The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

PROJECTS/PROGRAMS

NIST Cybersecurity for IoT Program

Description

NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.

Announcements

Published! Federal Profile of NISTIR 8259A (“Federal Profile”) (June 30, 2020) [FAQs]
NIST is developing a federal profile of the Core Baseline established in NISTIR 8259A (“Federal Profile”) and seeks feedback from all stakeholders on this initial catalog of proposed IoT device cybersecurity capabilities and related non-technical capabilities. Also, the IoT for Cybersecurity Program has instituted a new way to provide feedback and influence the discussion!
NISTIR 8259 and NISTIR 8259A promise to have a lasting impact on IoT device cybersecurity. In a June 1, 2020 blog, NIST IoT Cybersecurity Program Manager Katerina Megas explains what they mean for manufacturers and consumers—both in the United States and beyond.
Published! NISTIR 8259 (FINAL) – Recommendations for IoT Device Manufacturers: Foundational Activities (May 29, 2020) [Document] [FAQs]
Published! NISTIR 8259A (FINAL) – Core Device Cybersecurity Capability Baseline (May 29, 2020) [Document] [FAQs]
The Final Public Draft of NIST SP 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations was released on March 16. NIST SP 800-53 presents a proactive and systemic approach to developing comprehensive safeguarding measures for all types of computing platforms, including general purpose computing systems, cyber-physical systems, cloud and mobile systems, industrial/process control systems, and Internet of Things (IoT) devices. NIST seeks comment on this draft through May 15, 2020.
Published! NISTIR 8259 (DRAFT) Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers [Document] [Background Information]
Published! NISTIR 8228: Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks now available. NISTIR 8228
News Article: NIST Releases Draft Security Feature Recommendations for IoT Devices
News Article: Before Connecting an IoT Device, Check Out a New NIST Report for Cybersecurity Advice
News article: Growing the Internet of Things Into a Safe and Responsible Member of Your Household

Join Our Mailing List! Be among the first to receive NIST IoT cybersecurity news and information. Sign up or log in for email updates and select “IoT Cybersecurity” under Information Technology Laboratory (ITL) > Cybersecurity Programs.

Events

Recent Past Events

July 22 and 23, 2020 | Building the Federal Profile for IoT Device Cybersecurity: Next Steps for Securing Federal Systems

NIST leveraged the Core Baseline established in NISTIR 8259A and analyzed the controls found in NIST SP 800-53 to develop a catalog of key IoT device cybersecurity capabilities and supporting non-technical manufacturer capabilities and associated IoT device customer controls. This catalog is a critical building block for establishing a federal profile of the Core Baseline (“Federal Profile”) to help government entities securely incorporate IoT devices into their systems and meet security requirements for federal information and systems.

The future Federal Profile aims to help manufacturers looking at federal customers and use cases go beyond identifying the types of cybersecurity capabilities listed in NISTIR 8259A to considering additionally needed technical and non-technical cybersecurity capabilities. Manufacturers can engineer the technical capabilities and provide non-technical capabilities to IoT device customers to help ensure that customers’ systems meet an established level of management, operational, and technical security control requirements.

The virtual workshop will consist of two sessions, one per day and each lasting two hours. It will include panel discussions on key topics related to cybersecurity challenges for Federal IoT devices. These topics include the need for support for IoT device cybersecurity capabilities; additional supporting capabilities from the manufacturers and mechanisms giving agencies confidence that IoT Devices will meet Federal cybersecurity needs.

June 30, 2020 | Webinar Overview of NISTIRs 8259 and 8259A with Q&A Session
Foundational Cybersecurity Guidance for IoT Device Manufacturers: NISTIR 8259 Overview
Registration closes June 28, so advance registration is required.

On May 29, 2020 the NIST Cybersecurity for IoT Program released final NISTIRs 8259 and 8259A, representing a major milestone in IoT cybersecurity. The publications present six foundational activities and a core baseline of IoT device cybersecurity capabilities for manufacturers as a starting point towards building more securable devices.

The event will feature presentations from Program Manager Kat Megas (see June 1, 2020 blog) and Michael Fagan, followed by audience Q&A. IoT device manufacturers and all users of industrial and/or home IoT devices are encouraged to attend.

NIST Recommendations for Foundational Cybersecurity Guidance for IoT Device Manufacturers, presented by Mike Fagan, NIST

Workshop on Core IOT Cybersecurity Baseline

August 13, 2019 | Replay Webcast and View Presentations
This Workshop will gather feedback on NIST’s approach to the IoT Cybersecurity Baseline as well as discuss current status and future directions of this work.

Event Archives

Video

Cybersecurity Consideration in IoT

The rapid proliferation of internet-connected devices and rise of the IoT come with great anticipation. These newly connected devices bring the promise of enhanced business efficiencies and increased customer satisfaction.

IoT devices could include wearable fitness trackers, “smart” televisions, wireless infusion pumps, and cars—among many others. Internet-connected devices generally sense, collect, process, and transmit a wide array of data, ranging from consumer personally identifiable information to proprietary company data to infrastructure data used to make critical real-time decisions or to effect a change in the physical world.

Just as there are a variety of new uses, the IoT ecosystem’s nature brings new security considerations. These considerations include—but are not limited to—constrained power and processing; the ability to manage, update, and patch devices at scale; and a diverse set of new applications across consumer and industrial sectors.

Cybersecurity for IoT Program

The Challenge

Fostering cybersecurity for devices and data in the IoT ecosystem, across industry sectors and at scale

Program Mission

Cultivate trust in the IoT and foster an environment that enables innovation on a global scale through standards, guidance, and related tools

Cybersecurity Considerations in IoT

Technical Factors

Market Factors

Learn more

IoT Cybersecurity-Related Initiatives at NIST

The Cybersecurity for IoT program supports and builds off existing initiatives at NIST.

Learn more

Partnership Opportunities

NIST wants to hear from you! The Cybersecurity for IoT program is looking for feedback and potential collaborators.

Major Accomplisments

Publications

CONTACT

FOR GENERAL INFORMATION:

IOTsecurity@nist.gov
100 Bureau Dr.
Gaithersburg, MD 20899

Cybersecurity and Internet of Things (IoT)

Created November 22, 2016, Updated September 22, 2020