NIST Keeps IoT Hot with Draft Guidance

Client Alert | 1 min read | 01.22.21

The National Institute of Standards & Technology (NIST) has published three draft addenda to its manufacturer IoT guidance NISTIR 8259, as well as draft guidance for federal agencies, NIST SP 800-213, on integrating IoT devices into their networks. Notably, NIST published the addenda—8259B, 8259C, and 8259D—and 800-213 just days after the enactment of the Internet of Things Cybersecurity Improvement Act of 2020, in which Congress directed NIST to draft and finalize security guidelines for IoT devices procured by the federal government. While neither the 8259 addenda nor 800-213 fall within the Act's purview, they are likely to inform NIST's development of its IoT cybersecurity guidance under the Act. This is particularly true with regard to both 800-213 and addendum 8259D, the latter of which offers a "worked example" of implementing the core 8259 requirements within the specifications of the FISMA process and the NIST SP 800-53 security controls.

Contacts

Kristin J. Madigan
Partner
- San Francisco
  - D | +1.415.365.7233
a21hZGlnYW5AY3Jvd2VsbC5jb20=

Insights

Client Alert | 3 min read | 06.12.26

DOJ Guidance Backs Away From Disparate Impact Liability

On June 9, 2026, the U.S. Department of Justice (DOJ) issued a formal opinion concluding that the Equal Opportunity Employment Commission’s (EEOC) existing interpretations of Title VII of the Civil Rights Act of 1964 (Title VII) disparate-impact liability, including the Uniform Guidelines on Employee Selection Procedures (UGESP), are unconstitutional. According to the opinion, EEOC’s prior interpretations contemplate liability based on disproportionately adverse effects alone, without regard to an employer’s likely intent, rather than treating disparate impact as an evidentiary mechanism to “smoke out” intentional discrimination. DOJ found that this approach functions as a “qualified racial-proportionality mandate” that places “a racial thumb on the scales, often requiring employers to evaluate the racial outcomes of their policies, and to make decisions based on (because of) those racial outcomes.” The opinion fulfills one mandate of Executive Order 14281, which rejected disparate-impact liability insofar as it “creates a near insurmountable presumption that unlawful discrimination exists wherever there are any differences in outcomes among different [demographic groups].”...

Client Alert | 4 min read | 06.12.26
Auto Dealers: The FTC Is Back in the Driver’s Seat — Warning Letters Signal Renewed Federal Scrutiny
Client Alert | 13 min read | 06.12.26
EU Cyber Resilience Act Countdown: 11 September 2026 Incident/Vulnerability Reporting Deadline Less Than 100 Days Away
Client Alert | 4 min read | 06.12.26
National Security Memorandum Aims to Accelerate Deployment of AI and Streamline Procurement Aligned to Administration Policies

View All Insights