Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center


Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT)

Date Published: February 2018
Comments Due: April 18, 2018
Email Comments to:


Interagency International Cybersecurity Standardization Working Group (IICS WG)


Michael Hogan (NIST), Ben Piccarreta (NIST)


The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015. The purpose of the IICS WG is to coordinate on major issues in international cybersecurity standardization and thereby enhance U.S. federal agency participation in international cybersecurity standardization.  
The IICS WG has developed this draft report, NIST Interagency Report (NISTIR) 8200Status of International Cybersecurity Standardization for Internet of Things (IoT). The intended audience is both the government and the public. The purpose is to inform and enable policymakers, managers, and standards participants as they seek timely development of and use of cybersecurity standards in IoT components, systems, and services.
This draft report: 

  • provides a functional description for IoT (Section 4);
  • describes several IoT applications that are representative examples of IoT (Section 5);
  • summarizes the cybersecurity core areas and provides examples of relevant standards (Section 6); 
  • describes IoT cybersecurity objectives, risks, and threats (Section 7);
  • provides an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
  • maps IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).

This draft report is based upon the information available to the participating agencies.  Comments are now being solicited to augment that information, especially on the information about the state of cybersecurity standardization for IoT that is found in Sections 8, 9, 10, and Annex D.  Your feedback on this draft publication is important. It will help to shape the final publication so that it best meets the needs of the public and private sectors.

Comments will be posted as they are received, at



cybersecurity; cybersecurity objectives; cybersecurity risks; cybersecurity threats; IT; information technology; IoT; Internet of Things; IoT components; IoT systems; SDO; standards developing organizations; standards; standards gaps
Control Families

None selected


Security and Privacy
general security & privacy

Internet of Things

Activities and Products
standards development