Foundational Cybersecurity Activities for IoT Product Manufacturers | IR 8259r1 ipd and IR 8572
May 13, 2025

NIST's Cybersecurity for the Internet of Things (IoT) program has released two NIST Internal Reports (IR) today:

• NIST IR 8572, Workshop Summary Report for “Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers”
• NIST IR 8259r1 initial public draft, Foundational Cybersecurity Activities for IoT Product Manufacturers

In keeping with the requirement in the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 to revisit NIST’s IoT cybersecurity guidelines every five years, NIST has released IR 8259r1 for public comment. This document describes recommended activities related to cybersecurity for manufacturers, spanning pre-market and post-market, to help them develop products that meet their customers’ needs and expectations for cybersecurity. This revision marks a pivotal change to addressing the full IoT product scope as well as broadening consideration of maintenance, support and end of life considerations for IoT products.

The public comment period for IR 8259r1 is open through July 14, 2025. See the publication details for a copy of the draft and instructions for submitting comments. We look forward to hearing your thoughts and comments on this draft.  

See this NIST Cybersecurity Insights blog post for more information.