NIST NISTIR 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers, NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline

こんにちは、丸山満彦です。

NISTが、IoTバイスが顧客に販売される前に製造業者が実行を検討する必要があるサイバーセキュリティに関連する推奨される活動に関する文書を公表していますね。。

 

● NIST - ITL - Computer Security Resource Center

・2020.05.29 NISTIR 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers

 ・[PDF]  NISTIR 8259 (DOI)

・2020.05.29 NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline

 ・[PDF] NISTIR 8259A (DOI)

 

 

Table of Contents Executive Summary

1 Introduction

 1.1 Purpose and Scope

 1.2 Publication Structure

2 Background

3 Manufacturer Activities Impacting the IoT Device Pre-Market Phase

 3.1 Activity 1: Identify Expected Customers and Define Expected Use Cases 

 3.2 Activity 2: Research Customer Cybersecurity Needs and Goals

 3.3 Activity 3: Determine How to Address Customer Needs and Goals

 3.4 Activity 4: Plan for Adequate Support of Customer Needs and Goals

4 Manufacturer Activities Impacting the IoT Device Post-Market Phase

 4.1 Activity 5: Define Approaches for Communicating to Customers

 4.2 Activity 6: Decide What to Communicate to Customers and How to Communicate It

  4.2.1 Cybersecurity Risk-Related Assumptions

  4.2.2 Support and Lifespan Expectations

  4.2.3 Device Composition and Capabilities

  4.2.4 Software Updates

  4.2.5 Device Retirement Options

  4.2.6 Technical and Non-Technical Means

5 Conclusion

References

List of Appendices

 Appendix A— Acronyms and Abbreviations 

 Appendix B— Glossary

 

Table of Contents

1 Introduction

2 IoT Device Cybersecurity Capability Core Baseline Definition

References

Appendix A— Understanding the IoT Device Cybersecurity Capability Core Baseline in the Context of Customer Needs and Goals

Appendix B— Glossary