Use temporary, task-scoped access with explicit expiry, strong approval workflows, and detailed logging. Give vendors only the systems and sessions they need for the current job, then revoke access automatically when the task ends. That reduces exposure while preserving the collaboration manufacturing depends on.
Why This Matters for Security Teams
Manufacturers need third-party access to keep equipment serviced, lines running, and downtime low, but standing vendor access is one of the fastest ways to turn operational convenience into persistent exposure. The core issue is not vendor trust alone, but the fact that long-lived access outlives the task, the shift, and sometimes the contract. NHI Mgmt Group notes that 92% of organisations expose NHIs to third parties, which makes supplier access a supply-chain problem, not just an IAM problem. That risk is reflected in breach patterns documented in the 52 NHI Breaches Analysis and the Ultimate Guide to NHIs.
Security teams often overcorrect by forcing blanket approvals, shared jump hosts, or permanent vendor accounts with vague scope. That slows operations and still leaves too much residual access. The better pattern is temporary, task-scoped access with explicit expiry, monitored sessions, and fast revocation. The OWASP Non-Human Identity Top 10 reinforces that identity sprawl and weak lifecycle control are recurring failure points, especially where external parties touch production systems. In practice, many security teams discover over-privileged vendor access only after maintenance windows have ended and the account is still active.
How It Works in Practice
Effective manufacturing controls separate access approval from access duration. A vendor should receive only the minimum permissions needed for the current work order, only on the specific asset or session involved, and only for a short, known period. That usually means just-in-time access, time-bound session brokering, and automatic revocation when the job closes. The important design choice is to make access contextual rather than permanent: who is requesting, which plant or machine is involved, what task is being performed, and whether the request matches an approved maintenance ticket.
In mature environments, the operational flow looks like this:
- Requests are tied to a ticket, change window, or service order.
- Approvers validate scope, timing, and business justification before access is issued.
- Access is granted through a privileged access gateway or session control layer rather than by sharing credentials.
- Secrets and tokens are short-lived, task-scoped, and automatically revoked at completion.
- Every action is logged with session metadata so operations and security can review what happened.
This aligns with guidance from the NIST Zero Trust Architecture, which favors continuous verification over static trust, and with the Ultimate Guide to NHIs — Standards, which frames lifecycle control and visibility as foundational controls. Manufacturers also benefit from vendor session recording and machine-level identity instead of shared credentials, because it preserves accountability without forcing every task through a manual escort process. These controls tend to break down in plants that rely on legacy OT systems with no native per-session authentication, because access has to be mediated around equipment that was never built for ephemeral identity.
Common Variations and Edge Cases
Tighter vendor control often increases operational overhead, requiring organisations to balance maintenance speed against verification, logging, and approval latency. That tradeoff is real in plants with 24/7 uptime, emergency repairs, and specialized OEM support. Best practice is evolving, but current guidance suggests that not every scenario needs the same level of friction. A pre-approved emergency path can be appropriate for critical outages, as long as it is time-boxed, heavily logged, and reviewed after the fact. Some teams also use tiered access, where low-risk diagnostics get faster approval than write access to PLCs, historians, or safety systems.
There is no universal standard for this yet, but the practical pattern is consistent: use the lightest control that still prevents lingering access and uncontrolled privilege escalation. That may include break-glass accounts for true emergencies, contractor-specific identities for recurring work, and separate controls for IT and OT environments. The Ultimate Guide to NHIs is useful here because it highlights how exposed third-party identities are when lifecycle discipline is weak. For manufacturers, the goal is not to slow every vendor interaction, but to make access expire by default and be renewed only when the task still justifies it.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Covers lifecycle and scope control for third-party non-human access. |
| NIST CSF 2.0 | PR.AC-4 | Supports least-privilege access decisions for external users and sessions. |
| NIST Zero Trust (SP 800-207) | SC-3 | Zero Trust requires continuous verification instead of standing trust for vendors. |
Broker every vendor session through continuous verification, explicit policy checks, and session logging.
Related resources from NHI Mgmt Group
- How can organisations reduce third-party identity risk without slowing operations?
- How should law firms govern third-party vendor access without blocking operations?
- Who is accountable when third-party access persists beyond its intended purpose?
- Who is accountable when third-party access remains active after the engagement ends?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 25, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
