NIST’s IoT Cybersecurity Capabilities Catalog
This site contains the catalog of IoT device technical cybersecurity capabilities and supporting non-technical manufacturer capabilities developed by NIST’s Cybersecurity for the Internet of Things (IoT) program. The capabilities listed below can also be accessed under the Technical Capabilities and Non-Technical Capabilities headings in the sidebar (which also provide more information about the types of capabilities).
The catalog contains more granular capability statements that refine and add specificity to the high-level IoT cybersecurity capabilities defined in NISTIRs 8259A and 8259B. NISTIRs 8259A/B contain core baselines of capabilities that are broadly applicable, and are complemented by the federal profile described in NISTIR 8259D and the guidance for federal agencies defining their IoT cybersecurity requirements in SP 800-213. More information about all of these documents and their relationships is provided in the program’s December 2020 blog post.
| Device Technical Cybersecurity Capabilities |
Manufacturer Non-Technical Supporting Capabilities |
|---|---|
 Device Identification |
 Documentation |
 Device Configuration |
 Information & Query Reception |
 Data Protection |
 Information Dissemination |
 Logical Access to Interfaces |
 Documentation |
 Software Update |
|
 Cybersecurity State Awareness |
|
| Device Security |
For background information about the creation and intended use of this catalog see the catalog information page.