Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Workshop on Core IOT Cybersecurity Baseline

Speaker Presentations:

Certain commercial entities, equipment, or materials may be identified in this document in order to describe a procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

This Workshop will gather feedback on NIST’s approach to the IoT Cybersecurity Baseline and related taxonomy as well as discuss current status and future directions of this work.

Format: A morning of speakers to highlight the many considerations impacting cybersecurity of IoT including an introduction to NIST’s Cybersecurity for IoT Program, and panel discussions on challenges to cybersecurity for IoT, the relationship of cybersecurity with other considerations such as usability, privacy, and safety, consumer-informing labels for IoT cybersecurity, among other topics. In the afternoon, audience members will break out into small facilitated discussion sessions to provide feedback to NIST on their Core Cybersecurity Capabilities Baseline for IoT Devices Draft.

Audience: Manufacturers of IoT Devices, Consumer advocates, IoT Cybersecurity researchers, Government agency cybersecurity managers or OCIO representatives, cybersecurity testing and compliance experts.

Agenda for the August 13, 2019
Workshop on Core IoT Cybersecurity Baseline

9:00 – 9:20 Welcoming Remarks

  • Katerina Megas (NIST)
  • Jim St. Pierre (NIST)

9:20 – 9:50 ITL Overview Presentation of ITL’s work in IoT cybersecurity.

  • Kevin Stine (NIST)
  • Mary Theofanos (NIST) 

9:50 – 10:15 Overview of Program and Workshop Details about the Cybersecurity for IoT Program and the history of  the NIST IR to be discussed at the Workshop

  • Katerina Megas (NIST)
  • Michael Fagan (NIST)

10:15 – 11:15 Next Steps on the Road

A mix of public and private sector representatives discuss how they see their future work from the “Botnet” report and building on the NIST IR “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks” and what additional challenges that future work in IoT cybersecurity may entail.


  • Moderator: Ari Schwartz (Venable)
  • Patricia Adair (CPSC)
  • William Barker (NIST NCCoE/Dakota)
  • Michael Bergman (CTA)
  • Robert Cantu (CTIA)
  • Kevin Moriarty (FTC)

11:15 – 11:30 Instructions for Breakouts

  • Brief presentation of the goals and procedures for the afternoon portion of the Workshop. Michael Fagan (NIST)

11:30 – 12:30 Lunch

12:30 – 2:30 Core Baseline Feedback Breakout

  • Four separate groups will be formed to have smaller sessions to gather directed feedback from participants on the draft NIST IR. All rooms will cover the same questions, and discussions will be guided by facilitators. 

2:30 – 2:45 Break

2:45 – 3:30 Feedback Summary Panel

  • Breakout session facilitators will discuss their initial reports of feedback from the sessions to see the range of views and information discussed.
  • Moderator: Adam Sedgewick (NIST)

3:30 – 4:00 Closing remarks

If you are not registered, you will not be allowed on site.  Registered attendees will receive security and campus instructions prior to the workshop.

NON U.S. CITIZENS PLEASE NOTE:  All foreign national visitors who do not have permanent resident status and who wish to register for the above meeting must supply additional information. Failure to provide this information prior to arrival will results, at a minimum, in significant delays in entering the facility. Authority to gather this information is derived from United States Department of Commerce Department Administrative Order (DAO) number 207-12.

* New Visitor Access Requirement: Effective July 21, 2014, under the REAL ID Act of 2005, agencies, including NIST, can only accept a state-issued driver’s license or identification card from states that are REAL ID compliant or have an extension.  See the Department of Homeland Security (DHS) site for the current compliance list.

NIST currently accepts other forms of federally issued identification in lieu of a state-issued driver’s license, such as a valid passport, passport card, DOD’s Common Access Card (CAC), Veterans ID, Federal Agency HSPD-12 IDs, Military Dependents ID, Transportation Workers Identification Credential (TWIC), and TSA Trusted Traveler ID.

Created May 13, 2019, Updated September 13, 2023