CNC

Computer numerical control (CNC) is a method of automating machine tools using computer-based programs that define the movement of axes and the execution of machining operations. In industrial and manufacturing environments, a CNC system interprets a digital part program (such as G-code) and converts it into precise, repeatable motions of machine components like spindles, tool changers, and linear axes.

A CNC may refer to the overall machine tool (for example, a CNC mill, lathe, or grinder) or specifically to the CNC controller that executes the programs and interfaces with drives, sensors, and operator panels. CNC equipment is common in discrete manufacturing for metal cutting, plastics machining, and other precision processes.

Key characteristics in manufacturing and OT environments

In regulated and industrial settings, CNC commonly includes:

• CNC controller hardware and firmware, which processes part programs and generates motion commands.
• Human-machine interface (HMI) for loading programs, setting parameters, and monitoring status.
• Motion control components such as drives, motors, and feedback devices that follow the controller commands.
• Program and parameter data, including G-code files, tool offsets, and machine configuration settings.
• Connectivity to OT and IT systems, for example via Ethernet, fieldbuses, DNC servers, MES, or file shares for program transfer and data collection.

CNC systems are typically part of the operational technology (OT) asset inventory and may be subject to cybersecurity, change control, and data integrity controls. This can include managing user access on the controller, controlling how part programs are distributed, and documenting changes to parameters that affect product quality.

Operational context

In day-to-day operations, CNC equipment is used to:

• Execute validated or approved machining programs to manufacture parts.
• Exchange data with MES or production scheduling systems, often via program download/upload or machine status signals.
• Record or report production data such as run status, alarms, and part counts, which may be used for OEE or traceability.

From a governance and compliance perspective, CNC controllers are often in scope for:

• Configuration management and change control on machine parameters and firmware.
• Access control policies for operators, maintenance, and engineering roles.
• Cybersecurity controls for network-connected machines, aligned with broader OT security practices.

Common confusion

• CNC vs. PLC: A CNC is specialized for motion and machining control, while a PLC (programmable logic controller) is a more general-purpose controller for sequencing, interlocks, and I/O. Some machines use both: a CNC for motion and a PLC for auxiliary functions.
• CNC machine vs. CNC controller: In many plants, “CNC” is used interchangeably for the whole machine tool and for the controller unit. When defining scope for risk, validation, or cybersecurity, it can be useful to distinguish the controller (logic and networking) from the mechanical machine components.

Relation to security and Annex A controls

In information security and cybersecurity frameworks, CNC equipment is treated as an OT asset similar to PLCs, SCADA nodes, or DCS components. Controls may be applied to:

• Protect CNC programs and configuration data from unauthorized change.
• Manage user accounts, physical access, and removable media at the machine.
• Harden network connectivity between CNCs and higher-level systems for program transfer or monitoring.