The NIST has released four new documents to promote IoT security at the federal level. In that regard, the documents seek to establish a uniform standard that will let device manufacturers and federal agencies approach technology partnerships with the same security expectations.
The four documents include an NIST Special Publication (SP 800-213) and three NIST Interagency Reports (NISTRs 8259B, 8259C and 8259D), which will supplement the organization’s previous two 8259 and 8259A interagency reports. The documents are not regulatorily binding, but they are intended to make sure that tech providers and federal agencies are able to comply with the IoT Cybersecurity Improvement Act of 2020.
“The three NISTIRs offer a suggested starting point for manufacturers who are building IoT devices for the federal government market, while the SP provides guidance to federal agencies on what they should ask for when they acquire these devices,” explained NIST Cybersecurity for IoT Program Manager Katerina Megas. “We look forward to the community’s feedback on these drafts as we work to provide IoT cybersecurity guidance that aids both vendors and customers.”
The Special Publication details the minimum security requirements for federal systems, and lets providers know what standard they will need to live up to should they wish to try for a government contract. The NISTIRs, on the other hand, give those manufacturers tips for working with federal agencies to make sure that IoT tech is integrated properly. They cover cybersecurity best practices like documentation updates, and offer more specific marketing advice for businesses looking to appeal to the government sector.
“These publications outline a process and starting point for manufacturers to identify the capabilities a customer will expect,” continued Megas. “If you buy a device, you would want to be sure you can see and identify the device on your network and change its password, for example. It articulates those kinds of features on a high level.”
The NIST recently released a Phish Scale to try to raise awareness about some common threats to cybersecurity. The organization also updated the standards review process for its Organization of Scientific Area Committees (OSAC) for Forensic Science, and released a Quick Start manual to teach organizations how to evaluate their own cybersecurity requirements.