Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Manufacturing Extension Partnership (MEP)

Resources and Guidance by Topic

Businesses large and small need to manage their cybersecurity risk. But every business is different. Understanding the needs of your business and applying best practices to mitigate the risks your organization faces is the best way to prevent and respond to potential threats.

Cybersecurity Resources for Small to Medium-Sized Manufacturers: A Fireside Chat with the NIST Manufacturing Extension Partnership (MEP) — The webinar provides an overview of the NIST Manufacturing Extension Partnership (MEP) and highlights the cybersecurity resources available to the nation’s small and medium-sized manufacturers (SMMs).Speakers:Dr. Jyoti Malhotra, Division Chief, National Programs, NIST MEPSavann Thorn, IT Specialist (Security), NIST MEPDaniel Eliot, Lead for Small Business Engagement, Applied Cybersecurity Division, NIST

Cybersecurity Framework Manufacturing Profile

NISTIR 8183, the Manufacturing Profile of the Cybersecurity Framework, can be used as a roadmap for reducing cybersecurity risk in manufacturing systems in a way that is aligned with manufacturing sector goals and industry best practices. Along with the Manufacturing Profile is a three-volume implementation guide:

Internet of Things (IoT) Device Manufacturers

NISTIR 8259, “Foundational Cybersecurity Activities for IoT Device Manufacturers” describes recommended activities related to cybersecurity that manufacturers should consider performing before their IoT devices are sold to customers.

Securing Operational Technology

NIST SP 800-82 Rev. 3, “Guide to Operational Technology (OT) Security” provides guidance on how to secure operational technology (OT) while addressing their unique performance, reliability, and safety requirements.

Security Segmentation in a Small Manufacturing Environment

This paper provides an overview of security segmentation and presents an example of a security segmentation design using a six-step approach.

NIST Small Business Cybersecurity Corner

The Small Business Cybersecurity Corner provides links to a wealth of resources from multiple sources. Resources include guidance on cybersecurity basics, responding to an incident, planning guides, case studies, and training resources specifically tailored to the needs of small businesses.

Protect Your Business From Scammers

scams and small manufacturers brochure cover

When scammers target your business, it can hurt your reputation and your bottom line. In this brochure, learn the signs of scams that target small manufacturers and when to do if you spot a scam.

Cybersecurity Strengthens U.S. Manufacturers Infographic

Cybersecurity protects the confidentiality, integrity, and availability of your information. A cybersecurity program provides advantages for small and medium-sized manufacturers. This infographic explains the importance of managing cyber risks for manufacturers.

Free Tools for Implementing Cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) captures a list of free CISA and non-CISA tools to aid in cybersecurity. Additionally, below are several free tools mapped to the NIST CSF 2.0.

Govern

The NIST Cybersecurity Framework (CSF) provides an outline for how to achieve cybersecurity outcomes, regardless of organizational size or maturity. Incorporating the functions and categories of the CSF into organizational cybersecurity policy ensures broad coverage across each of the major cybersecurity topics to manage and reduce risk.

The Manufacturing Profile offers guidance on how to implement the CSF specifically for manufacturing organizations. The Profile further tailors guidance based on impact level of system within the Manufacturing environment.

Identify

CISA offers the Cyber Security Evaluation Tool (CSET) which is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices.

CISA publishes cybersecurity alerts and advisories through a variety of reports to spread awareness of vulnerabilities, indicators of compromise, tactics and techniques of known threat actors, and mitigations.

CISA Tabletop Exercise Packages (CTEPs) are a comprehensive set of resources designed to assist stakeholders in conducting their own exercises. Cybersecurity, physical security, and cyber-physical convergence scenarios have been developed to test the company’s response and recovery capabilities.

Protect

CISA partnered with INL to develop training for Industrial Control Systems (ICS). Web based training is offered through the CISA Virtual Learning Portal, and instructor led training is also available. All CISA training courses are presented with no tuition cost to the attendee.

NIAP publishes a Product Compliant List of evaluated products which comply with the requirements of the National Information Assurance Partnership (NIAP) program and, where applicable, Federal Information Processing Standards (FIPS). Although this is not specifically designed for manufacturing, it is useful for identifying commercially available vendor products which have gone through a security approval process.

International Society of Automation Security Compliance Institute is a non-profit entity which certifies OT Components, Systems, and Organizations to the ISA/IEC 62443 set of standards. This provides a list of certified (according to the standard) products commonly found in manufacturing environments called ISASecure.

Detect

Malcolm is a network traffic analysis tool suite offered through a partnership between Idaho National Laboratory and CISA. It was created to support all 16 critical infrastructure sectors and contains parsers for many ICS-specific protocols.

Respond

CISA encourages reporting of cyber incidents through their Incident Reporting System.

NIST provides templates and examples of Incident Response Plans which are specific to manufacturing. Volume 2 is focused on process-based manufacturing and Volume 3 is focused on discrete-based manufacturing. Refer to Section 3.5.

NIST provides the Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT), including a flow chart, for how to perform incident handling and digital forensics specific to operational technology.

Recover

NIST provides templates and examples of System Recovery Plans which are specific to manufacturing. Volume 2 is focused on process-based manufacturing and Volume 3 is focused on discrete-based manufacturing. Refer to Section 3.6.

Blogs

Cardboard boxes with text made in USA and American flag on the roller conveyor

What’s Coming for US Manufacturing in 2025

February 20, 2025

G. Nagesh Rao and Jyoti K. Malhotra

The U.S. manufacturing industry is evolving at a rapid pace, driven by new technologies, smarter supply chains, and an increasingly dynamic workforce. In 2025

Digitalization of modern business process

Industry 4.0 and cybersecurity – How to protect your investment

June 18, 2024

Pat Toth

Digital transformations are notoriously difficult for small and medium-sized manufacturers (SMMs). SMMs need to meet production goals, recruit and retain talent

For additional information on cybersecurity, please contact an MEP Center or email NIST MEP at mepcyber [at] nist.gov (mepcyber[at]nist[dot]gov).

Cybersecurity and Manufacturing

Contacts

For General Information

MEP Headquarters

[email protected]

(301) 975-5020

100 Bureau Drive, M/S 4800
Gaithersburg, MD 20899-4800

Created December 1, 2017, Updated August 8, 2025

Was this page helpful?