An incredible variety and volume of Internet of Things (IoT) devices are being produced. IoT devices are ever more frequently becoming integral elements of federal information systems. The NIST Cybersecurity for IoT Team is releasing public drafts of four documents providing guidance for federal agencies and IoT device manufacturers on defining IoT cybersecurity requirements, including supporting non-technical requirements, so that federal organizations can procure and integrate IoT securely and continue to meet their FISMA obligations. These four new documents expand the range of guidance for IoT cybersecurity. The initial foundation documents in this series are:
The new 800-series Special Publication (SP) and the three new documents in the NISTIR 8259 series that are being released as drafts for comment provide guidance to federal agencies and IoT device manufacturers, complementing the guidance in the initial foundational documents:
NIST appreciates all comments, concerns and identification of areas needing clarification. Ongoing discussion with the stakeholder community is welcome as we work to improve the cybersecurity of IoT devices. Community input is specifically sought regarding the mapping of specific reference document content to the items in Table 1 of NISTIR 8259B and Tables 1 and 2 of NISTIR 9258D, to populate the fourth column, "IoT Reference Examples" column. Table 1 in NISTIR 8259A can be used as a model for these informative reference mappings.
A public comment period for these documents is open through February 12, 2021. See the publications' details (linked above) for copies of the drafts and instructions for submitting comments.
Comments, questions, and other concerns should be sent to [email protected].