Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
NISTIR 8259 Series
NISTIR 8259 Series
The NISTIR 8259 series of reports provides guidance for manufacturers and their supporting third parties as they conceive, design, develop, test, sell, and support IoT devices across their spectrum of customers. The series consists of three final documents and one draft document. Final documents:
- NISTIR 8259: Recommendations for IoT Device Manufacturers: Foundational Activities (May 29, 2020) [view details] [download] [FAQs]
- NISTIR 8259A: Core Device Cybersecurity Capability Baseline (May 29, 2020) [view details] [download] [FAQs]
- NISTIR 8259B: IoT Non-Technical Supporting Capability Core Baseline (August 25, 2021) [view details] [download]
NISTIR 8259 defines a set of activities for IoT manufacturers to follow as they develop and support IoT devices:
NISTIRs 8259A and 8259B complement the activities described in NISTIR 8259 with specific technical capabilities and non-technical supporting activities that manufacturers should consider in their product designs and support plans to help ensure they are addressing customer IoT cybersecurity needs and goals:
The NISTIR 8259A/8259B baselines represent a common set of core capabilities, useful across a broad range of applications, use cases, and customer types. Given the wide range of IoT device capabilities, and the broad range of risk situations, dependent on both the device and particulars of individual use cases, NIST anticipated that profiles or extensions of the core baseline would be needed.
- NISTIR 8259C (DRAFT): Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline [view details][download]
NISTIR 8259C (DRAFT) discusses how the capability baselines (NISTIRs 8259A and 8259B) can be used as a starting point to create tailored IoT cybersecurity requirements set for particular customers, applications and/or environments. Tailoring can be for business sectors or vertical industries and can add requirements, edit specific requirements narrowing or expanding how they are applied or, in rare instances, delete requirements.
