Date Published: July 2019
Comments Due:
Email Questions to:
Author(s)
Michael Fagan (NIST), Katerina Megas (NIST), Karen Scarfone (Scarfone Cybersecurity), Matthew Smith (G2)
Announcement
Manufacturers are creating an incredible variety and volume of Internet of Things (IoT) devices. Manufacturers need to understand the cybersecurity risks their customers face so IoT devices can provide cybersecurity features that make them at least minimally securable by the individuals and organizations who acquire and use them. This approach can help lessen the cybersecurity-related effort needed by customers, which in turn should reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised IoT devices.
This draft publication defines a core baseline of cybersecurity features that manufacturers may voluntarily adopt for IoT devices they produce. It also provides information on how manufacturers can identify and implement features beyond the core baseline most appropriate for their customers. Draft NISTIR 8259 builds upon NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
A public comment period for this draft document is open until September 30, 2019.
NOTE: A call for patent claims is included on page vi of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
This publication is intended to help Internet of Things (IoT) device manufacturers understand the cybersecurity risks their customers face so IoT devices can provide cybersecurity features that make them at least minimally securable by the individuals and organizations who acquire and use them. The publication defines a core baseline of cybersecurity features that manufacturers may voluntarily adopt for IoT devices they produce. The core baseline addresses general cybersecurity risks faced by a generic customer. Manufacturers often know more about their customers and the risks they face, so the publication also provides information on how manufacturers can identify features beyond the core baseline most appropriate for their customers and implement those features to further improve how securable their IoT devices are. This approach can help lessen the cybersecurity-related efforts needed by IoT device customers, which in turn should reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised IoT devices.
This publication is intended to help Internet of Things (IoT) device manufacturers understand the cybersecurity risks their customers face so IoT devices can provide cybersecurity features that make them at least minimally securable by the individuals and organizations who acquire and use them. The...
See full abstract
This publication is intended to help Internet of Things (IoT) device manufacturers understand the cybersecurity risks their customers face so IoT devices can provide cybersecurity features that make them at least minimally securable by the individuals and organizations who acquire and use them. The publication defines a core baseline of cybersecurity features that manufacturers may voluntarily adopt for IoT devices they produce. The core baseline addresses general cybersecurity risks faced by a generic customer. Manufacturers often know more about their customers and the risks they face, so the publication also provides information on how manufacturers can identify features beyond the core baseline most appropriate for their customers and implement those features to further improve how securable their IoT devices are. This approach can help lessen the cybersecurity-related efforts needed by IoT device customers, which in turn should reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised IoT devices.
Hide full abstract
Keywords
cybersecurity baseline; cybersecurity risk; Internet of Things (IoT); manufacturing; risk management; risk mitigation; securable computing devices; software development
Control Families
None selected
