For the First Time in the Private Sector: NIST Publishes a New Draft That Provides Cybersecurity Guidance for Securing IoT to Private Businesses

The National Institute of Standards and Technology (“NIST”) released a new draft of Security and Privacy Controls for Information Systems and Organizations (“Draft”).

Before the Draft was released, all former NIST’s cybersecurity guidance publications had been relevant only to public agencies.

However, and for the first time, this Draft sets forth cybersecurity guidance for securing the “Internet of Things” (“IoT”) to the private sector as well.

The Draft attempts to provide a unified information security framework and elaborates on both technical and procedural safeguards in order to protect the privacy of individuals and organizations; systems and devices.

Since the crux of the Draft is to improve privacy protections, it aims to limit unnecessary or irrelevant exposure to diverse types of personal information.

The Draft addresses, via security and privacy controls, a variety of issues; hostile cyber-attacks, human errors, natural disasters, etc.

The Draft also describes the appropriate way to develop specialized sets of controls for specific types of businesses and technologies. In addition, the Draft points out the necessity to address security issues from functionality as well as assurance perspectives.

If your company considers using IoT, we highly recommend you reviewing the Draft.