Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Where Do I Start?

Assessing your company’s cybersecurity risks and implementing controls to protect your business’s data doesn’t have to be overwhelming and scary. There are steps that any small manufacturing company should take to ensure their data is secure.

Five Steps to Reduce Cyber Risks

This resource is for small manufacturers to quickly and cost effectively address cybersecurity threats. These simple, low cost steps are based on the official NIST guidance from the Cybersecurity Framework and have been tailored to meet the needs of small companies so they can identify, assess and manage cybersecurity risks.

 

cyber 5 step assessment diagram

Manufacturers Guide to Cybersecurity for Small and Medium-Sized Manufacturers

SMMs often have more to lose than larger manufacturers because a cyber event — whether due to a hacker, natural disaster or business resource loss — can have a major impact. SMMs are often less prepared to handle these types of events. But because SMMs often have less complex operational needs and IT infrastructure, they may be able to take steps to detect and recover from a cybersecurity incident quickly. It is vitally important that you consider how to protect your business before an incident occurs. View and download the Manufacturers Guide to Cybersecurity for Small and Medium-Sized Manufacturers.

Cybersecurity Self Assessment Tool

The NIST MEP Cybersecurity Assessment Tool allows U.S. small manufacturers to self-evaluate the level of cyber risk to their business.  The assessment is based on the National Institute of Standards and Technology’s (NIST) Cyber Security Framework.  This tool is to be used only for guidance and does not imply approval by NIST MEP and cannot be used to demonstrate compliance.

Additional Resources

Information Security for Small Business: The Fundamentals – NISTIR 7621

The NIST Interagency Report (NISTIR) provides guidance on how small businesses can provide basic security for their information, systems, and networks. This NISTIR uses the Framework for Improving Critical Infrastructure Cybersecurity as a template for organizing cybersecurity risk management processes and procedures. Although the Cybersecurity Framework, created through collaboration between government and the private sector, was originally developed specifically for critical infrastructure organizations, it has proven useful to a variety of audiences and is used in this publication to organize information and cybersecurity best practices in an accepted and logical format.

NIST Small Business Cybersecurity Corner

The vast majority of smaller businesses rely on information technology to run their businesses and to store, process, and transmit information. Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies and their customers.

With limited resources and budgets, these companies need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them to cost-effectively address and manage their cybersecurity risks. The NIST Small Business Cybersecurity Corner puts these key resources in one place.

Blogs and Articles of Interest

View articles on the Cybersecurity topic that have been posted on the  Manufacturing Innovation blog.

Federal Agency Resources

Department of Homeland Security Cybersecurity Resources

Federal Bureau of Investigation InfraGuard

Federal Trade Commission – Cybersecurity for Small Business

Federal Communications Commission – Cybersecurity for Small Business

NIST Cybersecurity Publications

Small Business Administration

 

For additional information on cybersecurity, please contact your local MEP Center or email Pat Toth at NIST MEP.

Contacts

For General Information

  • MEP Headquarters
    (301) 975-5020
    100 Bureau Drive, M/S 4800
    Gaithersburg, MD 20899-4800
Created April 18, 2019, Updated June 15, 2020