IoT Non-Technical Supporting Capability Core Baseline

Fagan, Michael; Marron, Jeffrey; Brady, Kevin; Cuthill, Barbara; Megas, Katerina; Herold, Rebecca

doi:https://doi.org/10.6028/NIST.IR.8259B-draft

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov. [12:20 pm ET - If you received "Page Not Found" errors recently, please retry accessing those files. File synchronization should now be complete.]

NIST IR 8259B (Initial Public Draft)

Obsoleted on August 25, 2021 by IR 8259B

IoT Non-Technical Supporting Capability Core Baseline

Documentation Topics

Date Published: December 2020
Comments Due: February 26, 2021 (public comment period is CLOSED)
Email Questions to: iotsecurity@nist.gov

Planning Note (02/08/2021): The comment period has been extended to February 26, 2021.

Author(s)

Michael Fagan (NIST), Jeffrey Marron (NIST), Kevin Brady (NIST), Barbara Cuthill (NIST), Katerina Megas (NIST), Rebecca Herold (The Privacy Professor Consultancy)

Announcement

Draft NISTIR 8259B complements the NISTIR 8259A device cybersecurity core baseline by detailing additional, non-technical supporting activities typically needed from manufacturers and/or associated third parties. This non-technical baseline collects and makes explicit supporting capabilities like documentation, training, customer feedback, etc.

This draft is released concurrently with these related IoT draft publications:

Draft SP 800-213, IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements
Draft NISTIR 8259C, Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline
Draft NISTIR 8259D, Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government

See this announcement for more details about all four documents.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Non-technical supporting capabilities are actions a manufacturer or third-party organization performs in support of the cybersecurity of an IoT device. This publication defines an Internet of Things (IoT) device manufacturers’ non-technical supporting capability core baseline, which is a set of non-technical supporting capabilities generally needed from manufacturers or other third-parties to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems. The purpose of this publication is to provide organizations a starting point to use in identifying the non-technical supporting capabilities needed in relation to IoT devices they will manufacture, integrate, or acquire. This publication is intended to be used in conjunction with NISTIR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers and NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline.

Keywords

cybersecurity baseline; Internet of Things (IoT); securable computing devices

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8259B-draft
Download URL

Supplemental Material:
IoT Device Cybersecurity Requirement Catalogs

Document History:
12/15/20: IR 8259B (Draft)
08/25/21: IR 8259B (Final)

Topics

Security and Privacy

general security & privacy, security programs & operations

Technologies

hardware

Applications

cybersecurity framework, Internet of Things