Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Project Description (Initial Public Draft)

Detecting and Protecting Against Data Integrity Attacks in Industrial Control Systems Environments: Cybersecurity for the Manufacturing Sector

Date Published: June 2019
Comments Due: July 25, 2019 (public comment period is CLOSED)
Email Questions to:


Keith Stouffer (NIST), CheeYee Tang (NIST), Timothy Zimmerman (NIST), Michael Powell (NIST), James McCarthy (NIST), Titilayo Ogunyale (MITRE), Lauren Acierto (MITRE), Lura Danley (MITRE)


The National Cybersecurity Center of Excellence (NCCoE) at NIST, in conjunction with NIST's Engineering Laboratory (EL) and industry collaborators, is seeking comments on a draft project description for securing manufacturing control systems. It will highlight how manufacturing organizations can take a comprehensive approach to enhancing the security of their industrial control systems (ICS) by leveraging the following cybersecurity capabilities:   

  • behavioral anomaly detection,
  • security incident and event monitoring,
  • industrial control system application whitelisting,
  • malware detection and mitigation,
  • change control management,
  • user authentication and authorization,
  • access control least privilege, and
  • file integrity-checking mechanisms.

The solution will use security controls that map to the NIST Cybersecurity Framework and industry standards and best practices. The project will result in a publicly-available NIST Cybersecurity Practice Guide (SP 1800 series) and will document an approach that organizations can use to strengthen the integrity of their data against destructive malware, insider threats, and unlicensed software within manufacturing environments that rely on ICS.



access control least privilege; application whitelisting; behavioral anomaly detection; change control management; Cybersecurity Framework; file integrity checking mechanisms; industrial control systems; malware detection and mitigation; manufacturing; security incident and event monitoring; unauthorized software
Control Families

None selected


Project Description (pdf)

Supplemental Material:
Submit Comments
Project homepage

Document History:
06/12/19: Project Description (Draft)
02/07/20: Project Description (Final)