Giter VIP home page Giter VIP logo

iot-device-cybersecurity-requirement-catalogs's Introduction

IoT Device Cybersecurity Requirement Catalogs

The Catalog

NIST has developed a catalog of IoT device cybersecurity capabilities and supporting non-technical manufacturer capabilities and associated IoT device customer actions that are published on this site. NIST analyzed the controls found in NIST SP 800-53 to develop a catalog of key IoT device cybersecurity capabilities and supporting non-technical manufacturer capabilities to ensure that customers’ systems meet an established level of management, operational, and technical security control requirements. The catalog contains more granular capability statements that refine and add specificity to the high-level capabilities defined in the NISTIRs 8259A and 8259B.

Manufacturers can engineer their IoT device technical cybersecurity capabilities and provide non-technical capabilities to IoT device customers, who can then use those capabilities to ensure their systems meet an established level of management, operational and technical security control requirements. The capabilities needed for each IoT device will depend upon the risks that the device brings to the system within which it is implemented. The profile development process described in NISTIR 8259C explains how customer organizations or manufacturers can use the catalog as a tool to determine the appropriate set of requirements for a particular use case or operational need.

This catalog identifies technical and non-technical capabilities necessary for addressing context-specific security requirements, such as the NIST SP 800-53 controls that apply to federal information systems. Just as not every Federal IT system uses every control, not every capability in the catalog is needed in every IoT device. Profiles can be created to identify the default minimum set of technical and non-technical capabilities necessary when integrating IoT devices into specific environments (e.g., healthcare, public safety). The Federal profile contained in NISTIR 8259D is a worked example that may also be useful to non-Federal organizations, or they may choose to create their own baseline profiles by choosing a different set of capabilities and elements from the catalog.

iot-device-cybersecurity-requirement-catalogs's People

Contributors

dlemire60 avatar kevingbrady avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.