Summary Report for “Workshop on Updating Manufacturer Guidance for Securable Connected Product Development”

This report summarizes the feedback received by the NIST Cybersecurity for the Internet of Things (IoT) program at the in-person and hybrid workshop on "Updating Manufacturer Guidance for Securable Connected Product Development" held in December 2024. The purpose of this workshop was to consider how to update Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST Internal Report (IR) 8259) based on concepts in risk management, operational technology concerns, product end of life concerns and recent trends in IoT cybersecurity and privacy. Over time, the NIST volume of work has built upon the concepts introduced in NIST IR 8259, to add technical (NIST IR 8259A) and nontechnical (NIST IR 8259B) concepts to help manufacturers and customers consider the cybersecurity of IoT devices. The NIST IR 8259 series has been used to inform and develop subsequent publications that elaborate on IoT cybersecurity across sectors and use cases (e.g., federal agency uses cases reflected in NIST SP 800-213 and consumer use cases reflected in NIST IR 8425 and the U.S. Cyber Trust Mark).