Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8425A (Initial Public Draft)

Recommended Cybersecurity Requirements for Consumer-Grade Router Products

Date Published: April 17, 2024
Comments Due: May 17, 2024 (public comment period is CLOSED)
Email Questions to:


Michael Fagan (NIST), Katerina Megas (NIST), Paul Watrobski (NIST), Jeffrey Marron (NIST), Barbara Cuthill (NIST), David Lemire (Huntington Ingalls Industries), Brad Hoehn (Huntington Ingalls Industries), Chris Evans (Huntington Ingalls Industries)


This report presents the consumer-grade router profile, which includes cybersecurity outcomes for consumer-grade router products and associated requirements from router standards. Routers serve as the gatekeepers of our networks, managing the flow of data between devices in the home or office and the internet. A compromised router opens the door to a host of potential exploited vulnerabilities and impacts, making router cybersecurity is of paramount importance in today's interconnected world.

Recommended Cybersecurity Requirements for Consumer-Grade Router Products includes the following topics:

  • How product components around consumer-grade router devices can vary and be assembled into consumer-grade router products
  • Cybersecurity considerations for consumer-grade routers
  • Standards and guidance related to cybersecurity outcomes for consumer-grade routers
  • Consideration of cybersecurity approaches for consumer-grade router products not documented in current standards and guidance

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.



cybersecurity; consumer-grade routers; network security; Internet of Things
Control Families

None selected


Download URL

Supplemental Material:
None available

Document History:
04/17/24: IR 8425A (Draft)


Security and Privacy

general security & privacy


cybersecurity framework, Internet of Things