The National Institute of Standards and Technology ('NIST') Cybersecurity for the Internet of Things ('IoT') program announced the publication, on 17 June 2022, of the draft NIST Internal Report ('NISTIR') 8425, titled 'Profile of the IoT Core Baseline for Consumer IoT Products', and, on 21 June 2022, of a discussion essay titled 'Ideas for the Future of IoT Cybersecurity at NIST: IoT Risk Identification Complexity'.

In particular, NISTIR 8425 recalls the consumer IoT cybersecurity criteria from NIST's February 2022 white paper on Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products, and incorporates such criteria into the family of NIST's IoT cybersecurity guidance. Also, NISTIR 8425 documents the cybersecurity capabilities commonly needed for the consumer IoT sector, and discusses the foundations to developing NIST's recommended consumer profile.

Furthermore, with regard to the discussion essay, it explores the topic of risk identification in IoT, and outlines key questions to address risks for IoT devices.

You can read the press release here, NISTIR 8425 here, and the discussion essay here.