Centers in the MEP National NetworkTM assist small and medium-sized manufacturers (SMMs) on managing their Cybersecurity risks using a variety of tools, including adoption of the NIST Cybersecurity Framework (https://www.nist.gov/cyberframework/framework).
The recent release of version 1.1 of the Framework explains how the Framework can be used by manufacturers to understand and assess their cybersecurity risk.
The Cybersecurity Framework is designed to reduce risk by improving the management of cybersecurity risk. Manufacturers using the Framework can measure and assign values to their risk along with the cost and benefits of steps taken to reduce risk. The better a manufacturer can measure its cybersecurity risk and costs, the more effective its cybersecurity solutions will be. Over time, self-assessment should improve decision-making on a manufacturer’s cybersecurity investment priorities. The Framework can be used to self-assess cybersecurity risk.
The MEP National Network has been dynamic in providing awareness and assistance to help U.S. manufacturers protect their information assets from the risks of cyberattacks. MEP Centers across the nation provide valuable assistance to SMMs seeking reduction of their cyber risks. For additional information, visit the NIST MEP Cybersecurity Resources for Manufacturers webpage (https://www.nist.gov/mep/cybersecurity-resources-manufacturers).
MEP Centers work with clients to help identify, assess and manage their cybersecurity risks. MEP Centers guide SMMs through a self-assessment against the Cybersecurity Framework.
MEP Centers also assist manufacturers in the Department of Defense (DoD) supply chain who must meet the DFARS Cybersecurity requirements. Since 2017, the MEP National Network has provided direct assistance to over 1100 DoD contractors.
All DoD contractors and subcontractors that process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security requirements or risk losing their DoD contracts. These cybersecurity requirements must be implemented based on the information security guidance in NIST Special Publication 800-171 rev 1, titled “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations” (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf).
MEP Centers help manufacturers through a self-assessment process using NIST Handbook 162 "NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements.” The Handbook is available at: http://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf
Since its publication in November 2017, Handbook 162 has been downloaded over 13,000 times. The Handbook provides a step-by-step guide to self-assessment of an information system against the security requirements in NIST SP 800-171 rev 1. It serves as an invaluable resource for SMMs to better understand security requirements and their implementation.
The Handbook may also be useful for other communities outside the DoD supply chain interested in applying the NIST SP 800-171 security requirements, including those seeking to comply with the CUI Federal Acquisition Regulation (FAR) clause.
The MEP National Network helps SMMs understand, select and manage the best set of Cybersecurity requirements to meet their needs. As new industry-developed security requirements are released, MEP Centers stand ready to assist SMMs with cybersecurity resources to protect their businesses.
Additional Cybersecurity guidance for SMMs can be found in:
NISTIR 7621rev1 - Small Business Information Security: The Fundamentals, https://csrc.nist.gov/publications/detail/nistir/7621/rev-1/final, and
NISTIR 8183 - The Cybersecurity Framework Manufacturing Profile, https://csrc.nist.gov/publications/detail/nistir/8183/final
NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. NIST is a non-regulatory agency of the U.S. Department of Commerce. To learn more about NIST, visit www.nist.gov.