NIST publishes IoT guide for organizations
The US National Institute of Standards and Technology (NIST) published NISTIR 8228- Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The report provides guidance for federal agencies and other organisations on how to manage risks associated with IoT devices through their life cycles. The guide begins by addressing the magnitude of IoT devices used by organisations, highlighting the differences between connected and conventional IT devices concerning their impact, daily management, and their cybersecurity and privacy capabilities. It defines three possible risks organisations need to consider when using IoT devices: device security, data security, and individual privacy. It concludes with the following recommendations. (a) organisations need to consider the security and privacy risks when using IoT devices. (b) They need to adjust and customise policies and processes to address cybersecurity and privacy risks throughout the lifecycle of their IoT devices. (c) Companies need to implement the aforementioned updated mitigation practices. The publication is the first in a series of future NIST publications related to IoT.