NIST IoT機器製造者向けセキュリティの実践資料 NISTIR 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers, NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline
こんにちは、丸山満彦です。
NISTがIoTに関する白書を2つ(NISTIR 8259 Foundational Cybersecurity Activities for IoT Device ManufacturersとNISTIR 8259A IoT Device Cybersecurity Capability Core Baseline
)公開していますね。。。
● NIST - ITL
・2020.05.29 (PUBLICATIONS) NISTIR 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers
・[PDF] NISTIR 8259 (DOI)
Supplemental Material:
・[Web] Blog post
・[Web] Video overview of NIST recommendations
Related NIST Publications:
・2019.06.25 (PUBLICATIONS) NISTIR 8228 Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks
・[PDF] NISTIR 8228
Abstract
Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are by providing necessary cybersecurity functionality and by providing customers with the cybersecurity-related information they need. This publication describes recommended activities related to cybersecurity that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices.
・2020.05.29 (PUBLICATIONS) NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline
・[PDF] NISTIR 8259A
Supplemental Material:
・[web] Federal Profile of NISTIR 8259A
・[web] NIST Cybersecurity for IoT Program
・[web] Blog post
・[web] Video overview of NIST recommendations
Abstract
Device cybersecurity capabilities are cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software). This publication defines an Internet of Things (IoT) device cybersecurity capability core baseline, which is a set of device capabilities generally needed to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems. The purpose of this publication is to provide organizations a starting point to use in identifying the device cybersecurity capabilities for new IoT devices they will manufacture, integrate, or acquire. This publication can be used in conjunction with NISTIR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers.
■ 参考
● まるちゃんの情報セキュリティ気まぐれ日記
・2020.02.06 NISTがIoT機器製造者向けセキュリティの実践資料のドラフト(Ver.2)を公開していますね。。。
Recent Comments