Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NISTIR 8228 (DRAFT)

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

Date Published: September 2018
Comments Due: October 24, 2018 (public comment period is CLOSED)
Email Questions to: iotsecurity@nist.gov

Author(s)

Kaitlin Boeckl (NIST), Michael Fagan (NIST), William Fisher (NIST), Naomi Lefkovitz (NIST), Katerina Megas (NIST), Ellen Nadeau (NIST), Ben Piccarreta (NIST), Danna Gabel O'Rourke (Deloitte & Touche), Karen Scarfone (Scarfone Cybersecurity)

Announcement

The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do.

NIST is seeking public comments on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices throughout their lifecycles. This publication is the introductory document providing the foundation for a planned series of publications on more specific aspects of this topic.

We encourage you to use the Comment Template when submitting your comments.

Abstract

Keywords

cybersecurity risk; Internet of Things (IoT); privacy risk; risk management; risk mitigation
Control Families

None selected

Documentation

Publication:
NISTIR 8228 (DRAFT) (DOI)
Local Download

Supplemental Material:
Comment Template (word)

Related NIST Publications:
White Paper (DRAFT)

Topics

Security and Privacy
general security & privacy; risk management

Applications
Internet of Things