26 December 2020 by Phillip JohnstonSP 800–213: IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements is a standard that is part of the NIST Cybersecurity for IoT program. This report attempts to take all of the device-specific recommendations from the NIST 8259 series and place them in the context of IT networks. The document provides background and recommendations for federal agencies that want to integrate an IoT device into a federal information system. The report also provides guidance on considering system security from a device perspective. Note: This document currently has DRAFT status. Table of …
Continue reading “SP 800-213: Establishing IoT Device Cybersecurity Requirements”
26 December 2020 by Phillip JohnstonNISTIR 8259D: Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government is a standard that is part of the NIST Cybersecurity for IoT program. NISTIR 8259D shows an example profile that results from applying the process defined in NISTIR 8259C. This example profile focuses on the “federal government customer space” and takes into account requirements of the FISMA process and guidance from the SP 800–53 security and privacy controls catalog. Or, using the relevant jargon: NISTIR 8259D provides a device-centric, cybersecurity-oriented profile of the NISTIR 8259A and 8259B core baselines, calibrated …
Continue reading “NISTIR 8259D: Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government”
26 December 2020 by Phillip JohnstonNISTIR 8259C: Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline is a standard that is part of the NIST Cybersecurity for IoT program. NISTIR 8295C is an explanatory document that describes the process that NIST used to create NISTIR 8259D. The goal of this document is to provide a reusable process for developing an IoT cybersecurity profile tuned to an organization’s specific needs. The process starts with the core baselines defined in NISTIRs 8259A and 8259B and expands upon them by accounting for organization- or application-specific requirements (such as industry standards or …
Continue reading “NISTIR 8295C: Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline”
26 December 2020 by Phillip Johnston • Last updated 14 October 2021NISTIR 8295B: IoT Non-Technical Supporting Capability Core Baseline is a standard that is part of the NIST Cybersecurity for IoT program. NISTIR 8259B complements NISTIR 8259A by defining additional, non-technical supporting activities that manufacturers and/or associated third parties typically need to provide. This non-technical baseline outlines support capabilities such as documentation, training, and customer feedback. Note: This document currently has DRAFT status. Table of Contents: Files Abstract Summary Analysis Further Reading Highlights Files NISTIR 8259B: IoT Non-Technical Supporting Capability Core Baseline (DRAFT) Abstract Non-technical supporting capabilities are actions a …
Continue reading “NISTIR 8295B: IoT Non-Technical Supporting Capability Core Baseline”
11 December 2020 by Phillip Johnston • Last updated 26 December 2020NISTIR 8259: Foundational Cybersecurity Activities for IoT Device Manufacturers is a standard that is part of the NIST Cybersecurity for IoT program. This document provides device manufacturers with guidance on how to identify an initial set of core security requirements and capabilities for new IoT devices. The guidance provided by the standard is useful when creating a Security Plan for your product or ecosystem. Note: This standard was featured as a Reading Club assignment. Table of Contents: Files Abstract Summary Analysis Further Reading Highlights Files NISTIR 8259: Foundational Cybersecurity …
Continue reading “NISTIR 8259: Foundational Cybersecurity Activities for IoT Device Manufacturers”
10 December 2020 by Phillip Johnston • Last updated 26 December 2020NISTIR 8259A: IoT Device Cybersecurity Capability Core Baseline is a standard that is part of the NIST Cybersecurity for IoT program. This document is targeted toward device manufacturers. It describes a core set of security-related capabilities that need to be supported in device hardware or software. These guidelines should be used as a starting point for identifying cybersecurity capabilities for new IoT devices. Manufacturers should consult other sources to derive or identify appropriate device cybersecurity capabilities and implementations based on your expected customers and use cases. Note: This standard …
Continue reading “NISTIR 8295A: IoT Device Cybersecurity Capability Core Baseline”
10 December 2020 by Phillip Johnston • Last updated 15 August 2023As part of the U.S. Internet of Things (IoT) Cybersecurity Improvement Act of 2020, the National Institute of Standards and Technology (NIST) is directed to “develop and publish standards and guidelines for Federal Government use and management of IoT devices”, particularly in the realm of security concerns. If you’re planning on selling connected devices to the U.S. government, you will need to abide by the NIST standards. NIST describes the program in the following way: NIST’s Cybersecurity for the Internet of Things program aims to help manufacturers and Federal …
Continue reading “NIST Cybersecurity for IoT Program”
One of the aspects I enjoy about embedded systems is that many products will be physically handled by your target audience. Knowing that a person is going to use your product informs many aspects of design: your software must be stable, your interfaces must be intuitive, and your hardware must be safe to handle. Modern …
Continue reading "A New Approach to Defining Human Touch Temperature Standards"
