The National Institute of Standards and Technology (NIST) has released two new requests for comments on draft publications related to the Internet of Things (IoT). The first document addresses trust concerns within IoT, while the second is focused on privacy risks within the space. The requests for comments announcement and draft abstracts can be found below.
NIST Internal Report (NISTIR) 8222, Internet of Things (IoT) Trust Concerns
Note: Draft NISTIR 8222 has been temporarily withdrawn to synchronize with other pending documents on this topic, and to ensure time for stakeholders to review and comment. Once the draft document has been re-posted, the comment period will be extended
Announcement
NIST has released Draft NIST Internal Report (NISTIR) 8222, Internet of Things (IoT) Trust Concerns, which identifies seventeen technical trust-related issues that may negatively impact the adoption of IoT products and services. The document offers recommendations for mitigating or reducing the effects of these concerns while also suggesting additional areas of research with regard to the subject of “IoT trust.” This publication is intended for a general information technology audience, including managers, supervisors, technical staff, and those involved in IoT policy decisions, governance, and procurement. Feedback from reviewers is requested on the seventeen technical concerns that are presented, as well as suggestions for other potential technical concerns that may be missing from the document.
Abstract
The Internet of Things (IoT) refers to systems that involve computation, sensing, communication, and actuation (as presented in NIST Special Publication (SP) 800-183). IoT involves the connection between humans, non-human physical objects, and cyber objects, enabling monitoring, automation, and decision making. The connection is complex and inherits a core set of trust concerns, most of which have no current resolution This publication identifies 17 technical trust-related concerns for individuals and organizations before and after IoT adoption. The set of concerns discussed here is necessarily incomplete given this rapidly changing industry, however this publication should still leave readers with a broader understanding of the topic. This set was derived from the six trustworthiness elements in NIST SP 800-183. And when possible, this publication outlines recommendations for how to mitigate or reduce the effects of these IoT concerns. It also recommends new areas of IoT research and study. This publication is intended for a general information technology audience including managers, supervisors, technical staff, and those involved in IoT policy decisions, governance, and procurement.
Comments due: November 16, 2018
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks
Announcement
The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do.
NIST is seeking public comments on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices throughout their lifecycles. This publication is the introductory document providing the foundation for a planned series of publications on more specific aspects of this topic.
Abstract
The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices throughout their lifecycles. This publication is the foundational document in a series of publications on this topic.
Responses due: October 24, 2018
To learn more about the draft reports visit the respective sites linked below:
Request for Comments on NIST IoT Draft Reports
October 5th, 2018 / in Announcements / by Khari DouglasThe National Institute of Standards and Technology (NIST) has released two new requests for comments on draft publications related to the Internet of Things (IoT). The first document addresses trust concerns within IoT, while the second is focused on privacy risks within the space. The requests for comments announcement and draft abstracts can be found below.
To learn more about the draft reports visit the respective sites linked below:
Disclaimer: Posts on this blog report on happenings, opportunities, and issues that arise in the broad computing research community, and do not necessarily reflect the opinion of the CCC or the National Science Foundation.
Related posts:
Tags: Internet of things IoT Request for Comments Request for Information RFI