« COSO ERMガイダンス:価値の創造と保護 | Main | CCPAに基づく集団訴訟が始まったようですね。。。 »

2020.02.06

NISTがIoT機器製造者向けセキュリティの実践資料のドラフト(Ver.2)を公開していますね。。。

 こんにちは、丸山満彦です。NISTがIoT機器製造者向けセキュリティの実践資料のドラフト(Ver.2)を公開していますね。

NIST

・2020.02.04 Improving the IoT Cybersecurity Baseline with Stakeholder Input: Draft (v2) NISTIR 8259 Available for Public Comment

 

・・NISTIR Draft (2nd) NISTIR 8259, Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline.

 

Activity 1:  Identify expected customers and define expected use cases. 予想される顧客を特定し、予想されるユースケースを定義する
Activity 2:  Research customer cybersecurity goals. 顧客のサイバーセキュリティの目標を調査する
Activity 3:  Determine how to address customer goals.  顧客の目標に対処する方法を決定する
Activity 4: Plan for adequate support of customer goals. 顧客の目標に対する適切なサポートを計画する
Activity 5:  Define approaches for communicating to customers. 顧客と対話をするためのアプローチを定義する
Activity 6: Decide what to communicate to customers and how to communicate it. 顧客に伝える内容とその伝達方法を決定する

 

 

Executive Summary

1 Introduction

 1.1 Purpose and Scope

 1.2 Publication Structure

2 Background

3 Manufacturer Activities Impacting the IoT Device Pre-Market Phase

 3.1 Activity 1: Identify Expected Customers and Define Expected Use Cases

 3.2 Activity 2: Research Customer Cybersecurity Goals

 3.3 Activity 3: Determine How to Address Customer Goals

 3.4 Activity 4: Plan for Adequate Support of Customer Goals.

4 Manufacturer Activities Impacting the IoT Device Post-Market Phase .

 4.1 Activity 5: Define Approaches for Communicating to Customers

 4.2 Activity 6: Decide What to Communicate to Customers and How to Communicate It

  4.2.1 Cybersecurity Risk-Related Assumptions

  4.2.2 Support and Lifespan Expectations

  4.2.3 Technical and Non-Technical Means

  4.2.4 Device Composition and Capabilities

  4.2.5 Software and Firmware Updates

  4.2.6 Device Retirement Options

5 Next Steps for Manufacturers

References

|

« COSO ERMガイダンス:価値の創造と保護 | Main | CCPAに基づく集団訴訟が始まったようですね。。。 »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



« COSO ERMガイダンス:価値の創造と保護 | Main | CCPAに基づく集団訴訟が始まったようですね。。。 »