The Internet of Things (IoT) includes items such as smart appliances, smartwatches, and medical sensors. For organizations to enjoy all of the benefits and convenience of IoT devices, enterprise customers must fully understand the potential risks and threats to their systems and the underlying data. IoT devices often lack built-in security controls, a situation which creates risks and threats for federal agencies and consumers.
As IoT devices proliferate, it is important for manufacturers to provide secure and safe devices. According to NIST, built-in security controls include device cybersecurity capabilities as well as non-technical support relevant to cybersecurity. Both can be used to mitigate risks related to IoT devices.
IoT Device Non-Technical Supporting Capabilities
The National Institute of Standards and Technology (NIST) Cybersecurity for the Internet of Things (IoT) program announced the drafting of four public documents that provide guidance for federal agencies and IoT device manufacturers on defining IoT cybersecurity requirements. The purpose of this initiative is to help manufacturers and federal government agencies better understand what kinds of device cybersecurity capabilities and non-technical supporting capabilities may be needed from or around IoT devices used by federal government agencies.
In distinguishing technical and non-technical means for securing IoT devices, NIST notes that IoT devices are primarily secured using technical means, referred to as “device cybersecurity capabilities,” and that non-technical supporting capabilities include actions that manufacturers or third-parties take in support of the initial and on-going security of IoT devices.
The purpose of the NIST Internal Report (IR) 8259B, Non-Technical Supporting Capabilities publication is to provide organizations with a starting point they can use to identify non-technical supporting capabilities needed in relation to IoT devices that they intend to manufacture, integrate, or acquire. This publication is intended to be used in conjunction with NISTIR 8259, (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/iot/iot-devices-built-to-meet-cybersecurity-needs/