[Suit] Call for Public Comment on NISTIR 8259

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Thu, 19 September 2019 21:25 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 329A812018D for <suit@ietfa.amsl.com>; Thu, 19 Sep 2019 14:25:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZzedIOMfr1wP for <suit@ietfa.amsl.com>; Thu, 19 Sep 2019 14:24:57 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02on2135.outbound.protection.outlook.com [40.107.89.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AC1312006A for <suit@ietf.org>; Thu, 19 Sep 2019 14:24:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q8MUm0hZTsjhK5tMalblocRMjktB0cwJHu/8gr1C07eep7HXHDJaizVmfHKACWSvfwz3X+Qi5oakJ4qod8ltlXDFBYo/pQdLhf+cdVLxKXT4CK4R/ahoaMzeX7neBoT/CMOboxcJLTkn8OxHVHu6S7uFVWOvv+Bsltth7uPpHjIzASTwM4MTxPKVbN/ZuI1dVOts3pb+/QI1lgfYEEPrwKbAD1uFPspmOF+a/qcGZLDLD4kwJQgSLFRTNOm6L7VjkZxj17kYg20u/NXeBh0FKZ1hWsSQQPFXZZdZGF3+5iDyBEvrJn8xU99sf7+imNkHgr/U4angS4HvNd4NYJe/yQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eOtPlpHFD0n1jS/G//TDMdRict41g95W/22weMzzeKo=; b=QeEtj34aaYl6W6GFAiOBSpdJOfux8QiR7KI0K2aeJyxYQn9o53Z63CNcuEdM4u+yopOhoeBsqw8zhVc+3UQ0eKUnhBT4DBvX08L5KXakRPGzVsglLkt0ZvWxAc+al+787S67Q/w7z49rfCdOHXC/091EomTECEJMcCcy4R6IVyKw8B8BPEqP/HjMuTvyTpNdDBnqtqWNPmqf3vi99SbpxxiSReGIx3RNcpfuHCEGwoIERWWF4+TxvX008mRULvTz/uf3N31UGf0iqtqdpWPkLtkteZvjs2G4LBlwzzOIABdMWnQAKZneo4dw4tyA2piGAf3qcA9U7Z3IY4p0RxoxkQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eOtPlpHFD0n1jS/G//TDMdRict41g95W/22weMzzeKo=; b=hDlWTJO8+hxG2Ij7hiEnFllfCgENnpS41R3sUMdzo6Xb0+yFZiCy/P5hEcMDgoYndZqSAKLVd2GUoMdmlfEEPKRdBeH6a4nb54DSb6uPyljf3v9kXw0T2cJw49ZfXhiX3anrQ8YJumzaIB3GF0HvoPYtOfHoE5LjsatC1BmY8Aw=
Received: from BN7PR09MB2819.namprd09.prod.outlook.com (52.135.242.24) by BN7PR09MB2627.namprd09.prod.outlook.com (52.135.242.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.19; Thu, 19 Sep 2019 21:24:55 +0000
Received: from BN7PR09MB2819.namprd09.prod.outlook.com ([fe80::c817:c00a:999f:3996]) by BN7PR09MB2819.namprd09.prod.outlook.com ([fe80::c817:c00a:999f:3996%3]) with mapi id 15.20.2263.023; Thu, 19 Sep 2019 21:24:55 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: Call for Public Comment on NISTIR 8259
Thread-Index: AdVvL/buvkdFqh+nRxSwrO6Tx2yzog==
Date: Thu, 19 Sep 2019 21:24:55 +0000
Message-ID: <BN7PR09MB2819E9259203F03CBD830DA2F0890@BN7PR09MB2819.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov;
x-originating-ip: [129.6.231.3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7341baac-72b7-4b2f-de15-08d73d47d0e7
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BN7PR09MB2627;
x-ms-traffictypediagnostic: BN7PR09MB2627:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BN7PR09MB26277DC3DC757A4FEB246F0DF0890@BN7PR09MB2627.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 016572D96D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(396003)(39860400002)(346002)(136003)(199004)(189003)(8676002)(86362001)(55016002)(14444005)(9686003)(1730700003)(6436002)(66446008)(81166006)(66066001)(81156014)(66476007)(66556008)(8936002)(25786009)(76116006)(64756008)(71190400001)(52536014)(2351001)(66574012)(71200400001)(33656002)(186003)(26005)(7736002)(6116002)(7696005)(790700001)(102836004)(6306002)(486006)(99286004)(5640700003)(66946007)(256004)(476003)(14454004)(966005)(478600001)(3846002)(54896002)(2906002)(236005)(5660300002)(2501003)(6506007)(6916009)(74316002)(316002)(606006); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR09MB2627; H:BN7PR09MB2819.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: lbEScC7MBppuKQNPKVXHOd9KsuV5MRBoNbJ5I8rO2FuJTZLQ+VJlRmXNS+/1haExBhG/5dhV/G4LZwglpAs//Njl7DUdCMqKNlo1rDJQStY+yJZPzr24HOQJrA1ArVk9/+m5k2o9HQ3lzKh83ytFktOlMEZ8AROJrD8iyXcjnUz6jATGeNAWHI+oq3aTnYvPJjHG7f6JHiEx8tmj84SXP6HO1FZU7y501hLlZDJtLashhA0ITFWRAN8hG3CuIQvgO6tqm8I4f/E7FR49yVLcg7OV3jMW+GbdNW6FUfoygT3HrpXuh9Shzf6tWvXeWs2coajTibpZoo/1ZMUtjBcnZl7Hi+aNoSZi5J6fvcKYjnlvlwC9wf3rH0noWqrF1Z84t2kXKqjxLcn4AYHy2XR7p0j6Bi/MY67jvcbpWgrUUPU=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN7PR09MB2819E9259203F03CBD830DA2F0890BN7PR09MB2819namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 7341baac-72b7-4b2f-de15-08d73d47d0e7
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 21:24:55.2153 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ns/FrXti2rVqADub0dwqJB9LYWcioTtU2+BruFemYwMLwjs+V0IV5juZNyvwKlhK5EjUFisqx+2uTxr8jklFtA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR09MB2627
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Q-qlqclidpzMMbfWWV1uzIPOXLo>
Subject: [Suit] Call for Public Comment on NISTIR 8259
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 21:25:00 -0000

NIST has published draft NISTIR 8259 for public comment.

https://csrc.nist.gov/publications/detail/nistir/8259/draft

Here is the original announcement:

Manufacturers are creating an incredible variety and volume of Internet of Things (IoT) devices. Manufacturers need to understand the cybersecurity risks their customers face so IoT devices can provide cybersecurity features that make them at least minimally securable by the individuals and organizations who acquire and use them. This approach can help lessen the cybersecurity-related effort needed by customers, which in turn should reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised IoT devices.

This draft publication defines a core baseline of cybersecurity features that manufacturers may voluntarily adopt for IoT devices they produce. It also provides information on how manufacturers can identify and implement features beyond the core baseline most appropriate for their customers. Draft NISTIR 8259 builds upon NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks<https://csrc.nist.gov/publications/detail/nistir/8228/final>al>.

A public comment period for this draft document is open until September 30, 2019.

If you have comments on this draft, please send them to iotsecurity@nist.gov<mailto:iotsecurity@nist.gov>.

Thank you,
Dave