U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

White Paper (Draft)

Establishing Confidence in IoT Device Security: How do we get there?

Date Published: May 14, 2021
Comments Due: June 14, 2021 (public comment period is CLOSED)
Email Questions to: iotsec@nist.gov

Author(s)

Katerina Megas (NIST), Barbara Cuthill (NIST), Sarbari Gupta (Electrosoft Services)

Announcement

The purpose of this draft paper is to start a conversation about what it means to have confidence in the cybersecurity of IoT devices used by individuals and organizations and the various ways of gaining that confidence. This paper describes the landscape of confidence mechanisms that are currently available for establishing the security of IoT devices in the marketplace.  In preparing this paper, NIST conducted extensive research on initiatives that can help to instill confidence in IoT device security and held a series of meetings with government and industry experts to glean information on the unique aspects and challenges in this space.

NIST seeks comments on this paper and on the topic of confidence mechanisms including comments addressing the following questions:

  • While the landscape review wasn’t meant to be exhaustive, are there other significant confidence mechanisms that we should include?
  • Have we correctly characterized the different mechanisms for providing confidence in the security of IoT products?
  • We identified seven themes that emerged from our interviews. Are there other considerations that we missed?

Abstract

Keywords

conformance testing; cybersecurity; Internet of Things; labelling
Control Families

None selected

Documentation

Publication:
White Paper (DOI)

Supplemental Material:
Local Download (pdf)
NIST Cybersecurity for IoT Program (web)

Document History:
05/14/21: White Paper (Draft)

Topics

Security and Privacy
general security & privacy; trustworthiness

Technologies
hardware

Applications
Internet of Things