Date Published: June 24, 2026
Comments Due: August 24, 2026
Email Comments to:
[email protected]
Organizations increasingly use Internet of Things (IoT) products for the mission benefits they offer, but care must be taken in acquiring and implementing this equipment.
NIST is updating guidelines for establishing cybersecurity requirements for IoT products to support necessary security controls. Understanding that an IoT product is a system element facilitates an understanding of how it must be considered in the risk management process. The acquisition and integration of an IoT product into an information system may alter the system’s risk assessment based on new risks introduced by the product. An updated risk assessment may require additional or new controls to be selected and implemented in the system. This publication provides general considerations of how IoT products may impact an information system’s risk assessment and subsequent allocation of controls that may be necessary.
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
None selected
Publication:
https://doi.org/10.6028/NIST.SP.800-213r1.ipd
Download URL
Supplemental Material:
Cybersecurity Insights blog post
NIST Cybersecurity for IoT Program
Document History:
06/24/26: SP 800-213 Rev. 1 (Draft)