Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Read more about NIST's guidance for manufacturers and supporting parties creating IoT devices and products.
Read more about NIST guidance for Federal Agencies looking to deploy IoT devices in their systems.
Read more about the program's contributions to NIST's response to E.O. 14028 on improving Consumer IoT cybersecurity.
The Challenge
Fostering cybersecurity in the IoT ecosystem, across industry sectors and at scale
Recent Announcements
- NIST posted a public draft for comment of NIST IR 8425: Recommended Cybersecurity Requirements for Consumer Grade Routers. This report presents the consumer-grade router profile, which includes cybersecurity outcomes for consumer-grade router products and associated requirements from router standards. Routers serve as the gatekeepers of our networks, managing the flow of data between devices in the home or office and the internet. A compromised router opens the door to a host of potential exploited vulnerabilities and impacts, making router cybersecurity is of paramount importance in today's interconnected world. This document builds on the previously published preliminary drafts.
Comment period open until May 17, 2024. Comments can be sent to IoTSecurity [at] nist.gov (IoTSecurity[at]nist[dot]gov)
- NIST posted an initial public draft of Cybersecurity White Paper (CSWP) 33, Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers. This Product Development Cybersecurity Handbook describes broadly applicable considerations for developing and deploying secure IoT products across sectors and use cases. This handbook extends NIST’s work to consider the cybersecurity of IoT product components beyond the IoT device. Significant risks can be introduced by vulnerable IoT product components even if the IoT device itself is hardened since these additional components will likely have privileged access to the IoT device and related data.
Comment period open until May 17, 2024. Comments can be sent to IoTSecurity [at] nist.gov (IoTSecurity[at]nist[dot]gov)
See the IoT Advisory Board webpage for the latest draft of the IoT Advisory Board Report and Recommendations
SSDF and IoT Cybersecurity Guidance: Building Blocks for IoT Product Security (June 22, 2023)
About the Program
NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of IoT systems, products, connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, academia, and consumers, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.
The IoT Cybersecurity Program charter was established at the end of 2016 with three overarching program goals.
Supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of IoT systems and the environments in which they are deployed.
Collaborate with stakeholders across government, industry, international bodies, and academia.
Cultivate trust and foster an environment that enable innovation on a global scale.
Mailing List
The Cybersecurity for IoT program uses the GovDelivery to email announcements, join our mailing list to be among the first to receive NIST IoT cybersecurity news and information. Sign up or log in for email updates and select “IoT Cybersecurity” under Information Technology Laboratory (ITL) > Cybersecurity Programs.