Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Where to Start

The word “cybersecurity” can be intimidating, but efficiently managing risks to your data, information, and technology assets is a foundational aspect of effectively operating a business. Many businesses only begin to look at cybersecurity and privacy when it is required by a customer or they experience an incident such as a data breach or ransomware attack. Don’t wait until it’s too late! The sooner you start managing these risks, the better able you will be to cost-effectively adapt and comply with customer or industry requirements and respond if an incident does happen.

Small Business Guide

Small and medium-sized manufacturers (SMMs) are especially vulnerable to a cybersecurity event: they often are less prepared for an event, have valuable information that is not well protected, are willing to pay ransoms in order to avoid costly disruptions, and act as entry points to other valuable targets. But because SMMs often have less complex operational needs and IT/OT infrastructures, they may be able to quickly take some basic steps to defend their information and systems. View and download the manufacturer’s guide to cybersecurity for small and medium-sized manufacturers for some easy steps any manufacturer should be able to implement to quickly and cost effectively address cybersecurity risk.

This guide is based on guidance in the Cybersecurity Framework and generally accepted cyber hygiene best practices. It is broken down into five steps: Identify, Protect, Detect, Respond, and Monitor. It also has some basic practices you and your employees can take immediately to protect your data and information.

cyber 5 step assessment diagram

Privacy Framework Quick Start Guide

If your company collects and processes data on humans, such as for product testing or quality control purposes, you should understand the privacy implications related to how that data is processed and used. Similar to the Cybersecurity Framework, the Privacy Framework also has five steps: Identify, Govern, Control, Communicate, and Protect. Check out this quick start guide to better understand how to identify and manage privacy risks.

How Secure is Your Factory Floor

factory floor infographic thumbnail

As the manufacturing industry becomes more digitized, it is an increasingly popular target for cybercriminals. View this interactive infographic to explore potential vulnerabilities on your factor floor and review simple actionable guidelines to help mitigate risks.

Cybersecurity and Privacy Laws and Regulations

Most manufacturers are required to follow some Cybersecurity and Privacy standards, laws, regulations, or requirements. These may come from Federal, State, Local, or Tribal Governments, be industry-mandated, or voluntary. If your company sells products to the U.S. government, you may be required to comply with the minimum cybersecurity standards set by FAR and DFARS. Learn more about complying with Cybersecurity and Privacy Laws and Regulations

For additional information on cybersecurity, please contact your local MEP Center or email celia.paulsen [at] nist.gov (subject: Cybersecurity%20Inquiry) (Celia Paulsen) at NIST MEP.

Contacts

For General Information

  • MEP Headquarters
    (301) 975-5020
    100 Bureau Drive, M/S 4800
    Gaithersburg, MD 20899-4800
Created April 18, 2019, Updated October 1, 2021