Draft of IoT device cybersecurity guidance published in US

The draft version of SP-800-213, published on December 15, expands the cybersecurity framework and the risk management framework

Photo: Bigstock

The National Institute of Standards and Technology (NIST) published draft SP 800-213 and a number of supporting documents for manufacturers in order to establish a basis for secure incorporation of IoT in federal networks. 

The draft version of SP-800-213, published on December 15, expands the cybersecurity framework and the risk management framework. The new guidance includes 10 specific questions that agencies must ask while setting requirements, including questions on the device itself and on the way in which it communicates with the network.  

Of particular interest to federal networks may be D8259, which determines supporting capabilities that federal agencies need to locate when integrating IoT devices in a system with lower risk. 

NIST SP 800-213 can be found here.