Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NIST initiatives in IoT

Back to Cybersecurity for IoT program home

IoT Cybersecurity-Related Initiatives at NIST

 

Initiative Description
Cybersecurity for IoT Devices
Federal profile of the NISTIR 8259 baseline
  • Profile of the NISTIR 8259A core baseline reflecting Federal cybersecurity needs and concerns
Cybersecurity for IoT Devices
NISTIR 8259 (Draft)
  • Recommendations for IoT Device Manufacturers
  • Foundational Activities and Core Device Cybersecurity Capability Baseline 
BLE Bluetooth
Special Publication 800-121, Revision 2: Guide to Bluetooth Security
  • Discusses security considerations for devices that might implement Bluetooth or Bluetooth Low Energy communication protocols
Cloud Security
Special Publication 800-144: Guidelines on Security and Privacy in Public Cloud Computing
  • Cloud definition
Cybersecurity for Cyber Physical Systems
Framework Document
  • CPS research and standards development are carried out in multiple NIST Laboratories, including programs in advanced manufacturing, cybersecurity, buildings and structures, disaster resilience, and smart grid. 
Cybersecurity for Smart Grid Systems
NISTIR 7628 revision 2: Guidelines for Smart Grid Cybersecurity, Volume 1
  • Possible explosive growth in numbers of sensors and actuators, with security requirements
  • Exploring opportunity to map to IoT models (like SP 800-183)
Cybersecurity Framework
Framework
  • This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk.  The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.
Cybersecurity Framework Profile for Manufacturing
White Paper
  • Profile maps manufacturing processes to the Cybersecurity Framework
  • Multi-laboratory effort within NIST
Digital Identity Guidelines
Special Publication 800-63
  • SP 800-63: Digital Identity Guidelines
Galois IoT authentication & PDS Pilot
Pilot Project
  • Pilot deploying strong authentication for IoT-connected smart building
  • Enables access to IoT devices and sharing device data across organizational entities
GSMA Trusted Identities Pilot
Pilot Project
  • GSMA, NIST and San Diego Health Connect working together to enable more secure access to electronic health records to emergency first responders in the field
Guide to Industrial Control Systems (ICS) Security
Special Publication 800-82
  • SP 800-82, Rev 2: Guide to Industrial Control Systems (ICS) Security
  • Overlay for SP 800-53 for control system environments, taking into account their specialized challenges
Lightweight Encryption
NISTIR 8114
  • NISTIR 8114: Report on Lightweight Cryptography

Low Power Wide Area IoT
More

  • This project is developing a LoRaWAN infrastructure in order to study the security of communications based on Low Power Wide Area Networks, with the objective of Identifying and evaluating security vulnerabilities and countermeasures.

Mitigating IoT-Based DDoS/Botnet Report
Building Block

  • The NCCoE aims to improve the resiliency of IoT devices against distributed attacks and improve the service availability characteristics of the internet by mitigating the propagation of attacks across the network. 
National Vulnerability Database
Database
  • The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). 

NCCoE IoT-Based Automated Distributed Threats
Building Block

  • Aims to improve the resiliency of IoT devices against distributed attacks and improve the service availability characteristics of the internet by mitigating the propagation of attacks across the network

NCCoE Use Case: Capabilities Assessment for Securing Manufacturing Industrial Control System
Building Block

  • NCCoE and EL will demonstrate behavioral anomaly detection and prevention mechanisms, to support a multifaceted approach of counteracting cyber attacks against ICS devices that provide the functionality necessary to run manufacturing processes. The goal is to provide industry with detailed information to establish an anomaly detection and prevention capability in their own environments.
Network of Things
Special Publication 800-183
  • SP 800-183: Network of 'Things'
  • Provides a model and terminology for describing IoTs
  • Opportunity to map the model to lower-level architectures and designs
Privacy Engineering
Program
  • Given concerns about how information technologies may affect privacy at individual and societal levels, the NIST privacy engineering program (PEP) supports the development of trustworthy information systems by applying measurement science and system engineering principles to the creation of frameworks, risk models, guidance, tools, and standards that protect privacy and, by extension, civil liberties.

Report on State of International Cybersecurity Standards for IoT
NISTIR

  • NISTIR 8200 (DRAFT): Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT)
RFID Security Guidelines
Special Publication 800-98
  • SP 800-98: Guidelines for Securing Radio Frequency Identification (RFID) Systems
  • Information disclosure issue; impoverished version of an IoT

Security and privacy concerns of intelligent virtual assistances
More

  • Security diagnostics expose vulnerabilities and privacy threats that exist in commercial Intelligent Virtual Assistants (IVA)-- diagnostics offer the possibility of securer IVA ecosystems. This paper explores security and privacy concerns with these popular consumer devices.
Security Content Automation Protocol (SCAP) Standards and Guidelines
Special Publication 800-126 revision 2
  • SP 800-126, Rev 2: The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
  • Specifications for representing security configuration and vulnerability information
Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966
  • NISTIR 7966: Security of Interactive and Automated Access Management Using Secure Shell (SSH)
  • Essential utility for management of distributed devices
Security Systems Engineering
Special Publication 800-160
  • SP 800-160: Systems Security Engineering - Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

Software Assessment Management Standards and Guidelines
NISTIR 8060

  • NISTIR 8060: Guidelines for the Creation of Interoperable Software Identification (SWID) Tags

Supply Chain Risk Management
Special Publication 800-161

  • Supply chain risk management practices
Vehicle-to-vehicle transportation
  • NIST participates in international standard development for vehicle cybersecurity
  • NIST consults domestically on automotive security
NCCoE Wireless Medical Infusion Pumps
Building Block
  • Working with industry partners to develop implementation guidance for the wireless medical infusion pumps use case

 

Back to Cybersecurity for IoT program home

Created June 6, 2017, Updated May 14, 2020