Non-Technical Supporting Capabilities Catalog

This catalog section presents a collection of non-technical supporting capabilities that expand on the baseline set of capabilities defined in NISTIR 8259B, IoT Non-Technical Supporting Capability Core Baseline. The NISTIR identifies a set of non-technical supporting capabilities generally needed from manufacturers or other third parties to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems. The four non-technical baseline supporting capabilities are:

This on-line catalog enumerates specific activities associated with each of the four non-technical supporting capabilities listed above. These actions were identified by applying an IoT focus to the security and privacy controls contained in NIST SP 800-53 to arrive at specific ability statements. The catalog includes a section of non-technical activities for manufacturers and their supporting third parties (currently on-line) and for IoT device customers (to be supplied).

As not every action listed here is applicable to every situation, this catalog should be viewed as a collection of non-technical supporting capabilities that can be filtered down to a profile suitable for a particular use case, industry sector, or customer organization, as described in NISTIR 8259C, Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline.