Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Project Description (Initial Public Draft)

Security for IoT Sensor Networks: Building Management Case Study

Date Published: February 2019
Comments Due: March 18, 2019 (public comment period is CLOSED)
Email Questions to:


Jeffrey Cichonski (NIST), Jeffrey Marron (NIST), Nelson Hastings (NIST), Jason Ajmo (MITRE), Rahmira Rufus (MITRE)


The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project to protect building management systems’ IoT sensor networks. Our findings may be applicable to other industry sectors and are listed for consideration for inclusion as future NCCoE use cases. We will explore common components of sensor networks and the associated security requirements of those components for the secure functioning of the IoT sensor network. Detailed explorations of other considerations (e.g., physical security), while important, are outside the scope of this project.

These are the goals and objectives of the project:

  • Serve as a building block for sensor networks in general, future IoT projects, or specific sensor network use cases.
  • Establish a security architecture to protect a building management system sensor network by using standards and best practices, including the communications channel/network used to transmit sensor data to the back-end building control systems (hosts) for processing.
  • Explore the cybersecurity controls to promote the reliability, integrity, and availability of building management system sensor networks.
  • Exercise/test the cybersecurity controls of the building management system sensor network to verify that they mitigate the identified cybersecurity concerns/risks, and understand the performance implications of adding these controls to the building management system sensor network.

Please submit your feedback to help us shape and refine the scope of this project.



building management sensors; data integrity; device integrity; internet of things; IoT; networked sensors; sensors; sensor data; sensor security.
Control Families

Access Control; Assessment, Authorization and Monitoring; Configuration Management; Identification and Authentication; Risk Assessment


Project Description (pdf)

Supplemental Material:
None available

Document History:
02/01/19: Project Description (Draft)


Security and Privacy

physical & environmental protection


networks, sensors


Internet of Things