NISTIR 8183 Cybersecurity Framework Manufacturing Profile Keith Stouffer Timothy Zimmerman CheeYee Tang Joshua Lubell Jeffrey Cichonski John McCarthy This publication is available free of charge from: https://doi.org/10.6028/NIST.IR. 8183 NISTIR 8183 Cybersecurity Framework Manufacturing Profile Keith Stouffer Timothy Zimmerman CheeYee Tang Intelligent Systems Division Engineering Laboratory Joshua Lubell Systems Integration Division Engineering Laboratory Jeffrey Cichonski Applied Cybersecurity Division Information Technology Laboratory John McCarthy Dakota Consulting, Inc. Silver Spring, Maryland This publication is available free of charge from: https://doi.org/10.6028/NIST.IR. 8183 September 2017 INCLUDES UPDATES AS OF 05-20-2019; SEE PAGE v U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan , NIST Director and Under Secretary of Commerce for Standards and Technology NISTIR 8183 CYBERSECURITY FRAMEWORK MANUFACTURING PROFILE i This publication is available free of charge from: http s://doi.org/10.6028/ NIST.IR.8183 National Institute of Standards and Technology Internal Report 8183 57 pages (September 2017 ) This publication is available free of charge from: https://doi.org/10.6028/ NIST.IR.8183 Comments on this publication may be submitted to: National Institute of Standards and Technology Attn: Applied Cybersecurity Division, Information Technology Laboratory 100 Bureau Drive (Mail Stop 2000) Gaithersburg, MD 20899 -2000 Electronic Mail: CSF_Manufacturing_Profile@nist.gov All comments are subject to release under the Freedom of Information Act (FOIA). Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it inte nded to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory re sponsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guideline s, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST. Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. All NIST Computer Security Division publications , other than the ones noted above, are available at http://csrc.nist.gov/publications . NISTIR 8183 CYBERSECURITY FRAMEWORK MANUFACTURING PROFILE ii This publication is available free of charge from: http s://doi.org/10.6028/ NIST.IR.8183 Abstract This document pr ovides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The “Manufacturing Profile” of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices. This Manufacturing Profile provides a volunta ry, risk -based approach for managing cybersecurity activities and reducing cyber risk to manufacturing systems. The Manufacturing Profile is meant to enhance but not replace current cybersecurity standards and industry guidelines that the manufacturer is e mbracing. Keywords Computer security; Cybersecurity Framework (CSF); distribu