Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST CSWP 33 (Initial Public Draft)

Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers

Date Published: April 3, 2024
Comments Due: May 17, 2024 (public comment period is CLOSED)
Email Questions to:


Michael Fagan (NIST), Katerina Megas (NIST), Paul Watrobski (NIST), Jeffrey Marron (NIST), Barbara Cuthill (NIST), David Lemire (Huntington Ingalls Industries), Brad Hoehn (Huntington Ingalls Industries)


This Product Development Cybersecurity Handbook describes broadly applicable considerations for developing and deploying secure IoT products across sectors and use cases. This handbook extends NIST’s work to consider the cybersecurity of IoT product components beyond the IoT device. Significant risks can be introduced by vulnerable IoT product components even if the IoT device itself is hardened since these additional components will likely have privileged access to the IoT device and related data.

The Product Development Cybersecurity Handbook includes the following topics:

  • How IoT product components can vary and be assembled into IoT products
  • Cybersecurity considerations for IoT product component hardware and software
  • How IoT product components use internet infrastructure and other equipment to communicate
  • The multiple parties that may have a role in supporting a secure IoT product life cycle
  • Standards and guidance related to cybersecurity outcomes for IoT products
  • IoT product architecture, deployment, roles, and cybersecurity perspectives
  • Approaches to cybersecurity in IoT products, including several IoT product deployment and instantiation examples with related informative references



cybersecurity risk; Internet of Things (IoT); manufacturing; risk management; risk mitigation; securable computing devices; software development
Control Families

None selected


Download URL

Supplemental Material:
NIST Cybersecurity for IoT Program

Document History:
04/03/24: CSWP 33 (Draft)


Security and Privacy

risk management


software & firmware


Internet of Things