These documents were drafted by stakeholders in an open and transparent process to address key aspects of Internet of Things (IoT) security, and were approved by a consensus of participating stakeholders.
This resource outlines basic information that manufacturers can communicate to consumers about whether and how IoT devices can receive security updates. Among other things, it suggests three key questions that manufacturers should consider answering for consumers prior to purchase: Is this device upgradeable? For how long? What does the owner/operator have to do to upgrade the device?
This resource supports manufacturers in identifying and selecting appropriate security features to mitigate vulnerabilities in the update process, and offers tips to enterprises on what to look for around IoT patchability when making IoT procurement decisions. The document breaks down the different components of an IoT security update, and offers insight on how to secure them.
This resource is a catalog of existing standards and initiatives as they apply to IoT security patching and upgradability. This document also was provided as a reference to the Interagency International Cybersecurity Standardization Working Group’s work, and was incorporated into the draft Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (NISTIR 8200 pdf).
This resource provides an approach to identifying and analyzing incentives and barriers associated with IoT security update capability.