New NIST Draft Report Addresses IoT’s Particular Security and Privacy Needs
Agency Will Accept Comments for Draft Report Until Oct. 24, 2018
To help organizations address the cybersecurity and privacy threats against Internet of Things (IoT) devices, the National Institute of Standards and Technology (NIST) has released draft NIST Internal Report (NISTIR) 8228: Considerations for Managing IoT Cybersecurity and Privacy Risks for public comment.
IoT devices frequently bring different cybersecurity and privacy risks to an organization than conventional information technology devices like computers do. Many of these devices interact directly with the physical world and cannot be accessed, managed or monitored in typical ways. The availability, efficiency and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices as well.
The document – developed in collaboration with a broad range of stakeholder groups – is intended to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices throughout their life cycles. The draft report also includes recommendations about how to address risk considerations for these devices.
Public comment on the draft NISTIR can be emailed to iotsecurity@nist.gov by October 24, 2018.
For more information, see NIST’s blog post.
Hugh Taylor
Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.