Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add NIST CSWP 33 #2599

Merged
merged 1 commit into from
Apr 4, 2024
Merged

Add NIST CSWP 33 #2599

merged 1 commit into from
Apr 4, 2024

Conversation

cpholguera
Copy link
Collaborator

@cpholguera cpholguera commented Apr 4, 2024

NIST CSWP 33 (Initial Public Draft)

Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers

See https://csrc.nist.gov/pubs/cswp/33/product-development-cybersecurity-handbook/ipd

Abstract: As interest in Internet of Things (IoT) technologies has grown, so have concerns and attention to cybersecurity of the newly network-connected products and services offered in many sectors, including energy services, water/waste-water services, automobiles, consumer electronics, and government. This Product Development Cybersecurity Handbook will describe concepts important to developing and deploying secure IoT products for any sector or use case, including discussion of IoT Product architecture, deployment, roles and cybersecurity perspectives. This publication extends and elaborates on NIST’s prior work related to development of IoT products. In addition to discussing the concepts, this publication also demonstrates their application and discusses how satisfaction of cybersecurity in IoT products can be approached.

The mobile application [...] may be developed utilizing resources like the Secure Software Development Framework (SSDF), NIST SP 800-218. In addition, standards like the OWASP Mobile Application Security Verification Standard (MASVS) can help assess whether the mobile application’s design and features satisfies cybersecurity outcomes.

Third-party tools may be more common or robust in other sectors or use cases, but approaches for cybersecurity remain similar. For example, industrial customers may have software developed for their specific environment to manage their IoT and other digital products, but that software could still be verified against standards like OWASP’s MASVS while the developer uses tools like the SSDF.

@cpholguera cpholguera self-assigned this Apr 4, 2024
@cpholguera cpholguera requested a review from sushi2k April 4, 2024 09:20
@cpholguera cpholguera merged commit 8b8e808 into master Apr 4, 2024
6 of 7 checks passed
@cpholguera cpholguera deleted the add-NIST-CSWP-33 branch April 4, 2024 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants