Submit feedback on draft report on international IoT cybersecurity standardization - comments due April 18th!
Read the IoT Security and Privacy Risk Considerations discussion draft!
NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.
IoT on the Rise
IoT devices could include wearable fitness trackers, “smart” televisions, wireless infusion pumps, and cars—among many others. Internet-connected devices generally sense, collect, process, and transmit a wide array of data, ranging from consumer personally identifiable information to proprietary company data to infrastructure data used to make critical real-time decisions or to effect a change in the physical world.
Just as there are a variety of new uses, the IoT ecosystem’s nature brings new security considerations. These considerations include—but are not limited to—constrained power and processing; the ability to manage, update, and patch devices at scale; and a diverse set of new applications across consumer and industrial sectors.
Cybersecurity for IoT Program
Fostering cybersecurity for devices and data in the IoT ecosystem, across industry sectors and at scale
Cultivate trust in the IoT and foster an environment that enables innovation on a global scale through standards, guidance, and related tools
Cybersecurity Considerations in IoT
NIST initiatives in IoT
The Cybersecurity for IoT program supports and builds off existing initiatives at NIST.
Lightweight Encryption | more
- Network of Things | more
- Connected Transportation
- Cybersecurity for Smart Grid Systems | more
- Cybersecurity for Cyber Physical Systems | more
- BLE Bluetooth | more
- Wireless Medical Infusion Pumps | more
IoT-Based Automated Distributed Threats | more
RFID Security Guidelines | more
- Guide to Industrial Control Systems (ICS) Security | more
- Supply Chain Risk Management | more
- Galois IoT Authentication & PDS Pilot | more
- GSMA Trusted Identities Pilot | more
- Cloud security | more
Cybersecurity Framework | more
- Privacy Engineering Program | more
- Cybersecurity Framework Profile for Manufacturing | more
- National Vulnerability Database | more
- Security of Interactive and Automated Access Management Using Secure Shell (SSH) | more
- Security Systems Engineering | more
- Digital Identity Guidelines | more
- Security Content Automation Protocol (SCAP) Standards and Guidelines | more
- Software Assessment Management Standards and Guidelines | more
- Cyber Threat Information Sharing | more
Enhancing Resilience of the Internet and Communications Ecosystem
February 28 - March 1, 2018 | National Cybersecurity Center of Excellence | more
This workshop at the NCCoE will discuss substantive public comments, including open issues, on a draft report about actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” In this workshop, the Departments of Commerce and Homeland Security seek to engage all interested stakeholders—including private industry, academia, civil society, and other security experts—on this draft report, its characterization of the threat landscape, the goals laid out, and the actions to further these goals. The draft report was published January 5, 2018 and is available at A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats.
RSA Conference 2018
April 16 - 20, 2018 | San Francisco, CA | more
The NIST Cybersecurity for IoT Program will be at RSA Conference 2018 and we want to meet with you! Check out the discussion draft on our approach for the management of IoT privacy and security risks, and email us with feedback on the discussion draft, your thoughts on the topic, and collaboration ideas. We can be reached at firstname.lastname@example.org. We look forward to meeting with you.
Consumer Electronics Show
January 9-12, 2018 | Las Vegas, Nevada | more
NIST’s Cybersecurity for IoT Program attended the Consumer Electronics Show (CES) on January 9-12, and met with a range of stakeholders. CES hosted a roundtable with NIST on IoT-specific capabilities and their associated risks on January 10th. As always, we want to hear from you! The discussion draft on our approach for the management of IoT privacy and security risks is available online – we discussed this in the session, as well as throughout the week. Couldn't make it? We’d still love to hear from you – you can email us with feedback on the discussion draft, your thoughts on the topic, and collaboration ideas. Get in touch – we can be reached at email@example.com.
IoT Cybersecurity Colloquium
Given stakeholder concerns and ongoing security incidents, there has been interest in NIST providing guidance for federal agencies on how to secure their IoT within their Federal Information Security Modernization Act (FISMA) responsibilities. While agencies are aware that IoT introduces security and privacy risks, there is confusion regarding how to address and mitigate these risks. Having observed the broadened threat landscape and processed stakeholder feedback, the NIST Cybersecurity for IoT Program is interested in the prospect of providing guidance for federal agencies on common high-level security and privacy risks. The Program is hosting this colloquium to hear from the community about these concerns, better understand the threat landscape, gauge stakeholder interest in such guidance, and determine next steps. For more information, please visit the event page.
IoT Sensors Challenges: A Joint NIST/IEEE-Sensors Council Workshop on Security, Privacy, and Interoperability
August 30, 2017 | Gaithersburg, Maryland | more
The IEEE Sensors Council and NIST will hosted a one-day workshop on Internet of Things (IoT) standards, harmonization, interoperability, policy, sensors, and cybersecurity. To learn more about the workshop, please visit the workshop page.
Cybersecurity Framework Workshop 2017
May 17, 2017 | Gaithersburg, Maryland | more
The Cybersecurity for IoT program had a panel and breakout session at NIST’s 2017 Cybersecurity Framework Workshop. For details, see section 4.12 (page 11) of the Cybersecurity Framework Workshop 2017 Summary.
Industry officials call for home IoT device standards at NIST framework meeting >> Inside Cybersecurity
Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT) (Draft NISTIR 8200) | more
IoT Security and Privacy Risk Considerations Discussion Draft | PDF
Internet of Things (IoT) Cybersecurity Colloquium: A NIST Workshop Proceedings (NISTIR 8201) | more
Cybersecurity Framework Workshop 2017 Summary | PDF
NIST wants to hear from you! The Cybersecurity for IoT program is looking for feedback and potential collaborators.Contact us