Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Draft NISTIR 8183A is Available for Comment: Cybersecurity Framework Manufacturing Profile Low Security Level Example Implementations Guide

NIST has released Draft NISTIR 8183A (3 volumes), "Cybersecurity Framework Manufacturing Profile Low Security Level Example Implementations Guide," for public comment. Comments are due by July 8, 2019.

A draft implementation guide (NISTIR 8183A) for the Cybersecurity Framework (CSF) Manufacturing Profile Low Security Level has been developed for managing cybersecurity risk for manufacturers. It is aligned with manufacturing sector goals and industry best practices.

This guide provides general implementation guidance (Volume 1) and example proof-of-concept solutions demonstrating how currently available open-source and commercial off-the-shelf (COTS) products can be implemented in manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CSF) Manufacturing Profile Low Security Level. Example proof-of-concept solutions with measured network, device, and operational performance impacts for a process-based manufacturing environment (Volume 2) and a discrete-based manufacturing environment (Volume 3) are included in the guide. Depending on factors like size, sophistication, risk tolerance, and threat landscape, manufacturers should make their own determinations about the breadth of the proof-of-concept solutions they may voluntarily implement.

The CSF Manufacturing Profile (NISTIR 8183) can be used as a roadmap for managing cybersecurity risk for manufacturers and is aligned with manufacturing sector goals and industry best practices. It provides a voluntary, risk-based approach for managing cybersecurity activities and cyber risk to manufacturing systems. The Manufacturing Profile is meant to complement but not replace current cybersecurity standards and industry guidelines that the manufacturer is embracing.

The public comment period for these documents ends on July 8, 2019. See each of the publication details links for a copy of the documents, and instructions for submitting comments.

 

NOTE:  A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Released May 28, 2019, Updated June 7, 2019