NISTがIoT機器製造者向けセキュリティの実践資料のドラフト(Ver.2)を公開していますね。。。
こんにちは、丸山満彦です。NISTがIoT機器製造者向けセキュリティの実践資料のドラフト(Ver.2)を公開していますね。
●NIST
Activity 1: | Identify expected customers and define expected use cases. | 予想される顧客を特定し、予想されるユースケースを定義する |
Activity 2: | Research customer cybersecurity goals. | 顧客のサイバーセキュリティの目標を調査する |
Activity 3: | Determine how to address customer goals. | 顧客の目標に対処する方法を決定する |
Activity 4: | Plan for adequate support of customer goals. | 顧客の目標に対する適切なサポートを計画する |
Activity 5: | Define approaches for communicating to customers. | 顧客と対話をするためのアプローチを定義する |
Activity 6: | Decide what to communicate to customers and how to communicate it. | 顧客に伝える内容とその伝達方法を決定する |
Executive Summary
1 Introduction
1.1 Purpose and Scope
1.2 Publication Structure
2 Background
3 Manufacturer Activities Impacting the IoT Device Pre-Market Phase
3.1 Activity 1: Identify Expected Customers and Define Expected Use Cases
3.2 Activity 2: Research Customer Cybersecurity Goals
3.3 Activity 3: Determine How to Address Customer Goals
3.4 Activity 4: Plan for Adequate Support of Customer Goals.
4 Manufacturer Activities Impacting the IoT Device Post-Market Phase .
4.1 Activity 5: Define Approaches for Communicating to Customers
4.2 Activity 6: Decide What to Communicate to Customers and How to Communicate It
4.2.1 Cybersecurity Risk-Related Assumptions
4.2.2 Support and Lifespan Expectations
4.2.3 Technical and Non-Technical Means
4.2.4 Device Composition and Capabilities
4.2.5 Software and Firmware Updates
4.2.6 Device Retirement Options
5 Next Steps for Manufacturers
References
Comments