Standard, everyday appliances like dishwashers and ovens, and necessary devices such as lights and thermostats, are increasingly likely to be Wi-Fi enabled, allowing them to send and receive data. These objects are widely called the internet of things (IoT). These IoT devices have cybersecurity and privacy considerations that differ from normal information technology (IT) devices (e.g., laptops, smartphones, servers). The National Institute of Standards and Technology (NIST) has been building a catalog of IoT guidance documents to define these IoT security and privacy considerations and provide general guidance on how to secure IoT devices.
On June 25, 2019, NIST released NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. This document explored three high-level considerations for IoT security and privacy risks and provided three risk mitigation goals:
Building on the guidance in NISTIR 8228, NIST released two interagency reports focused on providing guidance to IoT device manufacturers on May 29, 2020:
On December 15, 2020, NIST released drafts of a special publication and three additional interagency reports expanding its IoT guidance catalog. These draft publications are open for public comment until February 12, 2020.