1
Manufacturing Overlay
1. Overview
This overlay was developed in partnership with the Defense Industrial Base (DIB) Cybersecurity (CS)
Program, to develop a manufacturing overlay for control systems that is intended to complement (and
further refine) their existing security control baselines. The Manufacturing Overlay Focus Group (FG),
the driving body of this document, leveraged subject matter experts from across DoD, the Risk
Management Framework (RMF) Technical Advisory Group (TAG), and industry partners from the DIB
CS Program. As part of this effort, Manufacturing Overlay FG members provided expert domain
knowledge on securing manufacturing systems and helped shape key concepts captured in supplemental
control language. This resulted in guidance that complements and refines existing security control
baselines and addresses security control specifications required to properly secure manufacturing systems.
The purpose of developing this document was to address security needs in DIB manufacturing systems
and create a security control Overlay that produces tailored cybersecurity guidance. Overall, this
produced a manufacturing systems security control Overlay that provides a standardized approach to
securely implementing tailored security controls for manufacturing systems within the DIB that
complements the security control baselines established in the Department of Defense Control Systems
Security Requirements Guide (SRG).
This overlay applies to manufacturing systems at a Low-Low-Moderate impact value for Confidentiality,
Integrity and Availability. Refer to the Risk Management Framework (RMF) Knowledge Service (KS) for
additional information regarding the development, background, tailoring, and applicability of the
Manufacturing Overlay.
RMF KS: https://rmfks.osd.mil/rmf/Pages/default.aspx
.
2. Scope and Applicability
This Manufacturing Overlay applies to systems, including control systems of any type, IoT devices,
sensors and technologies supporting DoD manufacturing processes. Manufacturing processes may include
(list is not exhaustive):
• Additive Manufacturing
• Batch Manufacturing
• Continuous Manufacturing
• Electronic and mechanical parts assembly
• Discrete-based Manufacturing
The objective of the FG is to produce an overlay tailored to the distinct security requirements of
manufacturing systems and processes while remaining useful to as many types of manufacturing systems
as possible. While manufacturing systems exist in a multitude of environments with varying levels of
sensitivity, this overlay is intended to provide information system owners and authorizing officials with
preliminary security controls for DoD control systems supporting manufacturing processes. Each DoD
organization retains the autonomy to determine its own risk tolerance for manufacturing systems using the
CLEARED
For Open Publication
Department of Defense
OFFICE OF PREPUBLICATION AND SECURITY REVIEW
