NIST maps out IoT security standards

With its power to impact transform nearly all aspects of modern society, adoption of the internet of things "brings cybersecurity risks that pose a significant threat to the Nation," the National Institute of Standards and Technology said in a new report.

The draft version of NIST's "Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT)" aims to help policymakers, managers and standards organizations develop and standardize IoT components, systems and services.

To push that standardization, NIST puts a stake in the ground in several areas by:

Defining IoT as a concept based on components that interact with the physical world and have data storage, networking, processing and sensing capabilities.  

Describing representative IoT applications such as connected vehicles, consumer IoT (like smart homes), health IoT and connected medical devices, smart buildings and smart manufacturing.

Listing and summarizing core areas of cybersecurity, including encryption, digital signatures, hardware assurance, identity and access management, network security, security automation and continuous monitoring and supply chain risk management.

Describing IoT cybersecurity objectives, risks and threats as they relate to the representative applications.

Analyzing the current standards landscape for IoT cybersecurity as related to the core areas.

Presenting a matrix of the status of the major IoT cybersecurity standards and how they map to the core areas and applications.

Listing several possible standards gaps, such as applying blockchain technology to IoT security and best practices for avoiding malware in software and firmware.

Appendices include definitions, an IoT capabilities table, an IoT standards maturity model and extensive tables that sort standards by core area of cybersecurity. Additional guidance lists relevant FIPS documents and NIST SP 800-series publications on security.  

Read the full report here.

Comments are due April 18. Reviewers are encouraged to use the comment template, and NIST will post comments online as they are received.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected