NIST is pleased to announce the publication of the final version of NISTIR 8259B, IoT Non-Technical Supporting Capability Core Baseline. This document complements the technical abilities defined in NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline (May 2020) by defining a baseline set of activities that manufacturers should undertake during the planning, development, and operational life of Internet of Things (IoT) devices to address the cybersecurity needs and goals of their customers.
The baseline contained in NISTIR 8259B has been refined over more than a year, starting with the initial publication of an online catalog of technical and non-technical capabilities in June 2020. The need for non-technical supporting capabilities was the subject of a panel discussion during the July 2020 workshop on building the Federal Profile, and a draft baseline was published in December 2020 as one of a set of four draft documents released for public comment. Since publishing the drafts, NIST has presented a webinar (January 2021), accepted public comments, held stakeholder outreach meetings (January – April 2021), and conducted a series of four roundtable discussions (June 2021) to gather feedback and refine the contents of NISTIR 8259B and its companion documents. Feedback on each document was also considered for its impact on the companion documents in the set.
NIST believes that NISTIRS 8259A and 8259B provide a well-founded baseline of capabilities that manufacturers can apply to enhance the cybersecurity of their IoT devices.
Security and Privacy: general security & privacy, security programs & operations
Technologies: hardware
Applications: cybersecurity framework, Internet of Things