NIST’s IoT Cybersecurity Capabilities Catalog

This site contains the catalog of IoT device technical cybersecurity capabilities and supporting non-technical manufacturer capabilities developed by NIST’s Cybersecurity for the Internet of Things (IoT) program. The capabilities listed below can also be accessed under the Technical Capabilities and Non-Technical Capabilities headings in the sidebar (which also provide more information about the types of capabilities).

The catalog contains more granular capability statements that refine and add specificity to the high-level IoT cybersecurity capabilities defined in NISTIRs 8259A and 8259B. NISTIRs 8259A/B contain core baselines of capabilities that are broadly applicable, and are complemented by the federal profile described in NISTIR 8259D and the guidance for federal agencies defining their IoT cybersecurity requirements in SP 800-213. More information about all of these documents and their relationships is provided in the program’s December 2020 blog post.

Device Technical
Cybersecurity Capabilities
Manufacturer Non-Technical
Supporting Capabilities
Device Identification Documentation
Device Configuration Information & Query Reception
Data Protection Information Dissemination
Logical Access to Interfaces Education and Awareness
Software Update  
Cybersecurity State Awareness  
Device Security  

For background information about the creation and intended use of this catalog see the catalog information page.