NIST Needs Your Comments on IoT Cybersecurity Guidance Documents
Brewer, Jeffrey (Fed)
NIST is responding to the IoT Cybersecurity Improvement Act of 2020 (P.L. 116-207) by developing guidance to help federal agencies meet their obligations under the law. In December 2020, the Cybersecurity for IoT program published drafts of relevant guidance, including:
- SP 800-213 provides specific guidance with a process for federal agencies to apply for determining their IoT cybersecurity requirements, in concert with applying the RMF;
- NISTIR 8259D defines a federal profile for IoT cybersecurity requirements, both technical and non-technical, aligned with the RMF low impact baseline.
The program’s efforts are focused on helping agencies assess the risk associated with their use of IoT devices and apply the RFM to their individual use cases. Comments on our drafts closed 26 February, but the program is still interested in feedback from federal agencies affected by P.L. 116-207 and looking to apply the guidance in SP 800-213. The Cybersecurity for IoT program is ready to meet with any agencies interested in providing feedback. Agencies are also encouraged to participate in our 22 April workshop, which will focus on the community feedback we’ve received on SP 800-213 and NISTIR 8259D, and the path forward for those documents.
Jeff Brewer
Management and Program Analyst
Information Technology Lab, Computer Security Division,
National Institute of Standards and Technology