NIST Cybersecurity for IoT Program

IoT Manufacturer Guidance

Read more about NIST's guidance for manufacturers and supporting parties creating IoT devices and products.

Enterprise Guidance

Read more about NIST guidance for Federal Agencies and other enterprises looking to deploy IoT devices in their systems.

Consumer IoT Products

Read more about the NIST's technical contributions that the FCC adopted for the Cyber Trust Mark program.

The Challenge

Fostering cybersecurity in the IoT ecosystem, across industry sectors and at scale

Recent Announcements

• On June 18, 2025, NIST will host "Discussion Forum: Updates to NIST IoT Cybersecurity Guidance" from 2025, 1:00 to 4:00 PM

  This virtual event will be an open discussion  on the initial public draft of NIST IR 8259 Rev. 1. NIST will present on changes in the document, comments received to date,  take questions about the document and discuss with the community any issues that arise. The final hour of the webinar will be a discussion of planned updates to NIST SP 800-213 and NIST SP 800-213A that are getting underway.

  Essay outlining the Planning for Updating  IoT Cybersecurity Guidance for the Federal Government (NIST SP 800-213 and NIST SP 800-213A) is now available. 

  Registration:   https://nist.zoomgov.com/webinar/register/WN_LL_SLSTkRKi-sSCK2eQDIw

• On April 16, 2025, NIST published Summary Report for Workshop on Updating Manufacturer Guidance for Securable Connected Product Development (NIST IR 8563) documenting the December, NIST hosted an in-person and hybrid Workshop.  The purpose of the workshop was to introduce and discuss potential areas to update as the NIST Cybersecurity for Internet of Things (IoT) program revises our Foundational Cybersecurity Activities for IoT Device Manufacturers publication (NIST IR 8259).This new NIST report summarizes and shares the feedback received by the IoT program at the workshop—which was held as a way to consider how to update NIST IR 8259 based on concepts in risk management, operational technology concerns, product end of life concerns and recent trends in IoT cybersecurity and privacy. The important feedback included in the workshop summary report will be used by NIST moving forward. We are grateful for the opportunity to host this successful event and look forward to even more important IoT discussions in the future.

• On January 27, 2025, NIST published four translations of Profile of the IoT Core Baseline for Consumer IoT Products (NISTIR 8425)

  Perfil del núcleo básico de IoT para productos IoT de consumo (Spanish) 

  Profil du noyau de base de l'IdO pour les produits IdO grand public (French) 

  Perfil da linha de base principal de IoT para produtos de IoT para consumidores (Portuguese) 

  Profil der IoT-Referenzgrundlage für Verbraucher-IoT-Produkte (German) 

• The IoT Advisory Board Report including all findings and recommendations of the board is now available.
• In October, 2024, NIST released a video explanation of the Profile of the IoT Core Baseline for Consumer IoT Products (NISTIR 8425)
• On September 10, 2024, NIST Published  Recommended Cybersecurity Requirements for Consumer-Grade Router Products (NISTIR 8425A)

About the Program

NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of IoT systems, connected products,  and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, academia, and consumers, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.

Want to get regular cybersecurity for IoT program updates and stay informed? Subscribe to our IoT mailing list.