Hi All,
Final NIST IR 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure
The NIST NCCoE has published the final version of NIST Internal Report (NIST IR) 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure.
Overview
This Profile is designed to be part of an enterprise risk management program to aid organizations in managing threats to systems, networks, and assets within the Electric Vehicle Extreme Fast Charging Infrastructure (EV/XFC) ecosystem (it is not intended to serve as a solution or compliance checklist).
The Profile is an application of the NIST Cybersecurity Framework Categories and Subcategories in the context of the EV/XFC cybersecurity ecosystem as provided by the Department of Energy's (DOE) Office of Cybersecurity, Energy Security, and Emergency Response and Office of Energy Efficiency and Renewable Energy and Electric Power Research Institute. It is a non-regulatory, voluntary profile intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.
The Profile also provides ecosystem relevant parties with a means to assess and communicate their cybersecurity posture in a manner consistent with the Framework. It also offers users an industry-level risk-based approach for managing cybersecurity activities and facilitates cross-collaboration between industry parties, vendors, and end users.
Use of the Profile will help organizations:
• Identify key assets and interfaces in each of the ecosystem domains.
• Address cybersecurity risk in the management and use of EV/XFC services.
• Identify the threats, vulnerabilities, and associated risks to EV/XFC services, equipment, and data.
• Apply protection mechanisms to reduce risk to manageable levels.
• Detect disruptions and manipulation of EV/XFC services.
• Respond to and recover from EV/XFC service anomalies promptly, effectively, and resiliently.
What changed from the draft to the final Profile?
We received over 220 comments. Based on the input received, a few major changes from the draft to the final Profile include:
• Added additional informative references for applicable subcategories, including NIST Special Publication (SP) 800-207 Zero Trust Architecture, International Organization for Standardization (ISO) ISO/SAE 21434, and International Organization for Standardization (ISO) 24089.
• Added acknowledgements for individual contributors from the COI and public comment period.
• Updated content in the subcategories to better articulate relevancy to specific domains within the EV XFC ecosystem.
• Updated front matter language to represent the rapid growth of EV vehicles globally.
Questions? Email the team at [email protected].
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------