Similar to HIPAA, NIST compliance for IoT device will be as much about how the device is used or interacted with as the device itself.

More prevalent than ever before, Internet of Things (“IOT”) devices, a term that includes connected “smart” devices, such as internet connected TVs, wearables, smart speakers, such as the Amazon Echo and Google Home, are fast becoming a staple of how we interact with each other, and obtain and consume entertainment and information.  We have previously written about California’s legislation requiring manufacturers to provide reasonable security features “appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, [and] designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” 

The National Institute of Standards and Technology (“NIST”) has recently published two concurrent publications that provide exciting new guidance in this space.  IOT device manufacturers have a multipart problem when designing security processes and procedures for their devices.  Security will depend on not only the device itself, but also its interactions with human users, and those other resources and systems that the devices interact with. 

NISTIR 8259 “Foundational Cybersecurity Activities for IoT Device Manufacturers” provides six activities that IOT manufacturers can use to inform primarily the manufacturing of new devices: Read On: