Date Published: April 3, 2024
Comments Due:
Email Questions to:
Author(s)
Michael Fagan (NIST), Katerina Megas (NIST), Paul Watrobski (NIST), Jeffrey Marron (NIST), Barbara Cuthill (NIST), David Lemire (Huntington Ingalls Industries), Brad Hoehn (Huntington Ingalls Industries)
Announcement
This Product Development Cybersecurity Handbook describes broadly applicable considerations for developing and deploying secure IoT products across sectors and use cases. This handbook extends NIST’s work to consider the cybersecurity of IoT product components beyond the IoT device. Significant risks can be introduced by vulnerable IoT product components even if the IoT device itself is hardened since these additional components will likely have privileged access to the IoT device and related data.
The Product Development Cybersecurity Handbook includes the following topics:
- How IoT product components can vary and be assembled into IoT products
- Cybersecurity considerations for IoT product component hardware and software
- How IoT product components use internet infrastructure and other equipment to communicate
- The multiple parties that may have a role in supporting a secure IoT product life cycle
- Standards and guidance related to cybersecurity outcomes for IoT products
- IoT product architecture, deployment, roles, and cybersecurity perspectives
- Approaches to cybersecurity in IoT products, including several IoT product deployment and instantiation examples with related informative references
As interest in Internet of Things (IoT) technologies has grown, so have concerns and attention to cybersecurity of the newly network-connected products and services offered in many sectors, including energy services, water/waste-water services, automobiles, consumer electronics, and government. This Product Development Cybersecurity Handbook will describe concepts important to developing and deploying secure IoT products for any sector or use case, including discussion of IoT Product architecture, deployment, roles and cybersecurity perspectives. This publication extends and elaborates on NIST’s prior work related to development of IoT products. In addition to discussing the concepts, this publication also demonstrates their application and discusses how satisfaction of cybersecurity in IoT products can be approached.
As interest in Internet of Things (IoT) technologies has grown, so have concerns and attention to cybersecurity of the newly network-connected products and services offered in many sectors, including energy services, water/waste-water services, automobiles, consumer electronics, and government. This...
See full abstract
As interest in Internet of Things (IoT) technologies has grown, so have concerns and attention to cybersecurity of the newly network-connected products and services offered in many sectors, including energy services, water/waste-water services, automobiles, consumer electronics, and government. This Product Development Cybersecurity Handbook will describe concepts important to developing and deploying secure IoT products for any sector or use case, including discussion of IoT Product architecture, deployment, roles and cybersecurity perspectives. This publication extends and elaborates on NIST’s prior work related to development of IoT products. In addition to discussing the concepts, this publication also demonstrates their application and discusses how satisfaction of cybersecurity in IoT products can be approached.
Hide full abstract
Keywords
cybersecurity risk; Internet of Things (IoT); manufacturing; risk management; risk mitigation; securable computing devices; software development
Control Families
None selected