New NIST Draft Report Addresses IoT’s Particular Security and Privacy Needs

Agency Will Accept Comments for Draft Report Until Oct. 24, 2018

To help organizations address the cybersecurity and privacy threats against Internet of Things (IoT) devices, the National Institute of Standards and Technology (NIST) has released draft NIST Internal Report (NISTIR) 8228: Considerations for Managing IoT Cybersecurity and Privacy Risks for public comment.

IoT devices frequently bring different cybersecurity and privacy risks to an organization than conventional information technology devices like computers do. Many of these devices interact directly with the physical world and cannot be accessed, managed or monitored in typical ways. The availability, efficiency and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices as well.

The document – developed in collaboration with a broad range of stakeholder groups – is intended to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices throughout their life cycles.  The draft report also includes recommendations about how to address risk considerations for these devices.

Public comment on the draft NISTIR can be emailed to by October 24, 2018. 

For more information, see NIST’s blog post.

Photo Credit: teco_kit Flickr via Compfight cc