Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Advocate I
‎05-14-2025 11:48 AM
‎05-14-2025 11:48 AM

Five Years Later: Evolving IoT Cybersecurity Guidelines

Dear All,

 

The Background…and NIST’s Plan for Improving IoT Cybersecurity

The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers, spanning pre-market and post-market, to help them develop products that meet their customers’ needs and expectations for cybersecurity.


Five Years Later: Evolving IoT Cybersecurity Guidelines

 

Looking forward, what emerging trends or technologies do you believe will have the most significant impact on the evolution of IoT cybersecurity guidelines and practices in the next five years? Think about areas like AI, edge computing, and new communication protocols.


Share your perspectives and insights. Let's learn and explore together!

 

 

 

Kyaw Myo Oo
Information Security Officer , CB BANK PCL
CCIE #58769 | CISSP | CRISC | PMP | CCSM | SAA-C03 | PCNSE
https://www.linkedin.com/in/kyaw-myo-oo/
Reply
0 Kudos
4 Replies
Steve-Wilme
Advocate II
‎05-15-2025 04:28 AM
‎05-15-2025 04:28 AM

There is a lot more information available on IoT security now than in the past:

NISR SP800-213A

ETSI EN 303 645

ENISA WP2017 baseline security recommendations for IoT

It would also be worth looking at the PSTI regulations on IoT goods for resale.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
Kyaw_Myo_Oo
Advocate I
‎05-15-2025 08:19 AM
‎05-15-2025 08:19 AM

This is very informative. Thank you for sharing your time and expertise on this topic @Steve-Wilme.

I'm eager to hear more insights from other members of the group.

 

 

Kyaw Myo Oo
Information Security Officer , CB BANK PCL
CCIE #58769 | CISSP | CRISC | PMP | CCSM | SAA-C03 | PCNSE
https://www.linkedin.com/in/kyaw-myo-oo/
Reply
0 Kudos
akkem
Contributor III
‎05-15-2025 09:04 AM
‎05-15-2025 09:04 AM

Core threats are often overlooked due to the rush to adopt advanced technologies and dominate the market. Issues like default or weak credentials, lack of firmware updates, insecure settings, absence of lifecycle policies, and supply chain risks need review to secure systems.
CIS benchmarks and NISTIR8259 offer guidance on secure design, develop, and sale of IoT devices.
Reply
Caute_cautim
Community Champion
‎05-18-2025 01:42 AM
‎05-18-2025 01:42 AM

@Kyaw_Myo_Oo   Well, I will add to the mix, the advent of Smart Cities - IoT, OT, SDN, and how to architect trust zones using zero trust principles and applying architectural approaches to protecting both consumers and cities whilst Post Quantum Cryptography marches towards us especially from an Australian Government context.   Can NIDS and NIPS scope with the influx of IoT related events and safely determine threats or do we need to apply Blockchain and Quantum technology approaches along with automation and AI to assist threat analyst?

 

Regards

 

Caute_Cautim

Reply