The National Institute of Standards and Technology released a draft revision to its Cybersecurity Framework (CSF) Manufacturing Profile, NISTIR 8183, that includes the subcategory enhancements established in NIST's Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, NIST said in a release. These updates include managing cybersecurity within the supply chain, self-assessing cybersecurity risk, vulnerability disclosure, system integrity, and more comprehensive controls for identity management. Additional changes include updating language to change references from "security levels" to "impact levels."
NIST developed the Manufacturing Profile for manufacturers managing cybersecurity risk; it is aligned with manufacturing sector goals and industry best practices. The Manufacturing Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk in manufacturing systems. NIST said the Manufacturing Profile is intended to enhance but not replace current cybersecurity standards and industry guidelines that the manufacturer is already using.
Please use the NIST template when preparing your comments for submission. Email comments to: CSF_Manufacturing_Profile@nist.gov