NIST NISTIR 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers, NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline
こんにちは、丸山満彦です。
NISTが、IoTデバイスが顧客に販売される前に製造業者が実行を検討する必要があるサイバーセキュリティに関連する推奨される活動に関する文書を公表していますね。。
● NIST - ITL - Computer Security Resource Center
・2020.05.29 NISTIR 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers
・[PDF] NISTIR 8259 (DOI)
・2020.05.29 NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline
・[PDF] NISTIR 8259A (DOI)
Table of Contents Executive Summary
1 Introduction
1.1 Purpose and Scope
1.2 Publication Structure
2 Background
3 Manufacturer Activities Impacting the IoT Device Pre-Market Phase
3.1 Activity 1: Identify Expected Customers and Define Expected Use Cases
3.2 Activity 2: Research Customer Cybersecurity Needs and Goals
3.3 Activity 3: Determine How to Address Customer Needs and Goals
3.4 Activity 4: Plan for Adequate Support of Customer Needs and Goals
4 Manufacturer Activities Impacting the IoT Device Post-Market Phase
4.1 Activity 5: Define Approaches for Communicating to Customers
4.2 Activity 6: Decide What to Communicate to Customers and How to Communicate It
4.2.1 Cybersecurity Risk-Related Assumptions
4.2.2 Support and Lifespan Expectations
4.2.3 Device Composition and Capabilities
4.2.4 Software Updates
4.2.5 Device Retirement Options
4.2.6 Technical and Non-Technical Means
5 Conclusion
References
List of Appendices
Appendix A— Acronyms and Abbreviations
Appendix B— Glossary
Table of Contents
1 Introduction
2 IoT Device Cybersecurity Capability Core Baseline Definition
References
Appendix A— Understanding the IoT Device Cybersecurity Capability Core Baseline in the Context of Customer Needs and Goals
Appendix B— Glossary