Endpoint Security , Internet of Things Security , NIST Standards

NIST's IoT Guidance: A Look at the Draft

Kat Megas Describes Effort to Help Safeguard Devices
Kat Megas, program manager, NIST's Cybersecurity for IoT Program

The U.S. federal government is increasingly using IoT devices for across its agencies, but that has also raised concerns about security.

See Also: OnDemand | Protect and Govern Sensitive Data

For example, the government is using drones to inspect the outside of buildings and also is implementing IoT smart controls for buildings, says Kat Megas, program manager for the National Institute of Standards and Technology’s Cybersecurity for IoT Program.

The use of IoT devices presents a variety of risks. For example, the devices could become infected as part of a botnet or could be targeted for ransom extortion campaigns, she says.

In December, the Internet of Things Cybersecurity Improvement Act was enacted, and NIST published drafts of four documents that are designed to provide guidance for the federal government and IoT manufacturers (see First Federal IoT Security Legislation Becomes Law).

Megas says the documents, which define core baseline security requirements for IoT devices, are open for public comments through February.

In this video interview, Megas discusses:

  • How the federal government is using IoT;
  • NIST’s role in carrying out the Internet of Things Cybersecurity Improvement Act;
  • How NIST is working with private industry.

Megas is program manager for NIST's Cybersecurity for IoT Program. Her experience includes custom software development, systems integration and deploying enterprise technologies such as identity and access management systems, public key infrastructure and digital and electronic signature applications.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.