The National Institute of Standards and Technology announces the publication of NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks, which provides guidance for federal agencies and other organizations to better understand and manage the risks associated with individual IoT devices throughout the lifecycles of those devices.
NISTIR 8228 addresses three high-level goals for risk mitigation: device security, data security, and individual privacy. This introductory report provides the foundation for a planned series of publications on more specific aspects of this topic, NIST said in a release.
IoT is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional IT devices do.
NISTIR 8228 (DOI)