Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Connected devices, connected standards: Seeking feedback on international IoT cybersecurity standards

Our research shows that there is no one-size-fits-all approach to securing the Internet of Things. That’s why we have released Draft NISTIR 8200, Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT)—and why we want to hear from you.

With this draft report, we hope to inform and enable policymakers, managers and standards participants as they seek timely development and use of cybersecurity standards in IoT components, systems and services.

This effort began with the Interagency International Cyber Security Working Group (IICS WG), in direct response to recommendations from the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity (NISTIR 8074 Volume 1). The working group coordinates on major issues in international cybersecurity standardization and established a task group to develop a report on the status of international cybersecurity standards that are relevant to IoT. NIST convenes the IICS WG and co-chairs, with DHS, the IoT Task Group.

Because of the rapid adoption of IoT devices—and the cybersecurity and privacy concerns surrounding them—the draft NISTIR aims to update stakeholders on the development and use of cybersecurity standards in IoT. 

This draft report, based upon the information available to the participating agencies, includes: 

  • A functional description of IoT;
  • Several applications that are representative examples of IoT;
  • Cybersecurity core areas and examples of relevant standards;
  • IoT cybersecurity objectives, risks and threats;
  • Analysis of the standards landscape for IoT cybersecurity; and
  • IoT-relevant cybersecurity standards related to cybersecurity core areas.

Why are we asking for feedback?

It’s likely that IoT will need a variety of standards, so we are seeking to hear from a broad range of stakeholders during our open comment period. This will give us a better understanding of industry’s full take on adopting IoT standards (including potential barriers to adoption). Ultimately, we seek to understand what gaps currently exist in the marketplace, and learn more about how standards can help fill these gaps.

This feedback is critical for shaping the final publication so it meets the needs of the public and private sectors—so we really appreciate your input. Thank you in advance!

How to provide feedback:

Please submit your comments to NISTIR-8200@nist.gov by April 18, 2018!

Follow us on Twitter.

About the author

Katerina Megas

Katerina Megas is the Commercial Adoption Lead for the Trusted Identities Group and Program Manager for the Cybersecurity for the Internet of Things (IoT) program. She has over 25 years of experience...

Related posts

Let’s talk about IoT device security

NIST’s Cybersecurity for the Internet of Things (IoT) Program is beginning stakeholder engagement on identifying a core set of cybersecurity capabilities

Comments

Add new comment

  • This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA
    Enter the characters shown in the image.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Posts that violate our comment policy will not be posted.