NIST will be hosting a workshop discussing themes in the comments provided to the cybersecurity for IoT public draft documents released on December 15, 2020 which had a closing date for comments on February 26, 2021:
This workshop will focus on discussing themes raised in the comments raised on the first two documents. Some of those themes will have implications across the entire set of documents. (There will be opportunities outside of this workshop to focus on NISTIR 8259B separately.) This workshop will assume that all participants are already familiar with the draft documents and ready to discuss how these documents can be improved to reflect Federal government needs and stakeholder concerns.
The purpose of the workshop is to take themes from comments and get additional input from stakeholders through panels bringing together different points of view around key topics which will involve audience participation and questions. In addition, the workshop will include facilitated discussions open to all workshop participants around key questions that can help the documents move forward.
10:00 – 10:15 Welcome (Kat Megas, Program Director, NIST Cybersecurity for IoT Program)
10:15 – 10:45 “Federal Use of IoT: Insights into a Governmentwide survey and Case Studies” – Eric Hudson and Steve Rabinowitz, GAO
10:45 – 11:15 Overview of comment themes and paths forward for the documents (Michael Fagan, NIST)
11:15 – 11:30 Break
11:30 – 12:30 – Breakout 1: Risk-Based Approach: Assessing IoT Device Risk and Mitigation Approaches
12:30 – 1:00 – Lunch
1:00 – 1:45 – Breakout 2: No One Size Fits All: Accounting for Device Architecture in applying the Federal Profile
1:45 – 2:00 – Break
2:00 – 2:45 – Breakout 3: Ecosystem View: Mitigating Risks and Reducing Fragmentation Through Ecosystem Cybersecurity
2:45 – 3:00 - Break
3:00 – 3:20 – NIST Online Informative Reference (OLIR) Program and Call for Informative References (Kevin Brady, NIST)
3:30 – 3:50 - Facilitator panel and discussion
3:50 – 4:00 – Conclusion (Kat Megas)