IoT device cybersecurity capability core baseline

Fagan, Michael J.; Megas, Katerina N.; Scarfone, Karen; Smith, Matthew

doi:10.6028/nist.ir.8259a

Cited by 42 publications

(41 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…To better understand the consumer home Internet of Things (IoT) device sector, the National Institute of Standards and Technology (NIST) collected observations on the cybersecurity capabilities in a number of devices available in the first half of 2019. These technical observations were based on approaches to implementing the cybersecurity capabilities described in NIST Interagency Report (NISTIR) 8259A, IoT Device Cybersecurity Capability Core Baseline [1]. The observations were published in Draft NISTIR 8267, Security Review of Consumer Home Internet of Things (IoT) Products [2].…”

Section: Audiencementioning

confidence: 99%

“…It included stakeholders from industry, trade associations, consumer advocacy groups, international bodies, and academia. The purpose of this workshop was to obtain stakeholder feedback on topics related to future directions for NIST, including its National Cybersecurity Center of Excellence's (NCCoE) work in the consumer home IoT space, and to identify and discuss critical issues and barriers to implementing the core baseline in NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline [1], in consumer IoT products.…”

Section: Table Of Contentsmentioning

confidence: 99%

See 1 more Smart Citation

Workshop summary report for cybersecurity risks in consumer home internet of things (IoT) devices virtual workshop

Megas¹,

Fagan²,

Cuthill³

et al. 2021

Self Cite

View full text Add to dashboard Cite

Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST.Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at https://csrc.nist.gov/publications.

show abstract

Section: Audiencementioning

confidence: 99%

Section: Table Of Contentsmentioning

confidence: 99%

Workshop summary report for cybersecurity risks in consumer home internet of things (IoT) devices virtual workshop

Megas¹,

Fagan²,

Cuthill³

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Capability Core Baseline [21], which defines a baseline of core cybersecurity capabilities that 1916 manufacturers can voluntarily adopt for IoT devices that they produce. [23], a standard for cybersecurity in IoT that establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification schemes.…”

mentioning

confidence: 99%

Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management (Draft)

Symington¹,

Polk²,

Souppaya³

2020

View full text Add to dashboard Cite

Internet of Things (IoT) devices are typically connected to a network. The steps performed to provision a device with its network credentials are referred to as network-layer onboarding (or simply, onboarding). This paper proposes a taxonomy for IoT device onboarding that can clearly express the capabilities of any particular onboarding solution. By providing a common language that describes and clarifies various onboarding characteristics, this taxonomy assists with discussion, characterization, and development of trusted onboarding solutions that can be adopted broadly. To provide context for the proposed onboarding taxonomy and to try to ensure its comprehensiveness, this paper also describes a generic trusted onboarding process, defines onboarding functional roles, discusses onboarding-related aspects of IoT lifecycle management, presents onboarding use cases, and proposes recommended security capabilities for onboarding.

show abstract

“…NISTIR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers [1] provides guidance to manufacturers on foundational activities to incorporate cybersecurity considerations throughout the product development and lifecycle support process. NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline [2] provides a baseline of core cybersecurity device capabilities that are foundational for making IoT devices securable. These technical capabilities have been expanded with non-technical supporting capabilities such as those described within NISTIR 8259B, IoT Non-Technical Supporting Capability Core Baseline [3].…”

mentioning

confidence: 99%

“…For example, the US Health Insurance Portability and Accountability Act (HIPAA), the EU General Data Protection Regulation (GDPR), and many others 2. For example, guidance from government agencies such as in the US the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Financial Institutions Examination Council (FFIEC), in the EU the National Data Protection Authorities, in Canada the provincial Privacy Commissioners, and in similar roles throughout other countries 3.…”

mentioning

confidence: 99%