As manufacturers create an incredible and ever-growing variety of Internet of Things (IoT) devices, they should also understand the cybersecurity risks associated with those devices in order to make them at least minimally securable. This approach can help reduce the need for customers to make their own cybersecurity-related efforts, prevent unauthorized access, and mitigate the potentially severe effects of attacks performed using compromised IoT devices.
NIST invites comments on Draft NIST Internal Report (NISTIR) 8259, Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers. The publication defines a core baseline of cybersecurity features that manufacturers may voluntarily adopt for IoT devices they produce. The document builds upon NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risk, and provides information on how manufacturers can identify and implement features most appropriate for their customers beyond the core baseline.
The public comment period for this document closes September 30, 2019. See the publication details for a copy of the document and instructions for submitting comments.
NOTE: A call for patent claims is included on page vi of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Security and Privacy: risk management
Applications: cyber-physical systems, Internet of Things
Laws and Regulations: Executive Order 13800