Endpoint Security , Internet of Things Security , NIST Standards

NIST's IoT Guidance: A Look at the Draft

Kat Megas Describes Effort to Help Safeguard Devices
Kat Megas, program manager, NIST's Cybersecurity for IoT Program

The U.S. federal government is increasingly using IoT devices for across its agencies, but that has also raised concerns about security.

See Also: Live Webinar | Improve Cloud Threat Detection and Response using the MITRE ATT&CK Framework

For example, the government is using drones to inspect the outside of buildings and also is implementing IoT smart controls for buildings, says Kat Megas, program manager for the National Institute of Standards and Technology’s Cybersecurity for IoT Program.

The use of IoT devices presents a variety of risks. For example, the devices could become infected as part of a botnet or could be targeted for ransom extortion campaigns, she says.

In December, the Internet of Things Cybersecurity Improvement Act was enacted, and NIST published drafts of four documents that are designed to provide guidance for the federal government and IoT manufacturers (see First Federal IoT Security Legislation Becomes Law).

Megas says the documents, which define core baseline security requirements for IoT devices, are open for public comments through February.

In this video interview, Megas discusses:

  • How the federal government is using IoT;
  • NIST’s role in carrying out the Internet of Things Cybersecurity Improvement Act;
  • How NIST is working with private industry.

Megas is program manager for NIST's Cybersecurity for IoT Program. Her experience includes custom software development, systems integration and deploying enterprise technologies such as identity and access management systems, public key infrastructure and digital and electronic signature applications.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.