The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council’s Cyber Interagency Policy Committee. Its purpose is to coordinate on major issues in international cybersecurity standardization and thereby enhance U.S. federal agency participation in the process. Effective U.S. Government participation involves coordinating across the federal government and working with the U.S. private sector. The U.S. relies more heavily on the private sector for standards development than do many other countries. Companies and industry groups, academic institutions, professional societies, consumer groups, and other interested parties are major contributors to this process. Further, the many Standards Developing Organizations (SDOs) which provide the infrastructure for the standards development are overwhelmingly private sector organizations. On April 25, 2017, the IICS WG established an Internet of Things (IoT) Task Group to determine the current state of international cybersecurity standards development for IoT. This report is intended for use by the working group member agencies to assist them in their standards planning and to help coordinate U.S. Government participation in international cybersecurity standardization for IoT. Other organizations may also find this document useful in their planning.

https://csrc.nist.gov/publications/detail/nistir/8200/final

https://csrc.nist.gov/News/2018/NIST-Publishes-Interagency-Report-(NISTIR)-8200

Re: https://firmwaresecurity.com/2018/09/19/nist-internet-of-things-iot-trust-concerns/

This draft white paper identifies seventeen technical trust-related issues that may negatively impact the adoption of IoT products and services. The paper offers recommendations for mitigating or reducing the effects of these concerns while also suggesting additional areas of research regarding the subject of “IoT trust.” This document is intended for a general information technology audience, including managers, supervisors, technical staff, and those involved in IoT policy decisions, governance, and procurement. Feedback from reviewers is requested on the seventeen technical concerns that are presented, as well as suggestions for other potential technical concerns that may be missing from the document.

https://csrc.nist.gov/news/2018/IoT-trust-concerns-draft-white-paper-now-available
https://csrc.nist.gov/publications/detail/white-paper/2018/10/17/iot-trust-concerns/draft

Click to access iot-trust-concerns-draft.pdf

see-also: https://www.nist.gov/topics/internet-things-iot

https://www.nist.gov/news-events/events/2018/07/considerations-managing-iot-cybersecurity-and-privacy-risks-workshop

Click to access iot_risk_workshop_agenda.pdf

NIST’s Cybersecurity for IoT Program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale. This workshop will help the program through the development of the Cybersecurity for IoT Program and Privacy Engineering Program’s publication on an introduction to managing IoT cybersecurity and privacy risk for federal systems. This will include work to date identifying typical differences in cybersecurity and privacy risk for IoT systems versus traditional IT systems, considerations for selecting and using technical controls to mitigate IoT cybersecurity and privacy risk, and basic cybersecurity and privacy controls for manufacturers to consider providing in their IoT products. A pre-read document has been posted to help guide conversation.