Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Laboratory / Applied Cybersecurity Division

NIST Cybersecurity for IoT Program

Announcement History

NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices (February 7, 2023)
Initial Meeting of the IoT Advisory Board to be held January 18-19, 2023
U.S. Department of Commerce Appoints Members for New Internet of Things Advisory Board (October 24, 2022)
Now available: NIST's final recommendations for Cybersecurity features in Consumer IoT Products, NIST IR 8425: Profile of the IoT Core Baseline for Consumer Products! This IR is the culmination of over a year of stakeholder involvement that included 3 workshops, multiple rounds of comments, and many conversations with stakeholders.
Newly published: The summary report for NIST's June 2022 Next Steps in IoT Cybersecurity workshop, NIST IR 8431! This report presents what we learned from stakeholders.
Standards: The CPSO’s Best Friend – A Cybersecurity Insights blog (July 15, 2022, Katerina Megas)
Published! Discussion Essay: Ideas for the Future of IoT Cybersecurity at NIST: IoT Risk Identification Complexity (DRAFT) (June 21, 2022) [DOWNLOAD]
NIST IR 8425: Profile of the IoT Core Baseline for Consumer IoT Products (DRAFT) (June 17, 2022) [DOWNLOAD]
NIST conducted a review of the pilot programs for cybersecurity labeling of consumer IoT products and consumer software products, consulting with the private sector and relevant agencies to assess the effectiveness of the programs, determining what improvements can be made going forward, and submitted a summary report on May 10, 2022, to the Assistant to the President for National Security Affairs (APNSA).
Request for Information | Evaluating and Improving Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management (Feb. 22, 2022)
Our Quest: Advancing Product Labels to Help Consumers Consider Cybersecurity – A Cybersecurity Insights Blog (February 16, 2022, Katerina Megas and Michael Ogata)
NIST Issues Guidance on Software, IoT Security and Labeling (February 4, 2022)
Overview of SP 800-213 / 213A: IoT Device Cybersecurity Guidance for the Federal Government – Webinar (February 4, 2022)
Department of Commerce Seeks Internet of Things Experts for New Advisory Board (January 13, 2022)
Consumer Cybersecurity Labeling for IoT Products: Discussion Draft on the Path Forward (December 2, 2021) [view detail] [download]
Published! SP 800-213A – IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog (FINAL) (November 29, 2021) [Download]
Published! SP 800-213 – IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements (FINAL) (November 29, 2021) [Download]
Baseline Security Criteria for Consumer IoT Devices (DRAFT) – (August 31, 2021) [view details][download]. This white paper, a portion of NIST’s multi-faceted response to E.O. 14028, presents draft baseline security criteria for consumer IoT devices and has been released for public comment. The comment period on this draft closed on October 17, 2021.
Published! NISTIR 8259B (FINAL): IoT Non-Technical Supporting Capability Core Baseline (August 25, 2021) [view details] [download]
Four public draft documents providing guidance for federal agencies and IoT device manufacturers on defining IoT cybersecurity requirements (Overview) (Background Information):
- SP 800-213 (DRAFT): IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements [view details][download]
- NISTIR 8259B (DRAFT): IoT Non-Technical Supporting Capability Core Baseline [view details][download] – superceded by final NISTIR 8259B
- NISTIR 8259C (DRAFT): Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline [view details][download]
- NISTIR 8259D (DRAFT): Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government [view details][download] – will be repackaged as part of SP 800-213A
Published! Federal Profile of NISTIR 8259A (“Federal Profile”) (June 30, 2020) [FAQs]
NIST is developing a federal profile of the Core Baseline established in NISTIR 8259A (“Federal Profile”) and seeks feedback from all stakeholders on this initial catalog of proposed IoT device cybersecurity capabilities and related non-technical capabilities. Also, the IoT for Cybersecurity Program has instituted a new way to provide feedback and influence the discussion!
NISTIR 8259 and NISTIR 8259A promise to have a lasting impact on IoT device cybersecurity. In a June 1, 2020 blog, NIST IoT Cybersecurity Program Manager Katerina Megas explains what they mean for manufacturers and consumers—both in the United States and beyond.
Published! NISTIR 8259: Recommendations for IoT Device Manufacturers: Foundational Activities (May 29, 2020) [view details] [download] [FAQs]
Published! NISTIR 8259A: Core Device Cybersecurity Capability Baseline (May 29, 2020) [view details] [download] [FAQs]
Published! NISTIR 8259 (DRAFT) Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers [Document] [Background Information]
Published! NISTIR 8228: Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. [view details] [download]

Created May 2, 2022, Updated February 16, 2023

Was this page helpful?