Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Connected devices, connected standards: Seeking feedback on international IoT cybersecurity standards

Our research shows that there is no one-size-fits-all approach to securing the Internet of Things. That’s why we have released Draft NISTIR 8200, Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT)—and why we want to hear from you.

With this draft report, we hope to inform and enable policymakers, managers and standards participants as they seek timely development and use of cybersecurity standards in IoT components, systems and services.

This effort began with the Interagency International Cyber Security Working Group (IICS WG), in direct response to recommendations from the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity (NISTIR 8074 Volume 1). The working group coordinates on major issues in international cybersecurity standardization and established a task group to develop a report on the status of international cybersecurity standards that are relevant to IoT. NIST convenes the IICS WG and co-chairs, with DHS, the IoT Task Group.

Because of the rapid adoption of IoT devices—and the cybersecurity and privacy concerns surrounding them—the draft NISTIR aims to update stakeholders on the development and use of cybersecurity standards in IoT. 

This draft report, based upon the information available to the participating agencies, includes: 

  • A functional description of IoT;
  • Several applications that are representative examples of IoT;
  • Cybersecurity core areas and examples of relevant standards;
  • IoT cybersecurity objectives, risks and threats;
  • Analysis of the standards landscape for IoT cybersecurity; and
  • IoT-relevant cybersecurity standards related to cybersecurity core areas.

Why are we asking for feedback?

It’s likely that IoT will need a variety of standards, so we are seeking to hear from a broad range of stakeholders during our open comment period. This will give us a better understanding of industry’s full take on adopting IoT standards (including potential barriers to adoption). Ultimately, we seek to understand what gaps currently exist in the marketplace, and learn more about how standards can help fill these gaps.

This feedback is critical for shaping the final publication so it meets the needs of the public and private sectors—so we really appreciate your input. Thank you in advance!

How to provide feedback:

Please submit your comments to NISTIR-8200 [at] nist.gov (NISTIR-8200[at]nist[dot]gov) by April 18, 2018!

Follow us on Twitter.

About the author

Katerina Megas

Kat leads the NIST Cybersecurity for the Internet of Things (IoT) Program at the US. National Institute of Standards and Technology (NIST), focused on advancing and accelerating the development and application of research, standards, guidelines, and technologies necessary to improve the security and privacy of ecosystem of connected devices. As the Program Manager she coordinates across the agency on all things related to cybersecurity of the IoT as well as leads a number of projects, including the NIST response on IoT for EO 13800, EO 14028 and the IoT Cybersecurity Improvement Act of 2020. Before joining NIST, Kat worked in the private sector for 25 years leading organizations in the development and execution of their IT strategies.

Related posts

Comments

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.