Draft of NIST IoT Guidance Expected Early 2018

NIST has provided additional details—including a tentative timeline—regarding its IoT Guidance.  As we have covered, NIST is planning to develop guidance for federal agencies regarding high-level cybersecurity and privacy IoT risk.  On Thursday, the Manager of the NIST Cybersecurity for IoT Program reported that:

• The current draft, which was written by a task group formed 3 months ago by the Interagency Cybersecurity Standardization Working Group that is co-chaired by NIST and DHS, is 200 pages;
• The Interagency Cybersecurity Standardization Working Group will decide next steps for the draft, which could include releasing the draft for public comment early next year; and
• Private industry input regarding current IoT standards is key.

The report follows a NIST Colloquium, held earlier in October, that brought the private sector together with government and academia to discuss IoT cybersecurity.  That Colloquium made clear that the debate regarding IoT cyber standards is still nascent and that NIST is still working to define the scope of IoT.