The IT Law Wiki

Citation[]

Interagency International Cybersecurity Standardization Working Group, Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (IoT) (NISTIR 8200) (Nov. 29, 2018) (full-text).

Overview[]

The Internet of Things (IoT) consists of network connected devices, systems, and resulting services. The adoption of IoT and its applications is rapidly growing and the ensuing opportunities and benefits are significant. However, to reap the substantial benefits and to minimize the potentially significant risks, IoT security and resiliency are critical.

The timely availability of international cybersecurity standards is a dynamic and critical component for the cybersecurity and resilience of all information and communications systems and supporting infrastructures. The intended audience is both the government and public. The purpose is to inform and enable policymakers, managers, and standards participants as they seek timely development of and use of such standards in IoT components, systems, and services.

To gain insight on the present state of IoT cybersecurity standardization, five IoT technology application areas are described. These application areas are not exhaustive but are sufficiently representative to use in an analysis of the present state of IoT cybersecurity standardization.

Building upon NISTIR 8074, Volume 2, this Report describes eleven cybersecurity core areas and provides examples of relevant standards. IoT cybersecurity objectives, risks, and threats are then analyzed for IoT applications in general and for each of the five IoT technology application areas. Cybersecurity objectives for traditional IT systems generally prioritize Confidentiality, then Integrity, and lastly Availability.

This Report is intended for use by the IICS WG member agencies to assist them in their standards planning and to help to coordinate U.S. government participation in international cybersecurity standardization for IoT. The Report's conclusions focus upon the issue of standards gaps and the effective use of existing standards.