Security and Connectivity for the IoT Edge

+1 978-264-6600

Menu

IoT Cybersecurity Improvement Act 2020 – Business Perspective

Home / IoT Cybersecurity Improvement Act / IoT Cybersecurity Improvement Act – DOCUMENT LIST

Let's Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.

Let's Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.

IoT Cybersecurity Improvement Act – DOCUMENT LIST

The following pulls together a single list of Government owned documents related to the IoT
Cybersecurity Act of 2020. It is important to note this is not an exhaustive list of all documents
referenced as those not owned by the government are not included in the lists below (e.g.
International Organization of Standardization – ISO, AgeLight Digital Trust Advisory Group,
CTIA, others). While many documents outside Government owned assets are not included, the
list below provides significant material to ingest and digest as it relates to the IoT Cybersecurity
Improvement Act of 2020.

Please note, standards and specifications are living documents and as a matter of principle, are
updated to reflect needed changes or revisions. When referencing a specific document, it is
always worth checking to see if a newer version has become available or supersedes the one
referenced. We have made ever effort to keep the list up to date, however we cannot guarantee
its accuracy over time.

The list is also broken into two factions: PRIMARY and SECONDARY. The PRIMARY list
includes links to the House Resolution/Cybersecurity Law and the six documents referenced
within it. The SECONDARY list provide links to supporting documentation.

PRIMARY

Title/Link Description
H.R. 1668 IoT Cybersecurity Improvement Act of 2020
NISTIR 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers
NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline
NISTIR 8259B (DRAFT) IoT Non-Technical Supporting Capability Core Baseline
NISTIR 8259C (DRAFT) Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline
NISTIR 8259D (DRAFT) Profile Using the IoT Core Baseline and Non-Technical Baseline for the Federal Government
SP 800-213 (DRAFT) IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements

SECONDARY

Title/Link

Description

NISTIR 7289

The Role of Standards in Product Lifecycle Management Support

NISTIR 8228

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

NIST CMVP

Cryptographic Module Validation Program CMVP

FIPS 140-2 References

CMVP FIPS 140-2 Standards and Documents

FIPS 140-3 References

CMVP FIPS 140-3 Standards and Documents

Catalog

IoT Device Cybersecurity Requirement Catalogs

White Paper

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

White Paper

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1

White Paper

NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0

SP 800-181

Workforce Framework for Cybersecurity (NICE Framework)

SP 800-160 Vol.1

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

SP 800-160 Vol.2

Developing Cyber Resilient Systems: A Systems Security Engineering Approach

SP 800-128

Guide for Security-Focused Configuration Management of Information Systems

SP 800-82 R2

Guide to Industrial Control Systems (ICS) Security

SP 800-60 R1

Guide for Mapping Types of Information and Information Systems to Security Categories

SP 800-56A R3

Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography

SP 800-53 R5

Security and Privacy Controls for Information Systems and Organizations

SP 800-40 R3

Security and Privacy Controls for Information Systems and Organizations

SP 800-39

Manage Information Security Risk

SP 800-37 R2

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

SP 800-30 R1

Guide for Conducting Risk Assessments

SP 800-18 R1

Guide for Developing Security Plans for Federal Information Systems

SP 1500-201

Framework for Cyber-Physical Systems: Volume 1, Overview

Version 1.0

The complete list of documents can be downloaded here.

Customized Cryptography Solutions for Medical IoT Industry

One of the world’s leading medical technology companies required sophisticated cryptography solutions for their connected hospital beds.

Allegro Software Expands IoT Edge Framework with Support for TLS 1.3

Allegro Software Expands IoT Edge Framework with Support for TLS 1.3 Securing IoT edge devices with the latest advanced data-in-motion encryption standard for TLS BOXBOROUGH, MA and SAN FRANCISCO, CA February 24, 2020 - At the RSA® Conference 2020 in San Francisco,...

Allegro Software Announces TLS API Compatibility Layers to Speed IoT Development with TLS v1.3 and FIPS 140-2

Allegro Software Announces TLS API Compatibility Layers to Speed IoT Development with TLS v1.3 and FIPS 140-2 API compatibility with ARM’s Mbed TLS and OpenSSL provides developers with access to latest TLS v1.3 and FIPS Validated Cryptography BOXBOROUGH, MA and SAN...

Best Practices for Managing IoT Related Risks

Allegro’s “Best Practices” document addresses the topic of IoT security related risks by taking a closer look at Critical Requirements and Functional Implementation.

7 Key Elements of Proactive IoT Security

All types of Internet of Things (IoT) devices are under attack. They are routinely recruited as unwitting members of botnets used for Distributed Denial of Service (DDOS) attacks, hosting various malware, and extracting sensitive data. Why are hackers drawn to these...

Open Source Issues in Mergers and Acquisitions

Open Source Issues in Mergers & Acquisitions In a merger or acquisition in which a technology company is the target, the target company’s software is often a material – and perhaps even the principal – asset of the deal. Often, this software was developed using...
Our Resources

Partnering with IoT Security Experts

Download Allegro’s Playbook

  • This field is for validation purposes and should be left unchanged.

Contact Us Today

  • This field is for validation purposes and should be left unchanged.