Date Published: December 2020
Comments Due: February 26, 2021 (public comment period is CLOSED)
Email Questions to: iotsecurity@nist.gov
Planning Note (2/8/2021):
The comment period has been extended to February 26, 2021.
, , , , ,
This draft includes background and recommendations to help federal agencies consider how an IoT device they plan to acquire can integrate into a federal information system. IoT devices and their support for security controls are presented in the context of organizational and system risk management. SP 800-213 provides guidance on considering system security from the device perspective. This allows for the identification of IoT device cybersecurity requirements—the abilities and actions a federal agency will expect from an IoT device and its manufacturer and/or third parties, respectively.
Draft SP 800-213 is being released concurrently with these related IoT draft publications:
NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
None selected
Publication:
SP 800-213 (Draft) (DOI)
Local Download
Supplemental Material:
None available
Related NIST Publications:
Document History:
12/15/20: SP 800-213 (Draft)
Security and Privacy
acquisition; program management; risk management
Technologies
hardware
Applications
cybersecurity framework; Internet of Things