Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Core Cybersecurity Feature Baseline for Securable IoT Devices: Draft NISTIR 8259 Available for Comment
July 31, 2019

As manufacturers create an incredible and ever-growing variety of Internet of Things (IoT) devices, they should also understand the cybersecurity risks associated with those devices in order to make them at least minimally securable. This approach can help reduce the need for customers to make their own cybersecurity-related efforts, prevent unauthorized access, and mitigate the potentially severe effects of attacks performed using compromised IoT devices.

NIST invites comments on Draft NIST Internal Report (NISTIR) 8259Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers. The publication defines a core baseline of cybersecurity features that manufacturers may voluntarily adopt for IoT devices they produce. The document builds upon NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risk, and provides information on how manufacturers can identify and implement features most appropriate for their customers beyond the core baseline.

The public comment period for this document closes September 30, 2019. See the publication details for a copy of the document and instructions for submitting comments.

NOTE: A call for patent claims is included on page vi of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications


See the related NIST news article about this draft document.


Security and Privacy: risk management,

Applications: cyber-physical systems, Internet of Things,

Laws and Regulations: Executive Order 13800,

Created July 31, 2019, Updated August 01, 2019