Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 3 – Discrete-based Manufacturing System Use Case

Stouffer, Keith; Zimmerman, Timothy; Tang, CheeYee; Pease, Michael; Cichonski, Jeffrey; Shah, Neeraj; Downard, Wesley

doi:https://doi.org/10.6028/NIST.IR.8183A-3

NIST IR 8183A Vol. 3

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 3 – Discrete-based Manufacturing System Use Case

Documentation Topics

Date Published: September 2019

Author(s)

Keith Stouffer (NIST), Timothy Zimmerman (NIST), CheeYee Tang (NIST), Michael Pease (NIST), Jeffrey Cichonski (NIST), Neeraj Shah (Strativia), Wesley Downard (G2)

Abstract

This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in discrete-based manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CSF) Manufacturing Profile Low Security Level. The example proof-of-concept solutions include measured network, device, and operational performance impacts observed during the implementation. Manufacturers should make their own determinations about the breadth of the proof-of-concept solutions they voluntarily implement. Some important factors to consider include: company size, cybersecurity expertise, risk tolerance, and the threat landscape. The CSF Manufacturing Profile can be used as a roadmap for managing cybersecurity risk for manufacturers and is aligned with manufacturing sector goals and industry best practices. The Manufacturing Profile provides a voluntary, risk-based approach for managing cybersecurity activities and cyber risk to manufacturing systems. The Manufacturing Profile is meant to complement but not replace current cybersecurity standards and industry guidelines that the manufacturer is embracing.

Keywords

computer security; Cybersecurity Framework (CSF); distributed control systems (DCS); industrial control systems (ICS); information security; manufacturing; network security; programmable logic controllers (PLC); risk management; security controls; supervisory control and data acquisition (SCADA) systems

Control Families

Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Program Management; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8183A-3
Download URL

Supplemental Material:
None available

Publication Volumes:
IR 8183A Vol. 1
IR 8183A Vol. 2
IR 8183

Related NIST Publications:
IR 8183

Document History:
05/28/19: IR 8183A Vol. 3 (Draft)
09/30/19: IR 8183A Vol. 3 (Final)

Topics

Security and Privacy

identity & access management, risk management, security programs & operations

Applications

cybersecurity framework, industrial control systems, small & medium business

Laws and Regulations

Executive Order 13636

Sectors

manufacturing