Date Published: September 2022
Author(s)
Katerina Megas (NIST), Michael Fagan (NIST), Barbara Cuthill (NIST), Brad Hoehn (HII Mission Technologies), David Lemire (HII Mission Technologies), Rebecca Herold (The Privacy Professor Consultancy)
This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on specific considerations—and techniques for addressing those considerations—around cybersecurity in IoT products. These considerations have broad applicability across IoT product sectors, including the consumer IoT products sector and the industrial IoT sector. For consumer IoT, these considerations arose in moving the criteria presented in Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products into draft NIST IR 8425, Profile of the IoT Core Baseline for Consumer IoT Products, along with a discussion paper on the complexity of risk identification for IoT published before the workshop.
This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on specific considerations—and techniques for...
See full abstract
This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on specific considerations—and techniques for addressing those considerations—around cybersecurity in IoT products. These considerations have broad applicability across IoT product sectors, including the consumer IoT products sector and the industrial IoT sector. For consumer IoT, these considerations arose in moving the criteria presented in
Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products into draft NIST IR 8425,
Profile of the IoT Core Baseline for Consumer IoT Products, along with a discussion paper on the complexity of risk identification for IoT published before the workshop.
Hide full abstract
Keywords
Consumer IoT; Industrial IoT (IIoT); consumer profile; cybersecurity; Internet of Things (IoT); IoT products; privacy; Risk Management Framework; securable products; security requirements
Control Families
None selected