The National Institute for Standards and Technology (NIST) released a publication in September 2017 allowing the manufacturing industry to build a cybersecurity framework profile to better align its controls against cybersecurity threats. Per the publication, “The Manufacturing Profile of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices.” This profile is a “voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to manufacturing systems.”
The NIST manufacturing profile assesses a variety of manufacturing industry categorizations, including process-based (continuous and batch processes), discrete-based, or a combination of both. The cybersecurity profile is valuable for manufacturers who are interested in:
• Improving their cybersecurity posture and resiliency against cybersecurity threats
• Utilizing a standard approach for preparing a mature and evolving cybersecurity plan
All profiles will be used to assess and review the most critical areas of cybersecurity including identification, protection, detection, response, and recovery. A total of 98 security objectives can be defined at a low, moderate, or high rating. The composite ratings identify a target profile for manufacturers.
With this information, manufacturers can compare a target profile to their current cybersecurity framework manufacturing profile to determine gaps in their minimum level of compliance. In this way, manufacturers can use their target profile to realistically and actionably manage their cybersecurity risk through control implementation. Manufacturers can also continuously improve on the cybersecurity controls that are in place by conducting this comparison annually.