Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.


Request for Comments on NIST IoT Draft Reports

October 5th, 2018 / in Announcements / by Khari Douglas

National Institute of Standards and Technology (NIST) logoThe National Institute of Standards and Technology (NIST) has released two new requests for comments on draft publications related to the Internet of Things (IoT). The first document addresses trust concerns within IoT, while the second is focused on privacy risks within the space. The requests for comments announcement and draft abstracts can be found below.

NIST Internal Report (NISTIR) 8222, Internet of Things (IoT) Trust Concerns

 

Note: Draft NISTIR 8222 has been temporarily withdrawn to synchronize with other pending documents on this topic, and to ensure time for stakeholders to review and comment.  Once the draft document has been re-posted, the comment period will be extended

 

Announcement
NIST has released Draft NIST Internal Report (NISTIR) 8222, Internet of Things (IoT) Trust Concerns, which identifies seventeen technical trust-related issues that may negatively impact the adoption of IoT products and services. The document offers recommendations for mitigating or reducing the effects of these concerns while also suggesting additional areas of research with regard to the subject of “IoT trust.” This publication is intended for a general information technology audience, including managers, supervisors, technical staff, and those involved in IoT policy decisions, governance, and procurement. Feedback from reviewers is requested on the seventeen technical concerns that are presented, as well as suggestions for other potential technical concerns that may be missing from the document.

 

Abstract
The Internet of Things (IoT) refers to systems that involve computation, sensing, communication, and actuation (as presented in NIST Special Publication (SP) 800-183). IoT involves the connection between humans, non-human physical objects, and cyber objects, enabling monitoring, automation, and decision making. The connection is complex and inherits a core set of trust concerns, most of which have no current resolution This publication identifies 17 technical trust-related concerns for individuals and organizations before and after IoT adoption. The set of concerns discussed here is necessarily incomplete given this rapidly changing industry, however this publication should still leave readers with a broader understanding of the topic. This set was derived from the six trustworthiness elements in NIST SP 800-183. And when possible, this publication outlines recommendations for how to mitigate or reduce the effects of these IoT concerns. It also recommends new areas of IoT research and study. This publication is intended for a general information technology audience including managers, supervisors, technical staff, and those involved in IoT policy decisions, governance, and procurement.

Comments due: November 16, 2018

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

 

Announcement
The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do.

 

NIST is seeking public comments on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices throughout their lifecycles. This publication is the introductory document providing the foundation for a planned series of publications on more specific aspects of this topic.

 

Abstract
The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices throughout their lifecycles. This publication is the foundational document in a series of publications on this topic.  

Responses due: October 24, 2018

To learn more about the draft reports visit the respective sites linked below:

Request for Comments on NIST IoT Draft Reports

Comments are closed.