You are here

Stakeholder-Drafted Documents on IoT Security

Date: 
July 13, 2018

These documents were drafted by stakeholders in an open and transparent process to address key aspects of Internet of Things (IoT) security, and were approved by a consensus of participating stakeholders.

Communicating IoT Device Security Update Capability to Improve Transparency for Consumers

This resource outlines basic information that manufacturers can communicate to consumers about whether and how IoT devices can receive security updates. Among other things, it suggests three key questions that manufacturers should consider answering for consumers prior to purchase: Is this device upgradeable? For how long? What does the owner/operator have to do to upgrade the device?

Voluntary Framework for Enhancing Update Process Security 

This resource supports manufacturers in identifying and selecting appropriate security features to mitigate vulnerabilities in the update process, and offers tips to enterprises on what to look for around IoT patchability when making IoT procurement decisions. The document breaks down the different components of an IoT security update, and offers insight on how to secure them.

Catalog of Existing IoT Security Standards 

This resource is a catalog of existing standards and initiatives as they apply to IoT security patching and upgradability. This document also was provided as a reference to the Interagency International Cybersecurity Standardization Working Group’s work, and was incorporated into the draft Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (NISTIR 8200 pdf).

Incentives and Barriers to Adoption of IoT Update Capabilities 

This resource provides an approach to identifying and analyzing incentives and barriers associated with IoT security update capability.