Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Consumer IoT Cybersecurity

Improving Consumer IoT Cybersecurity

Executive Order 14028 on Improving the Nation’s Cybersecurity assigned NIST tasks on multiple topics. The Cybersecurity for IoT program is contributing to NIST’s multi-faceted response to E.O. 14028, and developed and published a draft baseline security criteria for consumer IoT devices. This baseline was released as a draft white paper for public comment. The comment period closed on October 18, 2021; with NIST receiving more than 400 comments. An updated discussion draft was released on December 3, 2021, followed by a workshop on December 9.

On February 4, 2022, NIST recommended criteria for cybersecurity labeling of IoT products. The E.O. 14028 website includes a page with details of the response to the IoT-oriented tasking from the E.O.

On September 19, 2022 NIST published, NIST IR 8425Profile of the IoT Core Baseline for Consumer Products. This IR takes into account the responses to the pilot work and is the final version of NIST’s recommendations for Cybersecurity features in Consumer IoT Products. A fact sheet is also available on this baseline. 

On July 18th, 2023, the White House announced the next steps for the Cybersecurity Labeling Program for Smart Devices to Protect American Consumers, referred to as the “U.S. Cyber Trust Mark.” In addition to announcing participation by the Federal Communications Commission and Departments of Energy and State, the White House also directed NIST to “immediately undertake an effort to define cybersecurity requirements for consumer-grade routers—a higher-risk type of product that, if compromised, can be used to eavesdrop, steal passwords, and attack other devices and high value networks.”

To support the development of this profile for consumer routers:


Created November 9, 2021, Updated February 15, 2024