This report summarizes discussions held at the March 5, 2025 "Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers” organized by the NIST Cybersecurity for the Internet of Things (IoT) program. This workshop follows an earlier event held in December 2024 titled “Workshop on Updating Manufacturer Guidance for Securable Connected Product Development” to identify major update areas to NIST IR 8259. Similarly, the purpose of this more recent workshop was to discuss planned updates to NIST IR 8259 and gather additional feedback on taking a product viewpoint with greater emphasis on the IoT product lifecycle, expanded discussion of risk analysis, application to industrial contexts, and cybersecurity considerations around data management to support privacy goals. Over time, NIST work has built upon the concepts introduced in the NIST IR 8259, as reflected in subsequent publications that elaborate on IoT cybersecurity for specific sectors and use cases (e.g., federal agency use of IoT, consumer use of IoT in the home or in small businesses).
This report summarizes discussions held at the March 5, 2025 "Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers” organized by the NIST Cybersecurity for the Internet of Things (IoT) program. This workshop follows an earlier event held in December 2024 titled “Workshop on...
See full abstract
This report summarizes discussions held at the March 5, 2025 "Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers” organized by the NIST Cybersecurity for the Internet of Things (IoT) program. This workshop follows an earlier event held in December 2024 titled “Workshop on Updating Manufacturer Guidance for Securable Connected Product Development” to identify major update areas to NIST IR 8259. Similarly, the purpose of this more recent workshop was to discuss planned updates to NIST IR 8259 and gather additional feedback on taking a product viewpoint with greater emphasis on the IoT product lifecycle, expanded discussion of risk analysis, application to industrial contexts, and cybersecurity considerations around data management to support privacy goals. Over time, NIST work has built upon the concepts introduced in the NIST IR 8259, as reflected in subsequent publications that elaborate on IoT cybersecurity for specific sectors and use cases (e.g., federal agency use of IoT, consumer use of IoT in the home or in small businesses).
Hide full abstract
