You are here

NIST Publishes a Cybersecurity Framework Profile for the Manufacturing Industry

Written by: Matthew T. MacDonald, CCSFP, CISA

The National Institute for Standards and Technology (NIST) released a publication in September 2017 allowing the manufacturing industry to build a cybersecurity framework profile to better align its controls against cybersecurity threats. Per the Publication, “The ‘Manufacturing Profile’ of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices.” This profile is a “voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to manufacturing systems.”

The manufacturing profile assesses a variety of manufacturing industry categorizations, including process-based (continuous and batch processes), discrete-based, or a combination of both. The cybersecurity profile is valuable for manufacturers who are interested in:

  • Improving their cybersecurity posture and resiliency against cybersecurity threats
  • Utilizing a standard approach for preparing a mature and evolving cybersecurity plan 

All profiles will be used to assess and review the most critical areas of cybersecurity including identification, protection, detection, response, and recovery. A total of ninety-eight security objectives can be defined at a low, moderate or high rating. The composite ratings identify a target profile for manufacturers.

With this information, manufacturers can compare a target profile to their current profile to determine gaps in their minimum level of compliance. In this way, manufacturers can use their target profile to realistically and actionably manage their cybersecurity risk through control implementation. Manufacturers can also continuously improve on the cybersecurity controls that are in place by conducting this comparison annually. 

If you have any questions about these changes, please contact William Nowik, CCSFP, CISSP, CISA, PCIP, QSA, Principal, at 617-428-5469 or wnowik@wolfandco.com