U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "

Limit results to content tagged with of the following topics:
Showing 1 through 25 of 119 matching records.
Projects https://csrc.nist.gov/projects/low-power-wide-area-iot

Developing an IoT Laboratory based on LPWAN using LoRaWAN This project is developing a LoRaWAN infrastructure in order to study the security of communications based on Low Power Wide Area Networks, with the objective of Identifying and evaluating security vulnerabilities and countermeasures. Recent Accomplishments Wired IoT prototype for multiple IoT devices (temp sensors, others TBD). Survey of low power wide area networking. Architecture formulated for LPWAN-IoT at NIST. Preliminary risk analysis of LPWA networking deployment at NIST. Risk-balanced phased laboratory development...

Projects https://csrc.nist.gov/projects/nist-cybersecurity-iot-program

[Redirect to https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program] NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.

Project FAQs https://csrc.nist.gov/projects/risk-management/faqs

General Each Risk Management Framework Step "Resources For Implementers" Now Has A FAQ! Please see: About the Risk Management Framework for a FAQ for each RMF Step and RMF Roles & Responsibilities What Is FISMA? FISMA is the Federal Information Security Modernization Act of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by...

Project FAQs https://csrc.nist.gov/projects/security-content-automation-protocol-v2/faqs

Introduction What is the Security Content Automation Protocol (SCAP)? SCAP is a suite of specifications for exchanging security automation content used to assess configuration compliance and to detect the presence of vulnerable versions of software. The same SCAP content can be used by multiple tools to perform a given assessment described by the content. How will SCAP v2 improve SCAP v1 capabilities? SCAP v2 will allow software installation and configuration posture to be monitored and reported as changes to that posture occur. Event-driven reporting will be used in SCAP to support software...

Events October 19, 2017 - October 19, 2017

On October 19th, 2017, NIST is hosting the IoT Cybersecurity Colloquium to convene stakeholders from across government, industry, international bodies, and academia. Our goal is to better understand the concerns and threats associated with the rapidly broadening landscape of connected devices, known as the Internet of Things (IoT). Registration closes on October 12th! Join our Twitter Chat using #IoTSecurityNIST

Publications White Paper May 20, 2021

Abstract: Network-layer onboarding of an Internet of Things (IoT) device is the provisioning of network credentials to that device. The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them. It also leaves devices vulnerable to b...

Publications White Paper (Draft) May 14, 2021

Abstract: NIST conducted a review of the available alternative approaches for providing confidence in the cybersecurity of Internet of Things (IoT) devices in November 2020 through January 2021, conducting interviews with government and private sector organizations who are experts on these approaches. This wh...

Publications NISTIR 8322 January 7, 2021

Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop in July 2020. NISTIR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers and NISTIR 8259A, IoT Device Cybersecurity Capability Core Ba...

Publications NISTIR 8259B (Draft) December 15, 2020

Abstract: Non-technical supporting capabilities are actions a manufacturer or third-party organization performs in support of the cybersecurity of an IoT device. This publication defines an Internet of Things (IoT) device manufacturers’ non-technical supporting capability core baseline, which is a set of non-...

Publications NISTIR 8259C (Draft) December 15, 2020

Abstract: The core baseline in NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline and the non-technical baseline in NISTIR 8259B, IoT Manufacturer Non-Technical Supporting Capability Core Baseline can be expanded upon based on more specific contextual information. Using source material with infor...

Publications SP 800-213 (Draft) December 15, 2020

Abstract: Federal agencies will increasingly use Internet of Things (IoT) devices for the mission benefits they can offer, but care must be taken in the acquisition and implementation of IoT devices. This publication contains background and recommendations to help federal agencies consider how an IoT device t...

Publications NISTIR 8259D (Draft) December 15, 2020

Abstract: The NISTIR 8259 series provide general guidance on how manufacturers can understand and approach their role in supporting customers’ cybersecurity needs and goals. As discussed in those documents, specific sectors and use cases may require more specific guidance than what is included in the device c...

Publications NISTIR 8259 May 29, 2020

Abstract: Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are by providing necessary cyber...

Publications NISTIR 8259A May 29, 2020

Abstract: Device cybersecurity capabilities are cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software). This publication defines an Internet of Things (IoT) device cybersecurity capability core baseline, which is a set of devic...

Publications Conference Paper May 18, 2020

Conference: 41st IEEE Symposium on Security and Privacy Abstract: Internet of Things (IoT) is being widely adopted in recent years. Security, however, has lagged behind, as evidenced by the increasing number of attacks that use IoT devices (e.g., an arson that uses a smart oven, burglary via a smart lock). Therefore, the transparency and accountability of those de...

Publications NISTIR 8267 (Draft) October 1, 2019

Abstract: This report presents the results of a project that conducted a technical review of security features in different categories of consumer home Internet-of-Things (IoT) devices. The categories of IoT devices included smart light bulbs, security lights, security cameras, doorbells, plugs, thermostats,...

Publications White Paper (Draft) February 1, 2019

Abstract: This document explores common components of sensor networks and the associated requirements for the secure functioning of the sensor network. For each component, the document lists exposed interfaces, applicable threats, and technologies that may be utilized to help ensure the security requirements....

Publications NISTIR 8200 November 29, 2018

Abstract: The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council’s Cyber Interagency Policy Committee. Its purpose is to coordinate on major issues in international cybersecurity standardization and thereby enhance...

Publications Journal Article July 13, 2018

Journal: IEEE IoT Newsletter Abstract: In this short article, we review an abbreviated list of trust challenges that we foresee as increased adoption transforms the IoT into another ubiquitous technology just as the Internet is. These challenges are in no specific order, and are by no means a full set.

Updates May 20, 2021

The National Cybersecurity Center of Excellence has published a final Project Description on "Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. This project will result in a NIST Cybersecurity Practice Guide.

Updates May 14, 2021

NIST Seeks Comments on a draft white paper, “Establishing Confidence in IoT Device Security: How do we get there?” The comment period is open through June 14, 2021.

Updates March 16, 2021

The National Cybersecurity Center of Excellence has released a Draft Project Description on Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. The public comment period is open through April 21, 2021.

Updates January 7, 2021

NIST publishes NISTIR 8322, Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop.

Updates December 15, 2020

Four draft guidance documents on defining IoT cybersecurity requirements--for federal agencies and IoT device manufacturers--are now available for comment through February 26, 2021: Draft SP 800-213 and Draft NISTIRs 8259B/C/D.

Updates June 1, 2020

Two publications, NISTIRs 8259 and 8259A, are now available to provide cybersecurity best practices and guidance for IoT device manufacturers.

1     2     3     4     5  next >  last >>