Internet of Things (IoT) devices offer tremendous capabilities to users. Looking around I see more and more ways, especially in a post COVID-19 world, that these devices will make our lives easier and safer, which makes this work more critical than ever.
And while cybersecurity is a shared responsibility and the solution will likely require an ecosystem approach, how can IoT devices enable customers’ security goals?
Working with industry and other stakeholders, we’ve made great strides in recent years to increase overall IoT cybersecurity. In the Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (IoT) published in November 2018, it was evident that much was already underway. However it was unclear to IoT manufacturers: what applied to them; where to start; and how to avoid fragmentation and promote consistency. What guidance and best practices can device manufacturers therefore follow?
With our latest publication, NISTIR 8259A – IoT Device Cybersecurity Capability Core Baseline, the NIST Cybersecurity for IoT Program identifies a core baseline of IoT device cybersecurity capabilities for manufacturers — i.e. device capabilities generally needed to support common cybersecurity controls.
Published concurrently, NISTIR 8259 – Foundational Cybersecurity Activities for IoT Device Manufacturers, provides specific recommended activities to help manufacturers address customer needs for IoT cybersecurity in their product development processes.