For years, plant managers and operations teams have been applying ISA/IEC 62443 principles, segmenting networks, and hardening systems against cyber-physical risk. Thankfully, NIST’s just-released Cybersecurity Framework (CSF) 2.0 Manufacturing Profile doesn’t ask you to start over. Instead, it asks you to connect the hard work you’re already doing to business governance, accountability, and resilience.
Simply put, the new Manufacturing Profile (still in draft form and open for feedback until November 17, 2025) offers a chance to prove that cybersecurity supports uptime, safety, and quality – not the other way around.
The Manufacturing Profile is NIST’s most operationally grounded guidance yet. It recognizes what OT practitioners have known all along – that most industrial environments rely on legacy assets, vendor connections, and 24/7 production pressures that don’t allow for downtime.
What’s new is how NIST connects these realities to governance and risk management. The framework explicitly states that cybersecurity is no longer just an IT responsibility, but a business discipline that impacts resilience and uptime as much as safety or quality.
For OT leaders, this translates to one clear takeaway: cyber risk is now an operations metric, right alongside downtime and safety performance.
Perhaps the best news of all? You don’t need a task force and a million-dollar budget to get started aligning with the new profile. You just need to begin tackling the controls that actually reduce operational risks.
Here’s what that could look like in practice:
Form a small cross-functional team that meets monthly. Include operations, IT, maintenance, and EHS. No committees, no endless paper trails. Just one, straightforward agenda: “What’s changed in our control environment, and who owns the risk?”
Quick win: Assign one accountable person for OT system changes. Give them authority to stop unsafe or insecure modifications before they happen.
Start with what matters most:
Which lines or systems connect to IT or vendors?
Who can reach them and how (VPNs, jump servers, shared accounts, etc.)?
Reality check: According to 2024 research from Ponemon Institute and Cyolo, only 27% of organizations maintain an up-to-date inventory of OT assets. Conducting asset discovery and implementing controls over access and connectivity can and should be done in parallel.
Quick win: Identify 10 vulnerable external access points and begin enforcing MFA or credential vaulting immediately.
Too many plants rush to deploy monitoring tools before securing privileged access. But until shared passwords and persistent admin rights are addressed, monitoring only tells you what you already know: too many people have too much access.
To gain a significant amount of control in the shortest amount of time, start by focusing on instances of privileged access:
Eliminate shared admin passwords.
Remove generic “maintenance” or “vendor” logins.
Record and log every third-party vendor session.
Limit access by time and task.
Enforcing least privilege access – meaning each user gets the lowest level of access permissions needed to do their job – is the single most cost-effective step most plants can take right now.
Quick win: For legacy PLCs that can’t use MFA, place them behind a firewall or proxy, and monitor every session crossing that boundary. Then, in the longer term, look for a remote access solution that accommodates legacy systems.
Don’t try to create a 24/7 OT SOC. Instead, integrate your OT monitoring into existing incident response workflows. If you don’t have existing workflows, you can use maintenance logs as a starting point.
Start small by adding a few industrial-protocol sensors or logs to your current monitoring tools. Then, run a Cyber PHA(Process Hazard Analysis) to test whether your incident procedures include both cyber and safety recovery steps.
Quick win: During your next safety committee meeting, simulate a cyber-related outage and document who makes what decisions.
Once you’ve tackled the quick wins, start measuring what’s changed. NIST’s new Govern function formalizes what many plants already do informally: tie security oversight to performance.
Track these simple metrics:
Percentage of remote accounts with MFA
Percentage of assets inventoried and assigned an owner
Percentage of incidents that reached both IT and operations review
ISA Global Cybersecurity Alliance guidance emphasizes the same approach – start with measurable governance, then scale toward technical maturity.
Manufacturing teams have been working for years to adopt security best practices and align with ISA/IEC 62443 and other guidance. NIST’s CSF 2.0 Manufacturing Profile simply provides a common language and governance structure to align technical controls with enterprise resilience goals.
By starting with ownership, visibility, and access, you’ll not only meet NIST expectations but will also strengthen operational reliability across your entire production environment.
Discover the strategic role of Secure Remote Access in manufacturing
Author
Jennifer Tullman-Botzer is a cybersecurity nerd by day and a history nerd by night. She has over a decade of experience in cybersecurity marketing and is as tired as you are of hackers-in-hoodies stock images. Jennifer joined Cyolo in 2021 and currently serves as Head of Content. Prior to Cyolo, she worked in a variety of marketing roles at IBM Security. She lives in Tel Aviv, Israel.