The National Institute for Standards and Technology (NIST) has recently issued an introductory document addressing the privacy risks involved with IoT. The Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks, aims to increase the awareness of federal agencies and related organizations concerning cybersecurity and privacy risks associated to IoT devices. NISTIR 8228 intends to serve as a baseline publication for risk mitigation for all kinds of IoT devices.
The Draft NISTIR 8228 highlights the risks that IoT devices entail as these devices interact differently with information systems compared to traditional IT devices. The Draft presents three risk mitigation goals for organizations:
- Protect device security by preventing devices from being used to conduct cyber-attacks.
- Protect data security by safeguarding the integrity, confidentiality, and availability of data handled by the device, including personally identifiable information (PII).
- Protect the privacy of individuals through PII processing.