3D printers currently do not meet the NIST Cybersecurity Risk Management Framework (RMF) requirements such as NIST SP 800-37, NIST SP 800-53, NIST SP 800-60, NIST SP 800-82, FIPS 199 and CNSSI-1253. The lack of secure printers being manufactured and provided to users, for the Department of Defense in particular, means they are unable to exploit the full potential of additive since they cannot connect to their enterprise networks.
MxD, in partnership with H2L Solutions and Markforged (under the direction of the DOD) worked together to execute Phase 1 of the multiphase CAMEO project, in which the project team evaluated a standalone Markforged 3D printer for compliance against the NIST RMF and ICS (Industrial Control Systems) requirements. The reports captured and delivered in Phase I will be used to educate the DOD and additive manufacturing (AM) users to bring AM systems into compliance as well as defining the proper roles and responsibilities of personnel, partner companies and customers to enhance the security of AM. Currently in Phase 2, the team is applying and assessing the security controls and requirements from Phase 1 onto the Markforged printer in a simulated environment. One of the major goals for Phase 2 is to provide a publicly available AM cybersecurity playbook for individuals to make their own accreditation package for AM machines.
This presentation highlights the outcomes from Phase 1 and provides some results within the implementation of the security controls in Phase 2 with the aim of educating the audience on lessons learned.
- Learn the project process for evaluating a 3D printer and the resources it requires.
- Take away an understanding of the project outcomes and documentation submitted to the DOD.