Date Published: September 30, 2025
Comments Due:
Email Questions to:
Planning Note (11/13/2025):
The public comment period has been extended through December 10, 2025.
Author(s)
Michael Fagan (NIST), Katerina Megas (NIST), Barbara Cuthill (NIST), Jeffrey Marron (NIST), Brad Hoehn (HII)
Announcement
This document describes recommended activities related to cybersecurity for manufacturers, spanning pre-market and post-market, to help them develop products that meet their customers’ needs and expectations for cybersecurity. This second public draft builds on changes made in the first draft and responds to feedback primarily in:
- Splitting and adding activities to better focus attention on each separate critical activities
- Expanding emphasis on risk assessment and threat modeling as key parts of the development process
- Expanding the connection to other references and make connection of this document to other work more explicit
We encourage sending emailed comments to [email protected] and look forward to hearing from you.
Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing necessary cybersecurity functionality and by providing customers with the cybersecurity-related information they need. This publication describes recommended activities related to cybersecurity that manufacturers should consider performing before their IoT products are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of compromises.
Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing necessary...
See full abstract
Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing necessary cybersecurity functionality and by providing customers with the cybersecurity-related information they need. This publication describes recommended activities related to cybersecurity that manufacturers should consider performing before their IoT products are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of compromises.
Hide full abstract
Keywords
cybersecurity risk; Internet of Things (IoT); manufacturing; risk management; risk mitigation; securable computing devices; software development
Control Families
None selected