Non-Technical Supporting Capabilities Catalog

NOTE TO VISITORS: NIST published its original catalog of device [technical] cybersecurity capabilities and supporting non-technical capabilities in June 2020. As the work progressed on our recently released publications, we identified opportunities to refine the catalog structure and content. We are temporarily posting the content of the original catalog here, as-is, until new versions are completed and ready to be posted.

This catalog section presents a collection of non-technical supporting capabilities that expand on the baseline set of capabilities defined in NISTIR 8259B, IoT Non-Technical Supporting Capability Core Baseline. The NISTIR defines an IoT device manufacturers’ non-technical supporting capability core baseline, which is a set of non-technical supporting capabilities generally needed from manufacturers or other third parties to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems. The baseline provides a starting point to use in identifying a set of detailed actions that implement the device non-technical support capabilities in the baseline. The four non-technical supporting capabilities are:

This on-line catalog enumerates specific activities associated with each of the four non-technical supporting capabilities listed above. These actions were identified by applying an IoT focus to the security and privacy controls contained in NIST SP 800-53 to arrive at specific ability statements. As not every action listed here is applicable to every situation, this catalog should be viewed as a collection of non-technical supporting capabilities that can be filtered down to a profile suitable for a particular use case, industry sector, or customer organization, as described in NISTIR 8259C, Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline.