U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NISTIR 8259D (Draft)

Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government

Date Published: December 2020
Comments Due: February 26, 2021 (public comment period is CLOSED)
Email Questions to: iotsecurity@nist.gov

Planning Note (11/29/2021): This document has been withdrawn, and based on public comments the content is now available in an appendix of SP 800-213A.

Author(s)

Michael Fagan (NIST), Jeffrey Marron (NIST), Kevin Brady (NIST), Barbara Cuthill (NIST), Katerina Megas (NIST), Rebecca Herold (The Privacy Professor Consultancy)

Announcement

Draft NISTIR 8259D provides a worked example result of applying the NISTIR 8259C process, focused on the federal government customer space, where the requirements of the FISMA process and the SP 800-53 security and privacy controls catalog are the essential guidance. NISTIR 8259D provides a device-centric, cybersecurity-oriented profile of the NISTIR 8259A and 8259B core baselines, calibrated against the FISMA low baseline described in NIST SP 800-53B as an example of the criteria for minimal securability for federal use cases.

This draft is released concurrently with these related IoT draft publications:

  • Draft SP 800-213IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements
  • Draft NISTIR 8259BIoT Non-Technical Supporting Capability Core Baseline
  • Draft NISTIR 8259CCreating a Profile Using the IoT Core Baseline and Non-Technical Baseline
See this announcement for more details about all four documents.
 

NOTE: A call for patent claims is included on page iv of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

cybersecurity baseline; Internet of Things (IoT); securable computing devices; security requirements; Risk Management Framework
Control Families

None selected

Documentation

Publication:
NISTIR 8259D (Draft) (DOI)
Local Download

Supplemental Material:
None available

Other Parts of this Publication:
NISTIR 8259
NISTIR 8259A
NISTIR 8259B
NISTIR 8259C (Draft)

Related NIST Publications:
NISTIR 8379
SP 800-213 (Draft)

Document History:
12/15/20: NISTIR 8259D (Draft)

Topics

Security and Privacy
risk management

Technologies
hardware

Applications
cybersecurity framework; Internet of Things