Published in


NIST Publishes Draft Security Recommendations For IoT Manufacturers

New NIST recommendations offer voluntary activities related to cybersecurity that manufacturers should consider performing before their IoT devices are sold to customers.

The National Institute of Standards and Technology (NIST) has published a second draft of its recommendations for Internet of Things (IoT) device manufacturers.

In it, the federal agency asks a series of questions and assessments to be carried out before commercialization, aimed at “reducing the prevalence and severity of IoT device compromises”.

The main highlights include:

  • Identify expected customers and define expected use cases for IoT devices: This is the first point made by NIST, and it’s very important. By figuring out what the device will be used for, where it will be used, and what it will be connected to, the manufacturer may be able to identify the weak spots and shore them up before sale.
  • Research customer cybersecurity goals: This follows on from the first point, identifying weak spots before the device ships. NIST ask how the device will interact with the physical world, how it will be accessed, who will monitor it, what data will it hold, and what regulations must it follow. California recently enacted a state law for IoT security, we can expect more states and countries will do the same this year.
  • Determine how to address customer goals: After figuring out external threats, device manufacturers should look at enhancing on-board security by figuring out device identification, configuration, data protection, logical access restrictions, software and firmware updates.
  • Define approaches for communicating with customers: Once a product is on sale, manufacturers need to be able to communicate with customers on any issues. NIST recommends that manufacturers make the information as easy as possible to understand and access.
  • Decide what to communicate to customers and how to communicate it: One of the biggest worries buyers have is that their device will lose all functionality once the manufacturer ends support. NIST recommends that the manufacturer be clear with the customer how long it intends to provide support and what functionality the device will have after support ends.

SEE ALSO: IoT Researchers Propose Lag-Free Networking Solution

Originally published at https://www.rtinsights.com.




Features and news on real-time analytics, big data, the IoT, and artificial intelligence.

Recommended from Medium


{UPDATE} Super Rocket Kart Race Fighter Hack Free Resources Generator

Big Data Privacy

CyberSecurity — Complexity Risk

Cracking Wifi WPA/WPA2 password

Your Smart TV is spying on you — Get Protection

Pishing Websites | Dangerous Hacking Tool

How are patient safety and medical device cybersecurity linked?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
RTInsights Team

RTInsights Team

More from Medium

Bespoke Vehicles Emerge for Robotaxi Service

How developers can explore the PolicyEngine API

cybersecurity in, no, FOR healthcare

Visualize and Monitor Your Airtable Base Structure with Schemas