Use this form to search content on CSRC pages.
[Redirect to https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program] NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.
Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on specific considerations—and techniques for addr...
Abstract: This publication documents the consumer profile of NIST’s IoT core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting point for small businesses to consider in the purchase of IoT pro...
Abstract: Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity,” tasks the National Institute of Standards and Technology (NIST), in coordination with the Federal Trade Commission (FTC) and other agencies, to initiate pilot programs for cybersecurity labeling. NIST is, among other actions, direct...
Conference: 41st IEEE Symposium on Security and Privacy Abstract: Internet of Things (IoT) is being widely adopted in recent years. Security, however, has lagged behind, as evidenced by the increasing number of attacks that use IoT devices (e.g., an arson that uses a smart oven, burglary via a smart lock). Therefore, the transparency and accountability of those de...
Abstract: The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council’s Cyber Interagency Policy Committee. Its purpose is to coordinate on major issues in international cybersecurity standardization and thereby enhance...
Journal: Computer (IEEE Computer) Abstract: Will our smart devices betray us? Can we trust our smart beds, pet feeders, and watches to maintain the level of privacy we want and expect? As the numbers of devices coming online reach staggering levels, serious questions must be raised about the level of cybertrust we can reasonably expect to hav...
Conference: 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE) Abstract: This article presents challenges and solutions to testing systems based on the underlying products and services commonly referred to as the Internet of ‘things’ (IoT).
Abstract: Network-layer onboarding of an Internet of Things (IoT) device is the provisioning of network credentials to that device. The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them. It also leaves devices vulnerable to b...
Abstract: This report presents the results of a project that conducted a technical review of security features in different categories of consumer home Internet-of-Things (IoT) devices. The categories of IoT devices included smart light bulbs, security lights, security cameras, doorbells, plugs, thermostats,...
Abstract: This document explores common components of sensor networks and the associated requirements for the secure functioning of the sensor network. For each component, the document lists exposed interfaces, applicable threats, and technologies that may be utilized to help ensure the security requirements....
Journal: IEEE IoT Newsletter Abstract: In this short article, we review an abbreviated list of trust challenges that we foresee as increased adoption transforms the IoT into another ubiquitous technology just as the Internet is. These challenges are in no specific order, and are by no means a full set.
The NIST Cybersecurity for IoT Program is proud to announce the release of NIST IR 8425A.
An initial public draft of Cybersecurity White Paper (CSWP) 33, "Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers" is now available for public comment through May 17, 2024.
NIST has released final IoT-specific guidance (NIST Special Publications 800-213 and 800-213A) to federal organizations to support extending their risk management process to the inclusion of IoT devices in federal systems.
The National Cybersecurity Center of Excellence has published a final Project Description on "Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. This project will result in a NIST Cybersecurity Practice Guide.
NIST Seeks Comments on a draft white paper, “Establishing Confidence in IoT Device Security: How do we get there?” The comment period is open through June 14, 2021.
The National Cybersecurity Center of Excellence has released a Draft Project Description on Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. The public comment period is open through April 21, 2021.
NIST publishes NISTIR 8322, Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop.
Four draft guidance documents on defining IoT cybersecurity requirements--for federal agencies and IoT device manufacturers--are now available for comment through February 26, 2021: Draft SP 800-213 and Draft NISTIRs 8259B/C/D.
Two publications, NISTIRs 8259 and 8259A, are now available to provide cybersecurity best practices and guidance for IoT device manufacturers.
NIST has released the second public draft of NISTIR 8259, "Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline." The public comment period ends February 7, 2020.
NIST has released Draft NISTIR 8259, "Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers," for public comment. The comment period closes on September 30, 2019.
NIST is releasing a draft white paper for public comment, "Internet of Things (IoT) Trust Concerns." It identifies seventeen technical trust-related issues that may negatively impact the adoption of IoT products and services. Comments are due by November 16, 2018.
NIST seeks public comments on Draft NISTIR 8228, which is intended to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices. Public comments are due October 24, 2018.