Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "

Limit results to content tagged with of the following topics:
Showing 1 through 25 of 135 matching records.

[Redirect to] NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.

Publications IR 8431 (Final) September 20, 2022

Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on specific considerations—and techniques for addr...

Publications IR 8425 (Final) September 20, 2022

Abstract: This publication documents the consumer profile of NIST’s IoT core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting point for small businesses to consider in the purchase of IoT pro...

Publications CSWP 24 (Final) February 4, 2022

Abstract: Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity,” tasks the National Institute of Standards and Technology (NIST), in coordination with the Federal Trade Commission (FTC) and other agencies, to initiate pilot programs for cybersecurity labeling. NIST is, among other actions, direct...

Publications Project Description (Final) May 20, 2021

Abstract: Network-layer onboarding of an Internet of Things (IoT) device is the provisioning of network credentials to that device. The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them. It also leaves devices vulnerable to b...

Publications Conference Paper (Final) May 18, 2020

Conference: 41st IEEE Symposium on Security and Privacy Abstract: Internet of Things (IoT) is being widely adopted in recent years. Security, however, has lagged behind, as evidenced by the increasing number of attacks that use IoT devices (e.g., an arson that uses a smart oven, burglary via a smart lock). Therefore, the transparency and accountability of those de...

Publications IR 8267 (Initial Public Draft) October 1, 2019

Abstract: This report presents the results of a project that conducted a technical review of security features in different categories of consumer home Internet-of-Things (IoT) devices. The categories of IoT devices included smart light bulbs, security lights, security cameras, doorbells, plugs, thermostats,...

Publications Project Description (Initial Public Draft) February 1, 2019

Abstract: This document explores common components of sensor networks and the associated requirements for the secure functioning of the sensor network. For each component, the document lists exposed interfaces, applicable threats, and technologies that may be utilized to help ensure the security requirements....

Publications IR 8200 (Final) November 29, 2018

Abstract: The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council’s Cyber Interagency Policy Committee. Its purpose is to coordinate on major issues in international cybersecurity standardization and thereby enhance...

Publications Journal Article (Final) July 31, 2018

Journal: Computer (IEEE Computer) Abstract: Will our smart devices betray us? Can we trust our smart beds, pet feeders, and watches to maintain the level of privacy we want and expect? As the numbers of devices coming online reach staggering levels, serious questions must be raised about the level of cybertrust we can reasonably expect to hav...

Publications Journal Article (Final) July 13, 2018

Journal: IEEE IoT Newsletter Abstract: In this short article, we review an abbreviated list of trust challenges that we foresee as increased adoption transforms the IoT into another ubiquitous technology just as the Internet is. These challenges are in no specific order, and are by no means a full set.

Publications Conference Paper (Final) March 26, 2018

Conference: 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE) Abstract: This article presents challenges and solutions to testing systems based on the underlying products and services commonly referred to as the Internet of ‘things’ (IoT).

Updates April 3, 2024

An initial public draft of Cybersecurity White Paper (CSWP) 33, "Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers" is now available for public comment through May 17, 2024.

Updates November 29, 2021

NIST has released final IoT-specific guidance (NIST Special Publications 800-213 and 800-213A) to federal organizations to support extending their risk management process to the inclusion of IoT devices in federal systems.

Updates May 20, 2021

The National Cybersecurity Center of Excellence has published a final Project Description on "Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. This project will result in a NIST Cybersecurity Practice Guide.

Updates May 14, 2021

NIST Seeks Comments on a draft white paper, “Establishing Confidence in IoT Device Security: How do we get there?” The comment period is open through June 14, 2021.

Updates March 16, 2021

The National Cybersecurity Center of Excellence has released a Draft Project Description on Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. The public comment period is open through April 21, 2021.

Updates January 7, 2021

NIST publishes NISTIR 8322, Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop.

Updates December 15, 2020

Four draft guidance documents on defining IoT cybersecurity requirements--for federal agencies and IoT device manufacturers--are now available for comment through February 26, 2021: Draft SP 800-213 and Draft NISTIRs 8259B/C/D.

Updates June 1, 2020

Two publications, NISTIRs 8259 and 8259A, are now available to provide cybersecurity best practices and guidance for IoT device manufacturers.

Updates January 7, 2020

NIST has released the second public draft of NISTIR 8259, "Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline." The public comment period ends February 7, 2020.

Updates July 31, 2019

NIST has released Draft NISTIR 8259, "Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers," for public comment. The comment period closes on September 30, 2019.

Updates October 17, 2018

NIST is releasing a draft white paper for public comment, "Internet of Things (IoT) Trust Concerns." It identifies seventeen technical trust-related issues that may negatively impact the adoption of IoT products and services. Comments are due by November 16, 2018.

Updates September 24, 2018

NIST seeks public comments on Draft NISTIR 8228, which is intended to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices. Public comments are due October 24, 2018.

Updates September 17, 2018

[9/18/18--TEMPORARILY WITHDRAWN. TO BE RE-POSTED AT A LATER DATE] Draft NISTIR 8222 identifies 17 technical trust-related issues that may negatively impact the adoption of IoT products and services.

1     2     3     4     5     6  next >  last >>