As an IoT practitioner or device manufacturer, it is important to keep up with the latest developments in IoT cybersecurity. The National Institute of Standards and Technology (NIST) has recently released two draft documents for public comment that are relevant to the IoT.

The first is a discussion essay titled “Ideas for the Future of IoT Cybersecurity at NIST: IoT Risk Identification Complexity“. This discussion paper lays the groundwork for forward-looking talks on detecting and addressing risks for IoT devices by drawing on NIST’s earlier work in cybersecurity for the IoT (for example, NISTIR 8259).

The second is a draft NIST Internal Report (‘NISTIR’) 8425 titled “Profile of the IoT Core Baseline for Consumer IoT Products“. NISTIR 8425 recalls the consumer IoT cybersecurity criteria from NIST’s white paper on “Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products,” and incorporates them into the family of NIST’s IoT cybersecurity recommendations. 

I recommend you keep tabs on these documents, particularly NISTIR 8425.