Security and Connectivity for IoT Devices

Menu

IoT Cybersecurity Improvement Act 2020 – Business Perspective

Home / IoT Cybersecurity Improvement Act / IoT Cybersecurity Improvement Act – DOCUMENT LIST

Let's Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.

Let's Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.

IoT Cybersecurity Improvement Act – DOCUMENT LIST

The following pulls together a single list of Government owned documents related to the IoT
Cybersecurity Act of 2020. It is important to note this is not an exhaustive list of all documents
referenced as those not owned by the government are not included in the lists below (e.g.
International Organization of Standardization – ISO, AgeLight Digital Trust Advisory Group,
CTIA, others). While many documents outside Government owned assets are not included, the
list below provides significant material to ingest and digest as it relates to the IoT Cybersecurity
Improvement Act of 2020.

Please note, standards and specifications are living documents and as a matter of principle, are
updated to reflect needed changes or revisions. When referencing a specific document, it is
always worth checking to see if a newer version has become available or supersedes the one
referenced. We have made ever effort to keep the list up to date, however we cannot guarantee
its accuracy over time.

The list is also broken into two factions: PRIMARY and SECONDARY. The PRIMARY list
includes links to the House Resolution/Cybersecurity Law and the six documents referenced
within it. The SECONDARY list provide links to supporting documentation.

PRIMARY

Title/Link Description
H.R. 1668 IoT Cybersecurity Improvement Act of 2020
NISTIR 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers
NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline
NISTIR 8259B (DRAFT) IoT Non-Technical Supporting Capability Core Baseline
NISTIR 8259C (DRAFT) Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline
NISTIR 8259D (DRAFT) Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government
SP 800-213 (DRAFT) IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements

SECONDARY

Title/Link

Description

NISTIR 7289

The Role of Standards in Product Lifecycle Management Support

NISTIR 8228

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

NIST CMVP

Cryptographic Module Validation Program CMVP

FIPS References

CMVP FIPS Standards and Documents

FIPS 140-3 References

CMVP FIPS 140-3 Standards and Documents

Catalog

IoT Device Cybersecurity Requirement Catalogs

White Paper

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

White Paper

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1

White Paper

NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0

SP 800-181

Workforce Framework for Cybersecurity (NICE Framework)

SP 800-160 Vol.1

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

SP 800-160 Vol.2

Developing Cyber Resilient Systems: A Systems Security Engineering Approach

SP 800-128

Guide for Security-Focused Configuration Management of Information Systems

SP 800-82 R2

Guide to Industrial Control Systems (ICS) Security

SP 800-60 R1

Guide for Mapping Types of Information and Information Systems to Security Categories

SP 800-56A R3

Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography

SP 800-53 R5

Security and Privacy Controls for Information Systems and Organizations

SP 800-40 R3

Security and Privacy Controls for Information Systems and Organizations

SP 800-39

Manage Information Security Risk

SP 800-37 R2

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

SP 800-30 R1

Guide for Conducting Risk Assessments

SP 800-18 R1

Guide for Developing Security Plans for Federal Information Systems

SP 1500-201

Framework for Cyber-Physical Systems: Volume 1, Overview

Version 1.0

The complete list of documents can be downloaded here.

IoMT Devices Security: Ensuring Patient Safety & Privacy

Dive into the critical aspect of securing Internet of Medical Things (IoMT) devices, a cornerstone of healthcare innovation, in our insightful article by Loren Shade on embeddedcomputing.com. This article sheds light on the unique risks that IoMT devices face,...

Securing the Future of Healthcare: IoMT Device Protection

Explore the IoMT risks associated with medical devices and the countermeasures IoMT device manufacturers can take to ensure patient safety and privacy in our guest article written by Loren Shade on embeddedcomputing.com. Read the Article Allegro highlights the...

Allegro Software Wishes You Happy Holidays

Allegro Software wishes you a Happy Holidays and a wonderful New Year. We appreciate your support and look forward to serving you in 2024. Our team will be monitoring emails and inquiries throughout the holidays, please reach out if you have questions or need...

Best Practices for Managing IoT Related Risks

Allegro’s “Best Practices” document addresses the topic of IoT security related risks by taking a closer look at Critical Requirements and Functional Implementation.

7 Key Elements of Proactive IoT Security

All types of Internet of Things (IoT) devices are under attack. They are routinely recruited as unwitting members of botnets used for Distributed Denial of Service (DDOS) attacks, hosting various malware, and extracting sensitive data. Why are hackers drawn to these...

Open Source Issues in Mergers and Acquisitions

Open Source Issues in Mergers & Acquisitions In a merger or acquisition in which a technology company is the target, the target company’s software is often a material – and perhaps even the principal – asset of the deal. Often, this software was developed using...
Our Resources
FIPS Validation: The Key to Medical Device Security

FIPS Validation: The Key to Medical Device Security

FIPS validation is crucial for securing medical devices, a key concern for healthcare technology. Get key insights on IoMT requirements for implementing cryptography and more on Embedded Computing Design. This insightful article delves into the importance of adhering...

read more

Partnering with IoT Security Experts

Download Allegro’s Playbook

  • This field is for validation purposes and should be left unchanged.

Contact Us Today

  • This field is for validation purposes and should be left unchanged.