Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Where Do I Start?

Assessing your company’s cybersecurity risks and implementing controls to protect your business’s data doesn’t have to be overwhelming and scary. There are steps that any small manufacturing company should take to ensure their data is secure.

Five Steps to Reduce Cyber Risks

This resource is for small manufacturers to quickly and cost effectively address cybersecurity threats. These simple, low cost steps are based on the official NIST guidance from the Cybersecurity Framework and have been tailored to meet the needs of small companies so they can identify, assess and manage cybersecurity risks.

cyber 5 step assessment diagram

Cybersecurity Self Assessment Tool

The NIST MEP Cybersecurity Assessment Tool allows U.S. small manufacturers to self-evaluate the level of cyber risk to their business.  The assessment is based on the National Institute of Standards and Technology’s (NIST) Cyber Security Framework.  This tool is to be used only for guidance and does not imply approval by NIST MEP and cannot be used to demonstrate compliance.

Additional Resources

Information Security for Small Business: The Fundamentals – NISTIR 7621

The NIST Interagency Report (NISTIR) provides guidance on how small businesses can provide basic security for their information, systems, and networks. This NISTIR uses the Framework for Improving Critical Infrastructure Cybersecurity as a template for organizing cybersecurity risk management processes and procedures. Although the Cybersecurity Framework, created through collaboration between government and the private sector, was originally developed specifically for critical infrastructure organizations, it has proven useful to a variety of audiences and is used in this publication to organize information and cybersecurity best practices in an accepted and logical format.

NIST Small Business Cybersecurity Corner

The vast majority of smaller businesses rely on information technology to run their businesses and to store, process, and transmit information. Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies and their customers.

With limited resources and budgets, these companies need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them to cost-effectively address and manage their cybersecurity risks. The NIST Small Business Cybersecurity Corner puts these key resources in one place.

Blogs and Articles of Interest

View articles on the Cybersecurity topic that have been posted on the  Manufacturing Innovation blog.

Federal Agency Resources

Department of Homeland Security

Department of Homeland Security Cybersecurity Resources

Federal Bureau of Investigation Info Guard

Federal Trade Commission – Cybersecurity for Small Business

Federal Communications Commission – Cybersecurity for Small Business

Federal Trade Commission Tips and Tricks

NIST Cybersecurity Publications

Small Business Administration


For additional information on cybersecurity, please contact your local MEP Center or email patricia.toth [at] (subject: Cybersecurity%20Inquiry) (Pat Toth) at NIST MEP.


For General Information

  • MEP Headquarters
    (301) 975-5020
    100 Bureau Drive, M/S 4800
    Gaithersburg, MD 20899-4800
Created April 18, 2019, Updated November 15, 2019