Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Cybersecurity for IoT Program

Description

NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.

Announcements

  • Published! Baseline Security Criteria for Consumer IoT Devices (DRAFT) – (August 31, 2021) [Document]. This white paper, a portion of NIST’s multi-faceted response to E.O. 14028, presents draft baseline security criteria for consumer IoT devices and has been released for public comment. Comments should be submitted to labeling-eo [at] nist.gov by October 17, 2021.
  • Published! NISTIR 8259B (FINAL) – IoT Non-Technical Supporting Capability Core Baseline (August 25, 2021) [Document]
  • Published! Four public draft documents providing guidance for federal agencies and IoT device manufacturers on defining IoT cybersecurity requirements (Overview) (Background Information):
    • SP 800-213 (DRAFT) IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements [Document]
    • NISTIR 8259B (DRAFT),  IoT Non-Technical Supporting Capability Core Baseline[Document]
    • NISTIR 8259C (DRAFT), Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline [Document]
    • NISTIR 8259D (DRAFT), Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government [Document]
  • Published! Federal Profile of NISTIR 8259A (“Federal Profile”) (June 30, 2020) [FAQs]
    NIST is developing a federal profile of the Core Baseline established in NISTIR 8259A (“Federal Profile”) and seeks feedback from all stakeholders on this initial catalog of proposed IoT device cybersecurity capabilities and related non-technical capabilities.  Also, the IoT for Cybersecurity Program has instituted a new way to provide feedback and influence the discussion!
  • NISTIR 8259 and NISTIR 8259A promise to have a lasting impact on IoT device cybersecurity. In a June 1, 2020 blog, NIST IoT Cybersecurity Program Manager Katerina Megas explains what they mean for manufacturers and consumers—both in the United States and beyond.
  • Published! NISTIR 8259 (FINAL) – Recommendations for IoT Device Manufacturers: Foundational Activities (May 29, 2020) [Document]  [FAQs]
  • Published! NISTIR 8259A (FINAL) – Core Device Cybersecurity Capability Baseline (May 29, 2020) [Document]  [FAQs]
  • The Final Public Draft of NIST SP 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations was released on March 16. NIST SP 800-53 presents a proactive and systemic approach to developing comprehensive safeguarding measures for all types of computing platforms, including general purpose computing systems, cyber-physical systems, cloud and mobile systems, industrial/process control systems, and Internet of Things (IoT) devices. NIST seeks comment on this draft through May 15, 2020.

  • Published! NISTIR 8259 (DRAFT) Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers [Document] [Background Information]

  • Published! NISTIR 8228: Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks now available. NISTIR 8228
  • News Article: NIST Releases Draft Security Feature Recommendations for IoT Devices
  • News Article: Before Connecting an IoT Device, Check Out a New NIST Report for Cybersecurity Advice 
  • News article: Growing the Internet of Things Into a Safe and Responsible Member of Your Household

Join Our Mailing List! Be among the first to receive NIST IoT cybersecurity news and information. Sign up or log in for email updates and select “IoT Cybersecurity” under Information Technology Laboratory (ITL) > Cybersecurity Programs.

Events

Upcoming Events

September 14, 2021 | Workshop on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software

NIST will host a 2-day virtual public workshop on challenges and practical approaches to initiating cybersecurity labeling efforts for Internet of Things (IoT) devices and consumer software.  The workshop will help NIST to carry out an Executive Order (EO) on Improving the Nation’s Cybersecurity. A registration link and more information can be found here.

Recent Past Events

June 2021 (4 Sessions) | 8259B Roundtable Series

NIST hosted a series of four roundtables in June on the non-technical capabilities needed across multiple sectors to make IoT devices securable. You can read about what we heard in this Cybersecurity Insights article.

April 22, 2021 | Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance

NIST hosted a workshop discussing themes in the comments provided to the Cybersecurity for IoT public draft documents, SP 800-213 and NISTIR 8259D.  The purpose of the workshop was to get additional input from stakeholders through facilitated discussions around key questions..

January 29, 2021 | Webinar: Rounding Up Your IoT Security Requirements: Draft NIST Guidance for Federal Agencies

The NIST Cybersecurity for IoT program, in concert with the NCCoE, conducted a webinar to present key information and take questions on four  recently released public review drafts. A recording of the webinar is available.

Event Archives

Videos

Webinar:  Rounding Up Your IoT Security Requirements:  Draft NIST Guidance for Federal Agencies
Webinar: Rounding Up Your IoT Security Requirements: Draft NIST Guidance for Federal Agencies
The NIST Cybersecurity for IoT program, in concert with the NCCoE, conducted a webinar to present key information from four documents the program recently released as public review drafts, and take questions.Date: 26 January 2021 Presentation slides

Cybersecurity Consideration in IoT

The rapid proliferation of internet-connected devices and rise of the IoT come with great anticipation. These newly connected devices bring the promise of enhanced business efficiencies and increased customer satisfaction.

IoT devices could include wearable fitness trackers, “smart” televisions, wireless infusion pumps, and cars—among many others. Internet-connected devices generally sense, collect, process, and transmit a wide array of data, ranging from consumer personally identifiable information to proprietary company data to infrastructure data used to make critical real-time decisions or to effect a change in the physical world.

Just as there are a variety of new uses, the IoT ecosystem’s nature brings new security considerations. These considerations include—but are not limited to—constrained power and processing; the ability to manage, update, and patch devices at scale; and a diverse set of new applications across consumer and industrial sectors.

Cybersecurity for IoT Program

The Challenge

Fostering cybersecurity for devices and data in the IoT ecosystem, across industry sectors and at scale

Program Mission

Cultivate trust in the IoT and foster an environment that enables innovation on a global scale through standards, guidance, and related tools

Cybersecurity Considerations in IoT

Technical Factors

 

icon representing technical factors in IoT cybersecurity

Market Factors

 

icon representing market factors

Learn more

IoT Cybersecurity-Related Initiatives at NIST

The Cybersecurity for IoT program supports and builds off existing initiatives at NIST.

Learn more

 

Partnership Opportunities

NIST wants to hear from you! The Cybersecurity for IoT program is looking for feedback and potential collaborators.

IoTsecurity [at] nist.gov (Contact us)class="usa-button"

Major Accomplisments

Publications

CONTACT

FOR GENERAL INFORMATION:

IOTsecurity [at] nist.gov
100 Bureau Dr. 
Gaithersburg, MD 20899

Created November 22, 2016, Updated September 3, 2021