NCCoE Publishes Final NIST IR 8406, Cybersecurity Framework Profile for Liquefied Natural Gas


The National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST Interagency Report (NIST IR) 8406, Cybersecurity Framework Profile for Liquefied Natural Gas


This publication was developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. The LNG Cybersecurity Framework Profile can be used by entities who are part of the LNG industry to address and mitigate cybersecurity risks associated with LNG processes and systems.

This Profile:

  • Can help organizations identify opportunities for managing cybersecurity risks in the LNG lifecycle;
  • Provides a baseline of the Mission objectives for LNG operations that were identified and prioritized by LNG industry stakeholders;
  • Builds on the identified Mission objectives to develop a prioritized list of Cybersecurity Framework (CSF) Categories; and
  • Includes a table of prioritized CSF Subcategories based on identified CSF Categories. These prioritizations of Mission objectives, CSF Categories, and CSF Subcategories may serve as a useful starting point to identify cybersecurity activities and outcomes that may be important to members of the LNG industry. Additionally, prioritizations can be tailored to account for specific mission objectives or operational considerations. 

The LNG Cybersecurity Framework Profile is not intended to replace any existing cybersecurity guidance or policy, but rather to complement existing best practices by helping stakeholders prioritize the recommendations provided by LNG organizations. 

This publication was prepared for the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) as part of an inter-agency agreement with the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to research and develop tools and practices that will strengthen the cybersecurity of maritime transportation systems within the Nation’s energy sector, focusing on Liquefied Natural Gas (LNG). CESER and NIST developed this Profile through a collaborative process, driven by LNG industry stakeholders, which resulted in tailored guidance for the LNG industry to implement the NIST Cybersecurity Framework.

What is a Cybersecurity Framework Profile?

A Cybersecurity Framework Profile represents the outcomes based on business needs that an organization has selected from the NIST Cybersecurity Framework (CSF) Categories and Subcategories. Profiles offer a prioritization of NIST CSF Categories and Subcategories based on the mission and operational considerations common to a specific group, such as the LNG sector with the MTS. Profiles serve as a useful starting point for identifying cybersecurity activities and outcomes that may be important to the selected group. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a “Current” Profile (the “as is” state) with a “Target” Profile (the “to be” state). They also offer an organization a consistent way to discuss cybersecurity objectives across organizational roles—from senior leadership to technical implementors—using common terminology. Individuals within the organization can use the Profile to prioritize the allocation of resources to cybersecurity improvements or to areas of particular concern.

This document is one such Profile, an application of the CSF to LNG industry.

Visit the project page