The federal government’s standards agency has released a document to help protect internet of things users as well as their data and networks.
Developed by the National Institute of Standards and Technology Cybersecurity for IoT Program, the new “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks” took over two years to create and involved engagement with the public, the agency said.
The new guidance is mainly for federal agencies and other large entities implementing IoT devices into their workplace. It provides advice with three high-level risk mitigation goals: protect device security, secure data and safeguard individuals’ privacy.
“The report is mainly for any organization that is thinking about security on the level of the NIST Cybersecurity Framework,” said Mike Fagan, a NIST computer scientist and one of the authors of the report, in a statement. “It’s targeted at the mode of thinking that an organization would have — more resources, more people, more ability, but also more risk of attack because of all those things. It’s bad when a single house is attacked, but if a million bank account passwords are stolen, that has a much larger impact.”