Draft NIST IR 8259 D 1 2 Profile Using the IoT Core Baseline and 3 Non-Technical Baseline for the Federal 4 Government 5 6 7 Michael Fagan 8 Jeffre y Marron 9 Kevin G. Brady, Jr. 10 Barbara B. Cuthill 11 Katerina N. Megas 12 Rebecca Herold 13 14 This publication is available free of charge from: 15 https://doi.org/10.6028/ NIST.IR.8259D -draft 16 17 18 19 20 Draft NISTIR 8259 D 21 22 Profile Using the IoT Core Baseline and 23 Non-Technical Baseline for the Federal 24 Government 25 26 Michael Fagan 27 Jeffre y Marron 28 Kevin G. Brady, Jr. 29 Barbara B. Cuthill 30 Katerina N. Megas 31 Applied Cybersecurity Division 32 Information Technology Laboratory 33 34 Rebecca Herold 35 The Privacy Professor 36 Des Moines, IA 37 38 This publication is available free of charge from: 39 https://doi.org/10.6028/ NIST.IR.8259D -draft 40 December 2020 41 42 43 44 45 U.S. Department of Commerce 46 Wilbur L. Ross, Jr., Secretary 47 48 National Institute of Standards and Technology 49 Walter Copan , NIST Director and Under Secretary of Commerce for Standards and Technology 50 National Institute of Standards and Technology Interagency or Internal Report 8259D 51 30 pages (December 2020 ) 52 This publication is available free of charge from: 53 https://doi.org/10.6028/ NIST.IR.8259D -draft 54 55 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 56 experimental procedure or concept adequately. Such identification is not inte nded to imply recommendation or 57 endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best 58 available for the purpose. 59 There may be references in this publication to other publications currently under development by NIST in accordance 60 with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, 61 may be used by f ederal agencies even before the completion of such companion publications. Thus, u ntil each 62 publication is completed, current requirements, guideline s, and procedures, where they exist, remain operative. For 63 planning and transition purposes, federal agencies may wish to closely follow the development of these new 64 publications by NIST. 65 Organizations are encouraged to review all draft publications during public comment periods and provide feedback to 66 NIST. Many NIST cybersecurity publications , ot her than the ones noted above, are available at 67 https://csrc.nist.gov/publications . 68 69 70 71 72 73 Public comment period: December 15, 2020 through February 26 12, 2021 National Institut e of Standards a nd Technology Attn: App lied Cybers ecurity Division, Informati on Technology Laboratory 100 Bur eau Driv e (Mail Stop 2000) Gaithersburg, MD 20899 -2000 Email: iotsecurity@nist.gov All comments are subject to releas e under the Freedom of Information Act (FOIA). 74 75 NISTIR 8259D (DRAFT) PROFILE OF THE IOT CORE BASELINE FOR THE FEDERAL GOVERNMENT ii Reports on Computer Systems Technology 76 The Information Technology Laboratory (ITL) at the National Institute of Standards and 77 Technology (NIST) promotes the U.S. economy and public welfare by providing technical 78 leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test 79 methods, reference data, proof of concept implementations, and technical analyses to advance the 80 development and productive use of information technology. ITL’s respons ibilities include the 81 development of management, administrative, technical, and physical standards and guidelines for 82 the cost -effective security and privacy of other than national s ecurity -related information in f ederal 83 informa tion systems. 84 Abstract 85 The NISTIR 8259 series provide general guidance on how manufacture