Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8473 (Initial Public Draft)

Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

Date Published: July 14, 2023
Comments Due: August 28, 2023 (public comment period is CLOSED)
Email Questions to:


James McCarthy (NIST), Nakia Grayson (NIST), Joseph Brule (MITRE), Tom Cottle (MITRE), Alan Dinerman (MITRE), John Dombrowski (MITRE), Josie Long (MITRE), Karen Quigg (MITRE), Michael Thompson (MITRE), Anne Townsend (MITRE), Hillary Tran (MITRE), Nikolas Urlaub (MITRE)


This Cybersecurity Framework Profile (Profile) has been developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast Charging (XFC); (iii) XFC Cloud or Third-Party Operations; (iv) and Utility and Building Networks. The document provides a foundation that relevant parties may use to develop profiles specific to their organization to assess their cybersecurity posture as a part of their risk management process. This non-regulatory, voluntary profile is intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.


The EV/XFC Cybersecurity Framework Profile is designed to be part of an enterprise risk management program to aid organizations in managing threats to systems, networks, and assets within the EV/XFC ecosystem. The EV/XFC Cybersecurity Framework Profile is not intended to serve as a solution or compliance checklist. Users of this profile will understand that its application cannot eliminate the likelihood of disruption or guarantee some level of assurance.

Use of the Profile will help organizations:

  • Identify key assets and interfaces in each of the ecosystem domains.
  • Address cybersecurity risk in the management and use of EV/XFC services.
  • Identify the threats, vulnerabilities, and associated risks to EV/XFC services, equipment, and data.
  • Apply protection mechanisms to reduce risk to manageable levels.
  • Detect disruptions and manipulation of EV/XFC services.
  • Respond to and recover from EV/XFC service anomalies in a timely, effective, and resilient manner.

Join the Community of Interest

If you have expertise in EV/XFC and/or cybersecurity, consider joining the Community of Interest (COI) to receive the latest project news and announcements. Email the team at declaring your interest or complete the sign-up form on our project page.



Cybersecurity Framework; electric vehicle; EV/XFC ecosystem; extreme fast charging; Framework; Mission Objectives; Profile; risk management; security controls
Control Families

None selected


Download URL

Supplemental Material:
Project homepage
Submit comments

Document History:
07/14/23: IR 8473 (Draft)
10/16/23: IR 8473 (Final)


Security and Privacy

identity & access management, risk management


cybersecurity framework

Laws and Regulations

E-Government Act