Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance
Brewer, Jeffrey (Fed)
NIST is responding to the IoT Cybersecurity Improvement Act of 2020 (P.L. 116-207) by developing standards and guidelines to help federal agencies meet their obligations under the law. Federal agencies are encouraged to participate in NIST’s 22 April workshop, which will focus on the community feedback we’ve received on two of our draft publications, and the path forward for those documents.
In December 2020 NIST published associated draft documents, including:
- SP 800-213 which provides specific guidance with a process for federal agencies to apply for determining their IoT cybersecurity requirements, in concert with applying the RMF;
- NISTIR 8259D which defines a federal profile for IoT cybersecurity requirements, both technical and non-technical, aligned with the RMF low impact baseline.
NIST’s efforts are focused on helping agencies assess the risk associated with their use of IoT devices, and apply the RMF to their individual use cases. Comments on our drafts closed 26 February, but the program is still interested in feedback from federal agencies affected by P.L. 116-207 and looking to apply the guidance in SP 800-213. Please contact iotse...@nist.gov if you have questions, comments, or feedback on our IoT cybersecurity publications.
Jeff Brewer
Management and Program Analyst
Information Technology Lab, Computer Security Division,
National Institute of Standards and Technology