Technical Device Cybersecurity Capabilities Catalog

UPDATE: This catalog has been updated to reflect feedback received and alignment to the recently released NISTIR 8259 series. Any additional feedback is welcome for NIST to consider in future revisions of this catalog.

This catalog section presents a collection of IoT device technical cybersecurity capabilities that expand on the baseline set of capabilities defined in NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline. The NISTIR defines an IoT device cybersecurity capability core baseline, which is a set of device capabilities generally needed to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems, providing a starting point to use in identifying the device cybersecurity capabilities for IoT devices. Device cybersecurity capabilities are cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software). The seven device cybersecurity capabilities are:

This on-line catalog enumerates specific IoT device abilities associated with each of the capabilities listed above. The abilities were developed by applying an IoT focus to the security and privacy controls contained in NIST SP 800-53 to arrive at specific ability statements. As not every ability listed here is applicable to every situation, this catalog should be viewed as a collection of abilities that can be filtered down to a profile suitable for a particular use case, industry sector, or customer organization, as described in NISTIR 8259C, Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline.