U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

National Online Informative References Program OLIR

CTA-2088-to-NISTIR-8259A Informative Reference Details

NISTIR 8259A

Informative Reference Information

Status:
Final

Informative Reference Version:
1.0.0

Focal Document Version:
IoT Device Cybersecurity Capability Core Baseline

Summary:
A mapping between the C2 Consensus-derived CTA-2088 IoT device cybersecurity "baseline capabilities" standard, and NISTIR 8259A. The C2 Consensus is a multi-sector core baseline that 'wraps' 8259A, and CTA-2088 is a direct derivative of C2 in technical standard form (with "SHALL" requirements).

Target Audience:
IoT device manufacturers (brands and OEM/ODMs), retailers, large enterprises.

Comprehensive:
No

Comments:
CTA-2088's mapping to NISTIR 8259A is not fully "comprehensive" (logged as "no" in the Informative Reference record) due to three items that are not covered in either C2 or CTA-2088. NISTIR 8259A DI-2, physical label requirement, was considered out-of-scope for CTA-2088. SU-3, rollback requirement; and CSA-2, detection of degraded cybersecurity state, were not considered broadly baseline. NISTIR 8259A is guidance that is not intended to be 100% applied to all devices, as noted in the 8259A Introduction, "...implementation of all capabilities is not considered mandatory". CTA-2088 is intended to specify, in detail sufficient for developers or purchasers, the necessary baseline for a broad target market, in a way that is entirely compatible with the goals and execution of the NIST effort.

Point of Contact:
Michael Bergman mbergman@CTA.tech +1 703-907-4366

Category of Submitter:
Private Sector

Dependencies/Requirements:

Citations:
The C2 Consensus on IoT Device Security Baseline Capabilities (available at http://csde.tech/projects/c2-consensus/)

SHA3-256

ce6a04b67dc37c9f72478f5dffab1a08960508244182b8e15238e73705444f01

Authority

Owner

Reference Document Author:
Consumer Technology Association

Reference Document:
CTA-2088 Baseline Cybersecurity Standard for Devices and Device Systems (November 2020)

Reference Document Date:
11/00/2020

Reference Document URL:
https://shop.cta.tech/collections/standards/products/baseline-cybersecurity-standard-for-devices-and-device-systems-cta-2088

Reference Developer:
Consumer Technology Association

Posted Date:
January 21, 2021

Contacts

National Online Informative References Program
olir@nist.gov

Topics

Security and Privacy: testing & validation

Applications: cybersecurity framework

Created September 08, 2020, Updated December 08, 2021