NIST has posted an initial public draft of Cybersecurity White Paper (CSWP) 33, Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers.
This Product Development Cybersecurity Handbook describes broadly applicable considerations for developing and deploying secure IoT products across sectors and use cases.
This handbook extends NIST’s work to consider the cybersecurity of IoT product components beyond the IoT device.
Significant risks can be introduced by vulnerable IoT product components even if the IoT device itself is hardened since these additional components will likely have privileged access to the IoT device and related data.
The Product Development Cybersecurity Handbook includes the following topics:
- How IoT product components can vary and be assembled into IoT products
- Cybersecurity considerations for IoT product component hardware and software
- How IoT product components use internet infrastructure and other equipment to communicate
- The multiple parties that may have a role in supporting a secure IoT product life cycle
- Standards and guidance related to cybersecurity outcomes for IoT products
- IoT product architecture, deployment, roles, and cybersecurity perspectives
- Approaches to cybersecurity in IoT products, including several IoT product deployment and instantiation examples with related informative references
A public comment review period is open through May 17, 2024.
See the publication details for a copy of the draft and instructions for submitting comments.