Final NIST Internal Report (NIST IR) 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure



This Profile is designed to be part of an enterprise risk management program to aid organizations in managing threats to systems, networks, and assets within the Electric Vehicle Extreme Fast Charging Infrastructure (EV/XFC) ecosystem (it is not intended to serve as a solution or compliance checklist).

The Profile is an application of the Framework Categories and Subcategories in the context of the EV/XFC cybersecurity ecosystem, as provided by the Department of Energy and Electric Power Research Institute. It is a non-regulatory, voluntary profile intended to supplement—not replace—an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.

The Profile also provides ecosystem-relevant parties with a means to assess and communicate their cybersecurity posture in a manner consistent with the Framework. It also offers users with an industry level risk-based approach for managing cybersecurity activities and facilitates cross-collaboration between industry parties, vendors, and end users.

Use of the Profile will help organizations:

  • Identify key assets and interfaces in each of the ecosystem domains.
  • Address cybersecurity risk in the management and use of EV/XFC services.
  • Identify the threats, vulnerabilities, and associated risks to EV/XFC services, equipment, and data.
  • Apply protection mechanisms to reduce risk to manageable levels.
  • Detect disruptions and manipulation of EV/XFC services.
  • Respond to and recover from EV/XFC service anomalies in a timely, effective, and resilient manner.

What changed from the draft to final Profile?

We received over 220 public comments on the draft Profile. Based on the input received, a few major changes from the draft to final Profile include:

  • Added additional informative references for applicable subcategories, including: NIST Special Publication (SP) 800-207 Zero Trust Architecture, International Organization for Standardization (ISO) ISO/SAE 21434, and International Organization for Standardization (ISO) 24089.
  • Added acknowledgements for individual contributors from the COI and public comment period.
  • Updated content in the subcategories to better articulate relevancy to specific domains within the EV/XFC ecosystem.
  • Updated front matter language to represent the rapid growth of EV vehicles globally.