IoT Cybersecurity-Related Programs & Initiatives

The Cybersecurity for the Internet of Things Program works in cooperation with programs and organizations across NIST to connect and promote the variety of IoT cybersecurity-related activities underway here . . .

NIST Frameworks

• Risk Management Framework
• Cybersecurity Framework
  • Manufacturing Profile
  • Smart Grid Profile
• Secure Software Development Framework
  • Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities (SP 800-218) 
• Privacy Framework
  • Privacy Engineering Program
• NICE Framework Resource Center
  • NICE Framework (SP 800-181 r1)
  • NICE Project Page

NCCoE

The Cybersecurity for IoT program and the National Cybersecurity Center of Excellent (NCCOE) work closely together in developing IoT cybersecurity guidance.  Numerous NCCoE Projects integrate IoT technology, and you can visit their IoT Technology page for specific reports. Three current NCCoE Project reports include mappings of Cybersecurity for IoT Program capabilities to the NCCoE project’s security objective, as annotated in the below list of projects of specific interest:

Internet of Things

• Trusted IoT Device Network-Layer Onboarding and Lifecycle Management
• (Energy) Securing Distributed Energy Resources (SP 1800-32) (includes IoT Capability Mappings)
• (Healthcare) Securing Telehealth Remote Patient Monitoring Ecosystem (SP 1800-30) (includes IoT Capability Mappings)
• IoT Device Characterization (NISTIR 8349)
• Securing Home IoT Devices Using MUD (SP 1800-15)
• (Healthcare) Securing Wireless Infusion Pumps (SP 1800-8)
• (Energy) Securing Distributed Energy Resources (SP 1800-32) (includes IoT Capability Mappings)

The Energy, Healthcare, and Manufacturing sectors may also have other projects of interest.

NIST Programs, Projects, Topics

• EO 14028 Response
• National Vulnerability Database
• Trustworthy Network of Things
  • Network of Things (SP 800-183)
• Conformity Assessment
  • ABCs of Conformity Assessment (SP 2000-01)
  • Conformity Assessment Considerations for Federal Agencies (SP 2000-03=2)
• Cybersecurity Supply Chain Risk Management
• Cloud Security
• Lightweight Cryptography
• Low Power Wide Area IoT
• Operational Technology (OT) Security
  • Guide to ICS Security (SP 800-82 r2)
• System Security Engineering
  • Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (SP 800-160 Vol 1)
  • Developing Cyber-Resilient Systems: A Systems Security Engineering Approach (SP 800-160 Vol 2)
• Zero Trust Architecture
  • Zero Trust Architecture (SP 800-207)

External Documents

• Botnet Report
• Security & Privacy Concerns of Virtual Assistants

NIST Special Publications and Reports

• Guide to Bluetooth Security (SP 800-121)
• RFID Security Guidelines (SP 800-98)