NISTIR 8183A Volume 3 Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide : Volume 3 – Discrete -based Manufacturing System Use Case Keith Stouffer Timothy Zimmerman CheeYee Tang Jeffrey Cichonski Michael Pease Neeraj Shah Wesley Downard This publication is available free of charge from: https://doi.org/10.6028/ NIST.IR.8183A -3 NISTIR 8183A Volume 3 Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide : Volume 3 — Discrete -based Manufacturing System Use Case Keith Stouffer Neeraj Shah Timothy Zimmerman Strativia, LLC CheeYee Tang Largo, Maryland Michael Pease Intelligent Systems Division Engineering Laboratory Jeffrey Cichonski Wesley Downard Applied Cybersecurity Division G2, Inc. Information Technology Laboratory Annapolis Junction, Maryland This publication is available free of charge from: https://doi.org/10.6028/ NIST.IR.8183A -3 September 2019 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan , NIST Director and Under Secretary of Commerce for Standards and Technology National Institute of Standards and Technology Internal Report 8183A, Volume 3 296 pages (September 2019 ) This publication is available free of charge from: https://doi.org/10.6028/ NIST.IR.8183A -3 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it inte nded to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory re sponsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guideline s, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST. Organizations are encouraged to review all draft publications duri ng public comment periods and provide feedback to NIST. Many NIST cybersecurity publications , ot her than the ones noted above, are available at https://csr c.nist.gov/publications . Comments on this publication may be submitted to: National Institute of Standards and Technology Attn: Applied Cybersecurity Division, Information Technology Laboratory 100 Bureau Drive (Mail Stop 2000) Gaithersburg, MD 20899 -2000 Email: CSF_Manufacturing_Profile _Implementation @nist.gov All comments are subject to release under the Freedom of Information Act (FOIA). NISTIR 8183A VOL. 3 CSF MFG PROFILE LOW IMPACT LEVEL EXAMPLE IG DISCRETE -BASED MFG SYSTEM USE CASE ii This publication is available free of charge from: http s://doi.org/10.6028/ NIST.IR.8183A -3 Abstract This guide provides example proof -of-concept solutions demonstrating how available open - source and commercial off -the-shelf (COTS) products could be implemented in discrete -based manufacturing environments to satisfy the requirements in the Cybersecurity F ramework (CSF) Manufacturing Profile Low Impact Level. The example proof -of-concept solutions include measured network, device, and operational performance impacts observed during the implementation. Manufacturers should make their own determinations about the breadth of the proof -of-concept solutions they voluntarily implement. Some important factors to consider include: company size, cybersecurit