• NIST’s 2020 IoT Cybersecurity Improvement Act mandated five‑year guideline reviews. • IR 8259 set foundational cybersecurity activities for IoT manufacturers. • IR 8259A/B expanded to sector‑neutral technical and non‑technical baselines. • Subsequent publications built on IR 8259 for federal use cases and consumer trust marks. • NIST now revises SP 800‑213 and SP 213A to reflect evolving IoT components. • Public workshops launched the revision process, gathering industry and stakeholder input.
Article Summaries:
- NIST is updating its IoT cybersecurity guidance in response to the 2020 IoT Cybersecurity Improvement Act, which requires a five‑year review of its standards. The agency has begun revising NIST SP 800‑213 and SP 213A, building on the foundational NIST IR 8259 series that outlines manufacturing and lifecycle activities for secure IoT devices. Two public workshops drew over 400 participants, whose feedback shaped the revision, leading to expanded background context, a new foundational activity, and enhanced questions for manufacturers on deployment, data management, and lifecycle support. The updated IR 8259 will serve as the basis for future sector‑specific and federal‑government IoT security requirements.
Sources: