Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8200 (Initial Public Draft)

Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT)

Date Published: February 2018
Comments Due: April 18, 2018 (public comment period is CLOSED)
Email Questions to:


Interagency International Cybersecurity Standardization Working Group (IICS WG)


Michael Hogan (NIST), Ben Piccarreta (NIST)


The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015. The purpose of the IICS WG is to coordinate on major issues in international cybersecurity standardization and thereby enhance U.S. federal agency participation in international cybersecurity standardization.  
The IICS WG has developed this draft report, NIST Interagency Report (NISTIR) 8200Status of International Cybersecurity Standardization for Internet of Things (IoT). The intended audience is both the government and the public. The purpose is to inform and enable policymakers, managers, and standards participants as they seek timely development of and use of cybersecurity standards in IoT components, systems, and services.
This draft report: 

  • provides a functional description for IoT (Section 4);
  • describes several IoT applications that are representative examples of IoT (Section 5);
  • summarizes the cybersecurity core areas and provides examples of relevant standards (Section 6); 
  • describes IoT cybersecurity objectives, risks, and threats (Section 7);
  • provides an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
  • maps IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).

This draft report is based upon the information available to the participating agencies.  Comments are now being solicited to augment that information, especially on the information about the state of cybersecurity standardization for IoT that is found in Sections 8, 9, 10, and Annex D.  Your feedback on this draft publication is important. It will help to shape the final publication so that it best meets the needs of the public and private sectors.

Comments will be posted as they are received, at



cybersecurity; cybersecurity objectives; cybersecurity risks; cybersecurity threats; IT; information technology; IoT; Internet of Things; IoT components; IoT systems; SDO; standards developing organizations; standards; standards gaps
Control Families

None selected


Draft NISTIR 8200 (pdf)

Supplemental Material:
Comment template (docx)
View comments received to-date

Document History:
02/14/18: IR 8200 (Draft)
11/29/18: IR 8200 (Final)


Security and Privacy

general security & privacy


Internet of Things

Activities and Products

standards development