technology issued an Implementation Guide for the Cybersecurity Framework (CSF) Manufacturing Profile Low Impact Level for manufacturers managing cybersecurity risk aligned with manufacturing sector goals and industry best practices.
The Guide drives the CSF Manufacturing Profile enabling manufacturers to select and deploy cybersecurity tools and techniques that best fit their needs, while also addressing the demanding system operational performance, reliability, and safety requirements, NIST said in a release.
The Guide provides general implementation guidance (Volume 1) and two complete examples of proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf products can be used in manufacturing environments to satisfy the Guide’s requirements. Also included are complete examples of proof-of-concept solutions with measured network, device, and operational performance impacts for a process-based manufacturing environment (Volume 2), and a discrete-based manufacturing environment (Volume 3), as well as an example of a proof-of-concept cybersecurity policy and procedure documents, NIST stated.
The volumes of NISTIR 8183A, Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide, include:
NIST advised the CSF Manufacturing Profile—specified in NISTIR 8183—provides a voluntary, risk-based approach for managing cybersecurity activities and cyber risk to manufacturing systems. The Manufacturing Profile is meant to complement current cybersecurity standards and industry guidelines that a manufacturer is currently using.
Related publication: NISTIR 8183, Cybersecurity Framework Manufacturing Profile:
https://csrc.nist.gov/publications/detail/nistir/8183/final