Now available: NIST's final recommendations for Cybersecurity features in Consumer IoT Products, NIST IR 8425: Profile of the IoT Core Baseline for Consumer Products! This IR is the culmination of over a year of stakeholder involvement that included 3 workshops, multiple rounds of comments, and many conversations with stakeholders.
NIST conducted a review of the pilot programs for cybersecurity labeling of consumer IoT products and consumer software products, consulting with the private sector and relevant agencies to assess the effectiveness of the programs, determining what improvements can be made going forward, and submitted a summary report on May 10, 2022, to the Assistant to the President for National Security Affairs (APNSA).
Consumer Cybersecurity Labeling for IoT Products: Discussion Draft on the Path Forward (December 2, 2021) [view detail] [download]
Published! SP 800-213A – IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog (FINAL) (November 29, 2021) [Download]
Published! SP 800-213 – IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements (FINAL) (November 29, 2021) [Download]
Baseline Security Criteria for Consumer IoT Devices (DRAFT) – (August 31, 2021) [view details][download]. This white paper, a portion of NIST’s multi-faceted response to E.O. 14028, presents draft baseline security criteria for consumer IoT devices and has been released for public comment. The comment period on this draft closed on October 17, 2021.
NISTIR 8259C (DRAFT): Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline [view details][download]
NISTIR 8259D (DRAFT): Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government [view details][download] – will be repackaged as part of SP 800-213A
Published! Federal Profile of NISTIR 8259A (“Federal Profile”) (June 30, 2020) [FAQs]
NIST is developing a federal profile of the Core Baseline established in NISTIR 8259A (“Federal Profile”) and seeks feedback from all stakeholderson this initial catalog of proposed IoT device cybersecurity capabilities and related non-technical capabilities. Also, the IoT for Cybersecurity Program has instituted a new way to provide feedback and influence the discussion!
NISTIR 8259 and NISTIR 8259A promise to have a lasting impact on IoT device cybersecurity. In a June 1, 2020 blog, NIST IoT Cybersecurity Program Manager Katerina Megas explains what they mean for manufacturers and consumers—both in the United States and beyond.