IoT and NIST

IoT devices, increasingly used in organisational systems, are increasingly part of bad actors’ attack vectors.

NIST in the US has released, for public review, draft guidance on defining federal IoT cybersecurity requirements, including how to support non-technical requirements.

There are four documents covering guidance for IoT cybersecurity, to ensure that IoT devices are integrated into the security and privacy controls of federal information systems.

The documents are out for comment: https://www.nist.gov/blogs/cybersecurity-insights/rounding-your-iot-security-requirements-draft-nist-guidance-federal