Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Cybersecurity for IoT Program

The Cybersecurity for IoT Program’s mission is to cultivate trust in the IoT and foster an environment that enables innovation on a global scale through standards, guidance, and related tools.

Information for Manufacturers
           NISTIR 8259 Series
Information for Federal Agencies
           SP 800-213 Series
Information Regarding Consumer IOT
           Consumer IoT Cybersecurity

The Challenge

Fostering cybersecurity for devices and data in the IoT ecosystem, across industry sectors and at scale

About the Program

NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices, products and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, academia, and consumers, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.

 

Building blocks: Top box - Standards guidelines tools; middle box - stakeholder engagement; bottom box - trust innovation

The IoT Cybersecurity Program charter was established at the end of 2016 with three overarching program goals.

Supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed.

Collaborate with stakeholders across government, industry, international bodies, and academia.

Cultivate trust and foster an environment that enable innovation on a global scale.

Recent Announcements

  • SP 800-213A – IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog (FINAL) (November 29, 2021) [Download]

  • SP 800-213 – IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements (FINAL) (November 29, 2021) [Download]

  • On December 9, 2021, NIST will hold a workshop to report on our progress toward consumer IoT product and consumer software cybersecurity labeling. We will discuss developments since the August consumer IoT Device Criteria white paper and the September workshop. Registration is now open!
  • Baseline Security Criteria for Consumer IoT Devices (DRAFT) (August 31, 2021) [Document]. This white paper, a portion of NIST’s multi-faceted response to E.O. 14028, presents draft baseline security criteria for consumer IoT devices was released for public comment. The comment period on this draft closed on October 17, 2021.
  • NISTIR 8259B – IoT Non-Technical Supporting Capability Core Baseline (FINAL) (August 25, 2021) [Document]

Earlier announcements can be found on the program’s Newsroom page.

Mailing List

The Cybersecurity for IoT program uses the GovDelivery to email announcements, join our mailing list to be among the first to receive NIST IoT cybersecurity news and information. Sign up or log in for email updates and select “IoT Cybersecurity” under Information Technology Laboratory (ITL) > Cybersecurity Programs.