NIST Guidance

NIST has developed extensive guidance over the years for cybersecurity, which also supports implementation of the Federal Information Security Modernization Act (FISMA) of 2014. The guidance developed to support FISMA implementation is designed to be technology neutral so it can be applied to any type of system, from the risk management framework (NIST SP 800-37, Revision 2) methodology to manage risk to the security and privacy controls (NIST SP 800-53, Revision 5) that identify the countermeasures and outcomes to protect information, systems, and the privacy of individuals. The challenges of IoT cybersecurity were described in NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. Developed by the NIST Cybersecurity for IoT Program over more than two years of workshop discussions and interaction with the public, NISTIR 8228 is primarily aimed at federal agencies and other big organizations that are incorporating IoT devices into their workplace — organizations that may already be thinking about cybersecurity on a large-scale, enterprise level. However, there is the opportunity to provide additional guidance to assist federal organizations in understanding the specific risks that IoT devices introduce into federal systems and organizations.

To that end, the program has developed a family of documents to provide that guidance: