Draft CSF Profile for Electric Vehicle Extreme Fast Charging Infrastructure

National Institute of Standards and Technology (NIST) sent this bulletin at 07/14/2023 10:29 AM EDT
NIST

View As Web Page
Header

National Cybersecurity Center of Excellence
EV Charge

Photo credit: Shutterstock.

Now Available for Public Comment — Draft NIST IR 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

The National Cybersecurity Center of Excellence (NCCoE) today released for public comment the initial public draft of NIST Internal Report (NIST IR) 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging InfrastructureThe comment period is open through August 28, 2023.

About the Report

This Cybersecurity Framework Profile (Profile) has been developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast Charging (XFC); (iii) XFC Cloud or Third-Party Operations; (iv) and Utility and Building Networks. The document provides a foundation that relevant parties may use to develop profiles specific to their organization to assess their cybersecurity posture as a part of their risk management process. This non-regulatory, voluntary profile is intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.

Purpose

The EV/XFC Cybersecurity Framework Profile is designed to be part of an enterprise risk management program to aid organizations in managing threats to systems, networks, and assets within the EV/XFC ecosystem. The EV/XFC Cybersecurity Framework Profile is not intended to serve as a solution or compliance checklist. Users of this profile will understand that its application cannot eliminate the likelihood of disruption or guarantee some level of assurance.

Use of the Profile will help organizations:

  • Identify key assets and interfaces in each of the ecosystem domains.
  • Address cybersecurity risk in the management and use of EV/XFC services.
  • Identify the threats, vulnerabilities, and associated risks to EV/XFC services, equipment, and data.
  • Apply protection mechanisms to reduce risk to manageable levels.
  • Detect disruptions and manipulation of EV/XFC services.
  • Respond to and recover from EV/XFC service anomalies in a timely, effective, and resilient manner.

Submit Comments

The public comment period closes at 11:59 p.m. EDT on Monday, August 28, 2023. Please email all draft comments to evxfc-nccoe@nist.gov. We encourage you to submit all feedback using the comment template found on our project page.

Join the Community of Interest

If you have expertise in EV/XFC and/or cybersecurity, consider joining the Community of Interest (COI) to receive the latest project news and announcements. Email the team at evxfc-nccoe@nist.gov declaring your interest or complete the sign-up form on our project page.

Learn More

 

 

What is a Cybersecurity Framework (CSF) Profile?

A Cybersecurity Framework (CSF) Profile represents the outcomes based on business needs that an organization has selected from the NIST CSF Categories and Subcategories. Profiles serve as a useful starting point for identifying cybersecurity activities and outcomes that may be important to the selected group. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a “Current” Profile (the “as is” state) with a “Target” Profile (the “to be” state). They also offer an organization a consistent way to discuss cybersecurity objectives across organizational roles—from senior leadership to technical implementors—using common terminology. Individuals can use the Profile to prioritize the allocation of resources to cybersecurity improvements or to areas of particular concern.

If you have any questions, please email the team at evxfc-nccoe@nist.gov.

Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe a concept adequately. Such identification is not intended to imply special status or relationship with NIST or DOE or recommendation or endorsement by DOE, NIST, or NCCoE.

NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: evxfc-nccoe@nist.gov
NCCoE Website questions: nccoe@nist.gov