Draft CSF Profile for EV XFC Infrastructure!

There’s Still Time to Comment on the Draft NIST IR 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

The National Cybersecurity Center of Excellence (NCCoE) has released for public comment the initial public draft of NIST Internal Report (NIST IR) 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging InfrastructureThe comment period is open through August 28, 2023.

About the Report

This Cybersecurity Framework Profile (Profile) has been developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast Charging (XFC); (iii) XFC Cloud or Third-Party Operations; (iv) and Utility and Building Networks. The document provides a foundation that relevant parties may use to develop profiles specific to their organization to assess their cybersecurity posture as a part of their risk management process. This non-regulatory, voluntary profile is intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.

Purpose

The EV/XFC Cybersecurity Framework Profile is designed to be part of an enterprise risk management program to aid organizations in managing threats to systems, networks, and assets within the EV/XFC ecosystem. The EV/XFC Cybersecurity Framework Profile is not intended to serve as a solution or compliance checklist. Users of this profile will understand that its application cannot eliminate the likelihood of disruption or guarantee some level of assurance.

Use of the Profile will help organizations:

  • Identify key assets and interfaces in each of the ecosystem domains.
  • Address cybersecurity risk in the management and use of EV/XFC services.
  • Identify the threats, vulnerabilities, and associated risks to EV/XFC services, equipment, and data.
  • Apply protection mechanisms to reduce risk to manageable levels.
  • Detect disruptions and manipulation of EV/XFC services.
  • Respond to and recover from EV/XFC service anomalies in a timely, effective, and resilient manner.

Submit Comments

The public comment period closes at 11:59 p.m. EDT on Monday, August 28, 2023. Please email all draft comments to evxfc-nccoe@nist.gov. We encourage you to submit all feedback using the comment template found on our project page.

Join the Community of Interest

If you have expertise in EV/XFC and/or cybersecurity, consider joining the Community of Interest (COI) to receive the latest project news and announcements. Email the team at evxfc-nccoe@nist.gov declaring your interest or complete the sign-up form on our project page.

Learn More