Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance

NIST will be hosting a workshop discussing themes in the comments provided to the cybersecurity for IoT public draft documents released on December 15, 2020 which had a closing date for comments on February 26, 2021:

  • Draft SP 800-213, IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements
  • Draft NISTIR 8259D, Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government 
  • Draft NISTIR 8259C, Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline
  • NISTIR 8259B, IoT Non-Technical Supporting Capability Core Baseline

This workshop will focus on discussing themes raised in the comments raised on the first two documents. Some of those themes will have implications across the entire set of documents. (There will be opportunities outside of this workshop to focus on NISTIR 8259B separately.)  This workshop will assume that all participants are already familiar with the draft documents and ready to discuss how these documents can be improved to reflect Federal government needs and stakeholder concerns.

The purpose of the workshop is to take themes from comments and get additional input from stakeholders through panels bringing together different points of view around key topics which will involve audience participation and questions. In addition, the workshop will include  facilitated discussions open to all workshop participants around key questions that can help the documents move forward.


Agenda (ET)

10:00 – 10:15 Welcome (Kat Megas, Program Director, NIST Cybersecurity for IoT Program)

10:15 – 10:45 “Federal Use of IoT: Insights into a Governmentwide survey and Case Studies” – Eric Hudson and Steve Rabinowitz, GAO

10:45 – 11:15 Overview of comment themes and paths forward for the documents  (Michael Fagan, NIST)

11:15 – 11:30 Break

11:30 – 12:30 – Breakout 1: Risk-Based Approach: Assessing IoT Device Risk and Mitigation Approaches

12:30 – 1:00 – Lunch

1:00 – 1:45 – Breakout 2: No One Size Fits All: Accounting for Device Architecture in applying the Federal Profile

1:45 – 2:00 – Break

2:00 – 2:45 – Breakout 3: Ecosystem View: Mitigating Risks and Reducing Fragmentation Through Ecosystem Cybersecurity

2:45 – 3:00 - Break

3:00 – 3:20 –  NIST Online Informative Reference (OLIR) Program and Call for Informative References (Kevin Brady, NIST)

3:30 – 3:50  - Facilitator panel and discussion

3:50 – 4:00 – Conclusion (Kat Megas)

Created March 10, 2021, Updated May 14, 2021