Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide Released
September 30, 2019

An Implementation Guide for the Cybersecurity Framework (CSF) Manufacturing Profile Low Impact Level has been developed for manufacturers managing cybersecurity risk that is aligned with manufacturing sector goals and industry best practices.

Many small and medium-sized manufacturers have expressed challenges in implementing a standards-based cybersecurity program. The Guide drives the CSF Manufacturing Profile to practice and will enable manufacturers to select and deploy cybersecurity tools and techniques that best fit their needs while addressing the demanding system operational performance, reliability, and safety requirements.

The Guide provides general implementation guidance (Volume 1) and two complete example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf products can be implemented in manufacturing environments to satisfy the Guide’s requirements. Also included are the complete example proof-of-concept solutions with measured network, device, and operational performance impacts for a process-based manufacturing environment (Volume 2), and a discrete-based manufacturing environment (Volume 3), as well as example proof-of-concept cybersecurity policy and procedure documents.

  • NISTIR 8183A Volume 1, Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 1 – General Implementation Guidance,      81 pages
  • NISTIR 8183A Volume 2, Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 2 – Process-based Manufacturing System Use Case, 353 pages
  • NISTIR 8183A Volume 3, Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 3 – Discrete-based Manufacturing System Use Case, 296 pages

The CSF Manufacturing Profile—specified in NISTIR 8183—provides a voluntary, risk-based approach for managing cybersecurity activities and cyber risk to manufacturing systems. The Manufacturing Profile is meant to complement but not replace current cybersecurity standards and industry guidelines that the manufacturer is embracing.

Created September 27, 2019, Updated September 30, 2019