{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,6]],"date-time":"2025-11-06T12:28:40Z","timestamp":1762432120826,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,15]],"date-time":"2021-11-15T00:00:00Z","timestamp":1636934400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,19]]},"DOI":"10.1145\/3462223.3485624","type":"proceedings-article","created":{"date-parts":[[2021,10,28]],"date-time":"2021-10-28T16:15:37Z","timestamp":1635437737000},"page":"49-60","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Cybersecurity Requirements for AM Systems"],"prefix":"10.1145","author":[{"given":"Mark J.","family":"Cotteleer","sequence":"first","affiliation":[{"name":"Deloitte Consulting LLP, Milwaukee, WI, USA"}]},{"given":"Simon S.","family":"Goldenberg","sequence":"additional","affiliation":[{"name":"Deloitte &amp; Touche LLP, Arlington, VA, USA"}]},{"given":"Ian","family":"Wing","sequence":"additional","affiliation":[{"name":"Deloitte Consulting LLP, Arlington, VA, USA"}]},{"given":"Oyindamola","family":"Alliyu","sequence":"additional","affiliation":[{"name":"Deloitte Consulting LLP, Arlington, VA, USA"}]},{"given":"Stephen","family":"Kania","sequence":"additional","affiliation":[{"name":"Deloitte Consulting LLP, Arlington, VA, USA"}]},{"given":"Veda","family":"Mujumdar","sequence":"additional","affiliation":[{"name":"Deloitte &amp; Touche LLP, Arlington, VA, USA"}]},{"given":"Brenna","family":"Sniderman","sequence":"additional","affiliation":[{"name":"Deloitte Services LP, Philadelphia, PA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,15]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"Department of Defense Office of Inspector General. 2021. Audit of the Cybersecurity of Department of Defense Additive Manufacturing Systems (DODIG-2021-098). https:\/\/www.dodig.mil\/reports.html\/article\/2683843\/audit-of-the-cybersecurity-of-department-of-defense-additive-manufacturing-syst\/ Full report at: https:\/\/media.defense.gov\/2021\/Jul\/07\/2002757308\/-1\/-1\/1\/DODIG-2021-098.PDF  Department of Defense Office of Inspector General. 2021. Audit of the Cybersecurity of Department of Defense Additive Manufacturing Systems (DODIG-2021-098). https:\/\/www.dodig.mil\/reports.html\/article\/2683843\/audit-of-the-cybersecurity-of-department-of-defense-additive-manufacturing-syst\/ Full report at: https:\/\/media.defense.gov\/2021\/Jul\/07\/2002757308\/-1\/-1\/1\/DODIG-2021-098.PDF"},{"key":"e_1_3_2_2_2_1","unstructured":"NIST Information Technology Laboratory Computer Security Resource Center. 2021. About the Risk Management Framework (RMF): A Comprehensive Flexible Risk-Based Approach https:\/\/csrc.nist.gov\/projects\/risk-management\/about-rmf  NIST Information Technology Laboratory Computer Security Resource Center. 2021. About the Risk Management Framework (RMF): A Comprehensive Flexible Risk-Based Approach https:\/\/csrc.nist.gov\/projects\/risk-management\/about-rmf"},{"key":"e_1_3_2_2_3_1","volume-title":"The state of IT security in Germany","author":"Information Security Federal Office","year":"2014","unstructured":"Federal Office for Information Security . 2014. The state of IT security in Germany 2014 , https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/Securitysituation\/IT-Security-Situation-in-Germany-2014.pdf?__blob=publicationFile&v=1, p. 31 Federal Office for Information Security. 2014. The state of IT security in Germany 2014, https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/Securitysituation\/IT-Security-Situation-in-Germany-2014.pdf?__blob=publicationFile&v=1, p. 31"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2851584"},{"key":"e_1_3_2_2_5_1","unstructured":"NIST Information Technology Laboratory National Vulnerability Database. 2021. https:\/\/nvd.nist.gov\/  NIST Information Technology Laboratory National Vulnerability Database. 2021. https:\/\/nvd.nist.gov\/"},{"key":"e_1_3_2_2_6_1","unstructured":"Zhanna Smith Eugenia Lostri James Lewis. 2020. The Hidden Costs of Cybercrime. https:\/\/www.csis.org\/analysis\/hidden-costs-cybercrime  Zhanna Smith Eugenia Lostri James Lewis. 2020. The Hidden Costs of Cybercrime. https:\/\/www.csis.org\/analysis\/hidden-costs-cybercrime"},{"key":"e_1_3_2_2_7_1","unstructured":"Jack Evans. 2021. \"Someone tried to poison Oldsmar's water supply during hack sheriff says\". https:\/\/www.tampabay.com\/news\/pinellas\/2021\/02\/08\/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says\/  Jack Evans. 2021. \"Someone tried to poison Oldsmar's water supply during hack sheriff says\". https:\/\/www.tampabay.com\/news\/pinellas\/2021\/02\/08\/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says\/"},{"key":"e_1_3_2_2_8_1","volume-title":"Geneva Sands and Josh Campbell","author":"Bertrand Natasha","year":"2021","unstructured":"Natasha Bertrand , Evan Perez , Zachary Cohen , Geneva Sands and Josh Campbell . 2021 . \"Colonial Pipeline did pay ransom to hackers, sources now say\". https:\/\/edition.cnn.com\/2021\/05\/12\/politics\/colonial-pipeline-ransomware-payment\/index.html Natasha Bertrand, Evan Perez, Zachary Cohen, Geneva Sands and Josh Campbell. 2021. \"Colonial Pipeline did pay ransom to hackers, sources now say\". https:\/\/edition.cnn.com\/2021\/05\/12\/politics\/colonial-pipeline-ransomware-payment\/index.html"},{"key":"e_1_3_2_2_9_1","unstructured":"Simon Goldenberg John Brown Jeff Haid and John Ezzard. 2016. 3D opportunity and cyber risk management: Additive manufacturing secures the thread. https:\/\/www2.deloitte.com\/us\/en\/insights\/focus\/3d-opportunity\/3d-printing-cyber-risk-management.html  Simon Goldenberg John Brown Jeff Haid and John Ezzard. 2016. 3D opportunity and cyber risk management: Additive manufacturing secures the thread. https:\/\/www2.deloitte.com\/us\/en\/insights\/focus\/3d-opportunity\/3d-printing-cyber-risk-management.html"},{"key":"e_1_3_2_2_10_1","volume-title":"Dobner","author":"Cotteleer Mark J.","year":"2016","unstructured":"Mark J. Cotteleer , Stuart Tronton , Ed Dobner . 2016 . 3D opportunity and the digital thread: Additive manufacturing ties it all together. https:\/\/www2.deloitte.com\/content\/dam\/insights\/us\/articles\/3d-printing-digital-thread-in-manufacturing\/ER_3060-3D-opp-_Digital-Thread_MASTER-1.pdf Mark J. Cotteleer, Stuart Tronton, Ed Dobner. 2016. 3D opportunity and the digital thread: Additive manufacturing ties it all together. https:\/\/www2.deloitte.com\/content\/dam\/insights\/us\/articles\/3d-printing-digital-thread-in-manufacturing\/ER_3060-3D-opp-_Digital-Thread_MASTER-1.pdf"},{"key":"e_1_3_2_2_11_1","unstructured":"Deb Golden Kelly Marchese. 2017. The Additive Cyber Risk of Additive Manufacturing: Six Steps Towards Greater Security in the Supply Chain. Webinar for Industry Week magazine  Deb Golden Kelly Marchese. 2017. The Additive Cyber Risk of Additive Manufacturing: Six Steps Towards Greater Security in the Supply Chain. Webinar for Industry Week magazine"},{"key":"e_1_3_2_2_12_1","unstructured":"Joint Defense Manufacturing Council. 2021. Department of Defense Additive Manufacturing Strategy. https:\/\/www.cto.mil\/wp-content\/uploads\/2021\/01\/dod-additive-manufacturing-strategy.pdf  Joint Defense Manufacturing Council. 2021. Department of Defense Additive Manufacturing Strategy. https:\/\/www.cto.mil\/wp-content\/uploads\/2021\/01\/dod-additive-manufacturing-strategy.pdf"},{"key":"e_1_3_2_2_13_1","unstructured":"Joint Task Force Transformation Initiative. 2013. NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-53\/rev-4\/final  Joint Task Force Transformation Initiative. 2013. NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-53\/rev-4\/final"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"crossref","unstructured":"Keith Stouffer Timothy Zimmerman CheeYee Tang Joshua Lubell Jeffrey Cichonski Michael Pease John McCarthy. 2020. NIST Internal Report NISTIR 8183 Revision 1: Cybersecurity Framework Version 1.1 Manufacturing Profile. https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2020\/NIST.IR.8183r1.pdf  Keith Stouffer Timothy Zimmerman CheeYee Tang Joshua Lubell Jeffrey Cichonski Michael Pease John McCarthy. 2020. NIST Internal Report NISTIR 8183 Revision 1: Cybersecurity Framework Version 1.1 Manufacturing Profile. https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2020\/NIST.IR.8183r1.pdf","DOI":"10.6028\/NIST.IR.8183r1"},{"key":"e_1_3_2_2_15_1","unstructured":"Joint Task Force. 2018. NIST Special Publication 800-37 Revision 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-37\/rev-2\/final  Joint Task Force. 2018. NIST Special Publication 800-37 Revision 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-37\/rev-2\/final"},{"key":"e_1_3_2_2_16_1","first-page":"113","author":"Security Modernization Federal Information","year":"2014","unstructured":"Federal Information Security Modernization Act of 2014 , Pub. L. 113 -- 283 Federal Information Security Modernization Act of 2014, Pub. L. 113--283","journal-title":"Pub."},{"key":"e_1_3_2_2_17_1","unstructured":"NIST Information Technology Laboratory Computer Security Resource Center. 2006. FIPS 200: Minimum Security Requirements for Federal Information and Information Systems. https:\/\/csrc.nist.gov\/publications\/detail\/fips\/200\/final  NIST Information Technology Laboratory Computer Security Resource Center. 2006. FIPS 200: Minimum Security Requirements for Federal Information and Information Systems. https:\/\/csrc.nist.gov\/publications\/detail\/fips\/200\/final"},{"key":"e_1_3_2_2_18_1","unstructured":"Committee on National Security Systems. 2014. CNNS Instruction (CNSSI) No. 1253 Security Categorization and Control Selection for National Security Systems. https:\/\/www.cnss.gov\/cnss\/issuances\/Instructions.cfm and search for 1253  Committee on National Security Systems. 2014. CNNS Instruction (CNSSI) No. 1253 Security Categorization and Control Selection for National Security Systems. https:\/\/www.cnss.gov\/cnss\/issuances\/Instructions.cfm and search for 1253"},{"key":"e_1_3_2_2_19_1","unstructured":"Department of Defense. 2019. DoD Instruction 8500.01: Cybersecurity. https:\/\/www.esd.whs.mil\/Portals\/54\/Documents\/DD\/issuances\/dodi\/850001_2014.pdf  Department of Defense. 2019. DoD Instruction 8500.01: Cybersecurity. https:\/\/www.esd.whs.mil\/Portals\/54\/Documents\/DD\/issuances\/dodi\/850001_2014.pdf"},{"key":"e_1_3_2_2_20_1","unstructured":"Department of Defense. 2020. DoD Instruction 8510.01: Risk Management Framework (RMF) for DoD Information Technology (IT). https:\/\/www.esd.whs.mil\/Portals\/54\/Documents\/DD\/issuances\/dodi\/851001p.pdf?ver=qEE2HGN_HE4Blu7161t1TQ%3d%3d  Department of Defense. 2020. DoD Instruction 8510.01: Risk Management Framework (RMF) for DoD Information Technology (IT). https:\/\/www.esd.whs.mil\/Portals\/54\/Documents\/DD\/issuances\/dodi\/851001p.pdf?ver=qEE2HGN_HE4Blu7161t1TQ%3d%3d"},{"key":"e_1_3_2_2_21_1","unstructured":"Committee on National Security Systems. 2015. CNSS Instruction (CNSSI) No. 4009: National Information Assurance Glossary. https:\/\/www.cnss.gov\/cnss\/issuances\/Instructions.cfm and search for 4009  Committee on National Security Systems. 2015. CNSS Instruction (CNSSI) No. 4009: National Information Assurance Glossary. https:\/\/www.cnss.gov\/cnss\/issuances\/Instructions.cfm and search for 4009"},{"key":"e_1_3_2_2_22_1","unstructured":"44\n    USC \u00a7 3542f  44 USC \u00a7 3542f"},{"key":"e_1_3_2_2_23_1","unstructured":"Deloitte. 2020. RMF Overview and Roles & Responsibilities. Internal presentation.  Deloitte. 2020. RMF Overview and Roles & Responsibilities. Internal presentation."},{"key":"e_1_3_2_2_24_1","volume-title":"Information Technology Laboratory","author":"NIST Computer Security Division","year":"2004","unstructured":"NIST Computer Security Division , Information Technology Laboratory . 2004 . Federal Information Processing Standards Publication (FIPS PUB) 199: Standards for Security Categorization of Federal Information and Information Systems . https:\/\/nvlpubs.nist.gov\/nistpubs\/fips\/nist.fips.199.pdf NIST Computer Security Division, Information Technology Laboratory. 2004. Federal Information Processing Standards Publication (FIPS PUB) 199: Standards for Security Categorization of Federal Information and Information Systems. https:\/\/nvlpubs.nist.gov\/nistpubs\/fips\/nist.fips.199.pdf"},{"volume-title":"NIST SP 800-60","author":"Stine Kevin","key":"e_1_3_2_2_25_1","unstructured":"Kevin Stine , Rich Kissel , William C. Barker , Jim Fahlsing , and Jessica Gulick . 2008. NIST SP 800-60 Vol. I (Rev. 1): Guide for Mapping Types of Information and Information Systems to Security Categories . https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-60v1r1.pdf Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing, and Jessica Gulick. 2008. NIST SP 800-60 Vol. I (Rev. 1): Guide for Mapping Types of Information and Information Systems to Security Categories. https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-60v1r1.pdf"},{"key":"e_1_3_2_2_26_1","volume-title":"Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, Kevin Stine.","author":"Dempsey Kelley","year":"2011","unstructured":"Kelley Dempsey , Nirali Shah Chawla , Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, Kevin Stine. 2011 . NIST Special Publication 800-137: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations . https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-137.pdf Kelley Dempsey, Nirali Shah Chawla, Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, Kevin Stine. 2011. NIST Special Publication 800-137: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-137.pdf"},{"key":"e_1_3_2_2_27_1","unstructured":"FedRAMP. 2021. Security Cloud Services for the Federal Government. https:\/\/www.fedramp.gov\/  FedRAMP. 2021. Security Cloud Services for the Federal Government. https:\/\/www.fedramp.gov\/"},{"key":"e_1_3_2_2_28_1","unstructured":"FedRAMP. 2021. Documents and Templates. https:\/\/www.fedramp.gov\/documents-templates\/  FedRAMP. 2021. Documents and Templates. https:\/\/www.fedramp.gov\/documents-templates\/"},{"key":"e_1_3_2_2_29_1","unstructured":"The Privacy Act of 1974 as amended 5 USC \u00a7 552a  The Privacy Act of 1974 as amended 5 USC \u00a7 552a"},{"key":"e_1_3_2_2_30_1","unstructured":"Health Insurance Portability and Accountability Act Pub. L. No. 104--191  Health Insurance Portability and Accountability Act Pub. L. No. 104--191"},{"key":"e_1_3_2_2_31_1","unstructured":"NIST Information Technology Laboratory Computer Security Resource Center. 2020. SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations. https:\/\/csrc.nist.gov\/News\/2020\/sp-800-53-revision-5-published  NIST Information Technology Laboratory Computer Security Resource Center. 2020. SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations. https:\/\/csrc.nist.gov\/News\/2020\/sp-800-53-revision-5-published"},{"key":"e_1_3_2_2_32_1","unstructured":"Jon Boyens Celia Paulsen Rama Moorthy Nadya Bartol. 2015. SP 800--161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-161\/final  Jon Boyens Celia Paulsen Rama Moorthy Nadya Bartol. 2015. SP 800--161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-161\/final"},{"key":"e_1_3_2_2_33_1","unstructured":"NIST Information Technology Laboratory Computer Security Resource Center. 2021. SP 800-161 Rev. 1 (Draft): Cyber Supply Chain Risk Management Practices for Systems and Organizations. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-161\/rev-1\/draft  NIST Information Technology Laboratory Computer Security Resource Center. 2021. SP 800-161 Rev. 1 (Draft): Cyber Supply Chain Risk Management Practices for Systems and Organizations. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-161\/rev-1\/draft"},{"key":"e_1_3_2_2_34_1","unstructured":"DISA. 2021. DoD Cyber Exchange public web site https:\/\/public.cyber.mil\/  DISA. 2021. DoD Cyber Exchange public web site https:\/\/public.cyber.mil\/"},{"key":"e_1_3_2_2_35_1","unstructured":"DISA. 2021. Security Technical Implementation Guides (STIGs). https:\/\/public.cyber.mil\/stigs\/  DISA. 2021. Security Technical Implementation Guides (STIGs). https:\/\/public.cyber.mil\/stigs\/"},{"key":"e_1_3_2_2_36_1","volume-title":"Popular Standards: ISO\/IEC 27001 Information Security Management. https:\/\/www.iso.org\/isoiec-27001-information-security.html","author":"ISO.","year":"2021","unstructured":"ISO. 2021 . Popular Standards: ISO\/IEC 27001 Information Security Management. https:\/\/www.iso.org\/isoiec-27001-information-security.html ISO. 2021. Popular Standards: ISO\/IEC 27001 Information Security Management. https:\/\/www.iso.org\/isoiec-27001-information-security.html"},{"key":"e_1_3_2_2_37_1","unstructured":"NIST. 2021. Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). https:\/\/www.nist.gov\/cyberframework  NIST. 2021. Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). https:\/\/www.nist.gov\/cyberframework"},{"key":"e_1_3_2_2_38_1","unstructured":"Office of the Under Secretary of Defense for Acquisition & Sustainment. 2021. Cybersecurity Maturity Model Certification. https:\/\/www.acq.osd.mil\/cmmc\/  Office of the Under Secretary of Defense for Acquisition & Sustainment. 2021. Cybersecurity Maturity Model Certification. https:\/\/www.acq.osd.mil\/cmmc\/"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Republic of Korea","acronym":"CCS '21"},"container-title":["Proceedings of the 2021 Workshop on Additive Manufacturing (3D Printing) Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3462223.3485624","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3462223.3485624","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:54Z","timestamp":1750193334000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3462223.3485624"}},"subtitle":["New Enforcement in DoD Environments, and Resources for Implementation"],"short-title":[],"issued":{"date-parts":[[2021,11,15]]},"references-count":38,"alternative-id":["10.1145\/3462223.3485624","10.1145\/3462223"],"URL":"https:\/\/doi.org\/10.1145\/3462223.3485624","relation":{},"subject":[],"published":{"date-parts":[[2021,11,15]]},"assertion":[{"value":"2021-11-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}