The National Institute of Standards and Technology (NIST) has released a new Interagency/Internal Report (NISTIR) 8228, that includes guidelines for organizations in managing IoT cybersecurity and privacy risks.
The NISTIR 8228 report titled “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks” provides organizations good insight into the IoT risks, challenges, and considerations to help mitigate IoT-related risks.
A abstract from the NISTIR 8228 publication:
“The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their individual IoT devices throughout the devices’ lifecycles. This publication is the introductory document providing the foundation for a planned series of publications on more specific aspects of this topic.”
In summary, NIST provides a high level summary of IoT risk considerations, three primary IoT risk mitigation goals and nearly 50 IoT-related challenges. The document can help organizations better understant IoT-related risks, the challenges and potential mitigations to better prepare or prevent IoT-related issues.
You can read and download the entire free NIST IR 8228 report (PDF) here.