NIST Keeps IoT Hot with Draft Guidance

The National Institute of Standards & Technology (NIST) has published three draft addenda to its manufacturer IoT guidance NISTIR 8259, as well as draft guidance for federal agencies, NIST SP 800-213, on integrating IoT devices into their networks. Notably, NIST published the addenda—8259B, 8259C, and 8259D—and 800-213 just days after the enactment of the Internet of Things Cybersecurity Improvement Act of 2020, in which Congress directed NIST to draft and finalize security guidelines for IoT devices procured by the federal government. While neither the 8259 addenda nor 800-213 fall within the Act's purview, they are likely to inform NIST's development of its IoT cybersecurity guidance under the Act. This is particularly true with regard to both 800-213 and addendum 8259D, the latter of which offers a "worked example" of implementing the core 8259 requirements within the specifications of the FISMA process and the NIST SP 800-53 security controls.