Late yesterday FedScoop published an article pointing out that NIST is pushing a holistic cybersecurity process for IoT.
The National Institute of Standards and Technology has released a draft document imploring the engineers of internet-connected technology to build security into their systems at every step of the process.
NIST Special Publication 800-160 covers everything from smartphones to industrial control systems, intended for anyone who designs, develops, builds, implements, organizes or sustains something related to the Internet of Things — or what the agency calls “cyber-physical systems.”
The publication, called Systems Security Engineering, Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, describes the paper in their abstract:
This publication addresses the engineering-driven actions necessary to develop more defensible and survivable systems—including the components that compose and the services that depend on those systems. It starts with and builds upon a set of well-established International Standards for systems and software engineering published by the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Institute of Electrical and Electronics Engineers (IEEE) and infuses systems security engineering techniques, methods, and practices into those systems and software engineering processes.
The ultimate objective is to address security issues from a stakeholder requirements and protection needs perspective and to use established engineering processes to ensure that such requirements and needs are addressed with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of the system.