Skip to content

Add NIST CSWP 33#2599

Merged
cpholguera merged 1 commit into
masterfrom
add-NIST-CSWP-33
Apr 4, 2024
Merged

Add NIST CSWP 33#2599
cpholguera merged 1 commit into
masterfrom
add-NIST-CSWP-33

Conversation

@cpholguera

@cpholguera cpholguera commented Apr 4, 2024

Copy link
Copy Markdown
Collaborator

NIST CSWP 33 (Initial Public Draft)

Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers

See https://csrc.nist.gov/pubs/cswp/33/product-development-cybersecurity-handbook/ipd

Abstract: As interest in Internet of Things (IoT) technologies has grown, so have concerns and attention to cybersecurity of the newly network-connected products and services offered in many sectors, including energy services, water/waste-water services, automobiles, consumer electronics, and government. This Product Development Cybersecurity Handbook will describe concepts important to developing and deploying secure IoT products for any sector or use case, including discussion of IoT Product architecture, deployment, roles and cybersecurity perspectives. This publication extends and elaborates on NIST’s prior work related to development of IoT products. In addition to discussing the concepts, this publication also demonstrates their application and discusses how satisfaction of cybersecurity in IoT products can be approached.

The mobile application [...] may be developed utilizing resources like the Secure Software Development Framework (SSDF), NIST SP 800-218. In addition, standards like the OWASP Mobile Application Security Verification Standard (MASVS) can help assess whether the mobile application’s design and features satisfies cybersecurity outcomes.

Third-party tools may be more common or robust in other sectors or use cases, but approaches for cybersecurity remain similar. For example, industrial customers may have software developed for their specific environment to manage their IoT and other digital products, but that software could still be verified against standards like OWASP’s MASVS while the developer uses tools like the SSDF.

@cpholguera cpholguera self-assigned this Apr 4, 2024
@cpholguera cpholguera requested a review from sushi2k April 4, 2024 09:20
@cpholguera cpholguera merged commit 8b8e808 into master Apr 4, 2024
@cpholguera cpholguera deleted the add-NIST-CSWP-33 branch April 4, 2024 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants