Consumer IoT products are rapidly growing in popularity because these devices can make basic tasks, like adjusting the thermostat or turning on exterior home lights easier, and more convenient. As more of these IoT devices make their way into consumers' homes, it is important to understand their security characteristics. NIST recently conducted a technical security review of several consumer home IoT devices and developed a series of considerations to manufacturers for improving the security of these devices.
The public is invited to review and comment on the findings and considerations, released by the National Cybersecurity Center of Excellence (NCCoE) has released Draft NISTIR 8267, Security Review of Consumer Home Internet of Things (IoT) Products. The report details open-source research, a hands-on review and a security features analysis of several commonly purchased IoT consumer home devices. This report builds upon a series of recent research by NIST on IoT devices, including Draft NISTIR 8259, Core Cybersecurity Feature Baseline for Securable IoT Devices, and NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risk.
The public comment period for this document closes on Friday, November 1, 2019. See the publication details for a copy of the document and instructions for submitting comments.
If you are interested in joining a community of interest to follow the developments of this guide and future NIST IoT research, please email home-iot-nccoe [at] nist.gov (home-iot-nccoe[at]nist[dot]gov).
NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.