Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Building the Federal Profile For IoT Device Cybersecurity: Next Steps for Securing Federal Systems

RECORDING: Captioning will be available by Monday, August 3, 2020.


On July 22-23, NIST will host a virtual-only event, Building the Federal Profile For IoT Device Cybersecurity: Next Steps for Securing Federal Systems.

NIST leveraged the Core Baseline established in NISTIR 8259A and analyzed the controls found in NIST SP 800-53 to develop a catalog of key IoT device cybersecurity capabilities and supporting non-technical manufacturer capabilities and associated IoT device customer controls. This catalog is a critical building block for establishing a federal profile of the Core Baseline (“Federal Profile”) to help government entities securely incorporate IoT devices into their systems and meet security requirements for federal information and systems. The future Federal Profile aims to help manufacturers looking at federal customers and use cases go beyond identifying the types of cybersecurity capabilities listed in NISTIR 8259A to considering additionally needed technical and non-technical cybersecurity capabilities. Manufacturers can engineer the technical capabilities and provide non-technical capabilities to IoT device customers to help ensure that customers’ systems meet an established level of management, operational, and technical security control requirements. 

The virtual workshop will consist of two sessions, one per day and each lasting two hours. It will include panel discussions on key topics related to cybersecurity challenges for Federal IoT devices. These topics include the need for support for IoT device cybersecurity capabilities; additional supporting capabilities from the manufacturers and mechanisms giving agencies confidence that IoT Devices will meet Federal cybersecurity needs.

Those involved in Federal IoT cybersecurity or the manufacture of IoT devices are encouraged to attend. The catalog is available for review and feedback via GitHub.

 

On July 22-23, NIST will host a virtual-only event, Building the Federal Profile for IoT Device Cybersecurity: Next Steps for Securing Federal Systems. Registration has been extended until July 22.

Advance Agenda

Day 1

  • Welcome and introduction (15 minutes): Kevin Stine, Chief, Applied Cybersecurity Division, NIST
  • Keynote (30 minutes): Grant Schneider, Senior Director for Cybersecurity Policy at National Security Council, The White House and Federal Chief Information Security Officer

Panel Discussion: Stoves, Drones, and Automobiles!: Federal Government IoT Use-Cases and Technical Cybersecurity Considerations (1 hour, 15 minutes)

  • Moderator: Michael Fagan, Technical Lead, NIST Cybersecurity for IoT Program
  • Bo Berlas, Chief Information Security Officer, U.S. General Services Administration
  • Katherine Gronberg, Vice President for Government Affairs, Forescout Technologies
  • Nedim Goren, Federal Information Security Management Act (FISMA) Implementation Project, Computer Security Division, NIST
  • Scott Rose, Computer Scientist, Advanced Network Technologies Division, NIST
  • Trevor H. Rudolph, Vice President, Global Digital Policy, Schneider Electric
  • McKay R. Tolboe, Chief of the Cybersecurity Policy and Implementation Division, DoD

Day 2

  • Introduction (5 minutes): Kat Megas, Program Manager, NIST Cybersecurity for IoT Program

Panel Discussion: Who are you going to call?: Federal Government IoT Non-Technical Cybersecurity Needs (45 minutes)

  • Moderator: Barbara Cuthill, Deputy Program Manager, NIST Cybersecurity for IoT Program
  • Dr. Amit Elazari Bar On, Director, Global Cybersecurity Policy, Intel Corporation
  • Nedim Goren, Federal Information Security Management Act (FISMA) Implementation Project, Computer Security Division, NIST
  • Deral Heiland, Principal Security Researcher (IoT), Rapid 7
  • Rebecca Herold, CEO, Rebecca Herold & Associates, LLC
  • David Kleidermacher, Vice President, Android Security & Privacy, Google
  • Ari Schwartz, Managing Director of Cybersecurity Services, Venable LLP

Panel Discussion: Close Encounters of the Confidence Mechanism Kind (1 hour)

  • Moderator: Amy Mahn, International Policy Specialist, NIST Cybersecurity for IoT Program 
  • Mike Bergman, Vice President, Technology & Standards, Consumer Technology Association
  • Rob Cantu, Director, Cybersecurity, CTIA
  • Gordon Gillerman, Director, Standards Coordination Office at NIST
  • Apostolos Malatras, Network and Information Security Expert, European Union Agency for Cybersecurity (ENISA)
  • Rob Morgus, Director, Research & Analysis, U.S. Cyberspace Solarium Commission
  • Peter Stephens, Head of Secure by Design, Cyber Security for the Internet of Things (UK)

Concluding Remarks (10 minutes): Kat Megas, Program Manager, NIST Cybersecurity for IoT Program

Created July 1, 2020, Updated July 31, 2020