NIST releases report to address IoT cybersecurity needs

The increased presence of the Internet of Things (IoT) in organization applications, and the vague policies concerning the use of information it collects, makes it one of the biggest emerging cybersecurity threats. After issuing the second draft of its Cybersecurity Framework in December, the National Institute of Standards and Technology (NIST) is now looking to safeguard organizational IoT applications with a new set of standards.

In December 2015, the White House National Security Council’s (NSC) Cyber Interagency Policy Committee established the Interagency International Cybersecurity Standardization Working Group (IICS WG). Its purpose is to address pressing issues of international cybersecurity standardization, while improving upon US federal participation in standardization initiatives.

The IICS WG developed “Draft NIST Interagency Report (NISTIR) 8200, Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT)” in response to recommendations from NISTIR 8074 Volume 1.  The report initiated the development of international cybersecurity standards. With government and public entities in mind, NISTIR 8200 furthers this objective. It is intended to “help policymakers, managers, and standards participants as they seek timely development of and use of cybersecurity standards in IoT components, systems, and services.”

NISTIR 8200 was released on February 14, 2018, and aims to develop cybersecurity standards through the voluntary consensus of various standards bodies. Standards bodies are organizations that develop, monitor, or coordinate voluntary standards. provides:

  • A functional description for IoT
  • Descriptions of IoT applications
  • Analysis of the standards landscape pertaining to IoT cybersecurity
  • A summary of cybersecurity core areas, with relevant standards examples
  • IoT information security objectives, risks, and threats
  • A map connecting cybersecurity standards to cybersecurity core areas

The report describes 11 cybersecurity core areas. IoT systems are becoming integrated within multiple sectors, making cybersecurity objectives more diverse and adding protections beyond confidentiality, integrity, and availability. The report facilitates the effective use of existing standards, while identifying and addressing standards gaps. It also calls for the development of conformity assessment schemes to meet IoT cybersecurity needs.

NIST is soliciting comments on how to improve upon the report, particularly “on the information about the state of cybersecurity standardization for IoT that is found in Sections 8, 9, 10, and Annex D.” Comments are due no later than April 18. Draft NISTIR 8200 can be viewed here.

Protect your organization’s information assets through ISO 27001 compliance

With new cyber threats emerging every day, it is in your organization’s best interest to implement an adequate information security management system (ISMS). Achieving certification that is

Depending on the size of your organization and its cybersecurity posture, implementing an ISO 27001-accredited ISMS can be challenging and costly. International ISO 27001 experts Alan Calder and Steve Watkins have developed a four-day training program consisting of Certified ISMS Foundation (CIS F) and Certified ISMS Lead Implementer (CIS LI) classroom courses. A 15% discount is applied to the combined course, making it more cost effective.

The comprehensive training provides a thorough introduction to ISO 27001 requirements, including the actions involved in planning, implementing, and maintaining an ISO 27001-compliant ISMS. Learn more about the ISO27001 Foundation and Lead Implementer Combination Course.