The National Cybersecurity Center of Excellence (NCCoE) today released for public comment the initial public draft of NIST Internal Report (NIST IR) 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure. The comment period is open through August 28, 2023.
This Cybersecurity Framework Profile (Profile) has been developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast Charging (XFC); (iii) XFC Cloud or Third-Party Operations; (iv) and Utility and Building Networks. The document provides a foundation that relevant parties may use to develop profiles specific to their organization to assess their cybersecurity posture as a part of their risk management process. This non-regulatory, voluntary profile is intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.
The EV/XFC Cybersecurity Framework Profile is designed to be part of an enterprise risk management program to aid organizations in managing threats to systems, networks, and assets within the EV/XFC ecosystem. The EV/XFC Cybersecurity Framework Profile is not intended to serve as a solution or compliance checklist. Users of this profile will understand that its application cannot eliminate the likelihood of disruption or guarantee some level of assurance.
Use of the Profile will help organizations:
The public comment period closes at 11:59 p.m. EDT on Monday, August 28, 2023. Please email all draft comments to evxfc-nccoe@nist.gov. We encourage you to submit all feedback using the comment template found on our project page.
Security and Privacy: identity & access management, risk management
Applications: cybersecurity framework
Laws and Regulations: E-Government Act
Sectors: transportation