NIST released a set of guidelines for IoT device manufacturers

NIST disclosed two publications with the aim of providing cybersecurity guidance and suitable practices specific for companies manufacturing IoT devices as a part of cybersecurity for IoT program. This move is made as a portion of NIST’s implementation of the 2017 Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

These publications provide recommended activities to the manufacturers to improve and secure IoT devices also the baseline level of security requirements for these devices.

NISTIR 8259 helps manufacturers of new IoT devices by recommending activities to address cybersecurity in the product development process. Recommended activities are 6, out of which 4 identifies and implementsrelevant security controls in the pre-market phase and two that concentrates on meeting customers’ cybersecurity needs once the device is on the market.

NISTIR 8259 puts core baseline of security before you, which requires the following:

• Device identification: The individual device can be identified both logically and physically
• Device configuration: An IoT device’s software configuration can be changed and such changes can only be performed by authorized entities
• Data protection: The data from an IoT device is protected from unauthorized access or modification, both in storage and transit
• Logical access interfaces: Only authorized entities should have logical access to local and network interfaces, and the protocols and services used by those interfaces
• Software update: The IoT device’s software can be updated by authorized entities

Cybersecurity state awareness: An IoT device can report on its cybersecurity state to authorized entities only