Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Where Do I Start?

Assessing your company’s cybersecurity risks and implementing controls to protect your business’s data doesn’t have to be overwhelming and scary. There are steps that any small manufacturing company should take to ensure their data is secure.

Five Steps to Reduce Cyber Risks

This resource is for small manufacturers to quickly and cost effectively address cybersecurity threats. These simple, low cost steps are based on the official NIST guidance from the Cybersecurity Framework and have been tailored to meet the needs of small companies so they can identify, assess and manage cybersecurity risks.


cyber 5 step assessment diagram

Manufacturers Guide to Cybersecurity for Small and Medium-Sized Manufacturers

cybersecurity lock with a technology background

SMMs often have more to lose than larger manufacturers because a cyber event — whether due to a hacker, natural disaster or business resource loss — can have a major impact. SMMs are often less prepared to handle these types of events. But because SMMs often have less complex operational needs and IT infrastructure, they may be able to take steps to detect and recover from a cybersecurity incident quickly. It is vitally important that you consider how to protect your business before an incident occurs. View and download the Manufacturers Guide to Cybersecurity for Small and Medium-Sized Manufacturers.

Additional Resources

Information Security for Small Business: The Fundamentals – NISTIR 7621

The NIST Interagency Report (NISTIR) provides guidance on how small businesses can provide basic security for their information, systems, and networks. This NISTIR uses the Framework for Improving Critical Infrastructure Cybersecurity as a template for organizing cybersecurity risk management processes and procedures. Although the Cybersecurity Framework, created through collaboration between government and the private sector, was originally developed specifically for critical infrastructure organizations, it has proven useful to a variety of audiences and is used in this publication to organize information and cybersecurity best practices in an accepted and logical format.

NIST Small Business Cybersecurity Corner

cyber small business corner image

The vast majority of smaller businesses rely on information technology to run their businesses and to store, process, and transmit information. Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies and their customers.

With limited resources and budgets, these companies need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them to cost-effectively address and manage their cybersecurity risks. The NIST Small Business Cybersecurity Corner puts these key resources in one place.

Blogs and Articles of Interest

View articles on the Cybersecurity topic that have been posted on the  Manufacturing Innovation blog.

Federal Agency Resources

Department of Homeland Security Cybersecurity Resources

Federal Bureau of Investigation InfraGuard

Federal Trade Commission – Cybersecurity for Small Business

Federal Communications Commission – Cybersecurity for Small Business

NIST Cybersecurity Publications

Small Business Administration

For additional information on cybersecurity, please contact your local MEP Center or email celia.paulsen [at] (subject: Cybersecurity%20Inquiry) (Celia Paulsen) at NIST MEP.


For General Information

  • MEP Headquarters
    (301) 975-5020
    100 Bureau Drive, M/S 4800
    Gaithersburg, MD 20899-4800
Created April 18, 2019, Updated June 25, 2021